<%mainShowBanner("ciu") %>

<%mainShowBanner("CIU-FLEX(CIU-2)") %>

Peer-to-Peer Problems

Welcome to our new regular feature here at PracticallyNetworked, where we answer your questions. This week, columnist Joe Moran addresses issues with ad hoc wireless networks and explains why you can't VPN via your broadband satellite connection.

By Joseph Moran

Q. I’m trying to set up a peer-to-peer wireless network between two machines. One is running Windows 2000 Advanced Server with an ORiNOCO Gold card and the other is running Windows XP Professional with a Linksys card.

Although an icon in the status bar says I’m connected, I can’t ping from one machine to the other. Any suggestions you have would be greatly appreciated.

A. Without more detailed information about your configuration, it’s impossible to know exactly what problem you are experiencing. It is possible to be “seeing” the wireless signal and still not have end-to-end IP connectivity. Any number of problems could be occurring, so we’ll outline the most likely possibilities here.

1. Since you’re not using an access point, check and make sure both wireless network cards are in ad-hoc mode (used for peer-to-peer wireless connections)  rather than infrastructure mode (used when connecting to an access point).
   
   
2. Verify that all of the wireless configuration settings like the SSID, channel, etc., are correct and common to both cards.
   
   
3. Try turning off WEP encryption if it’s enabled. In spite of the standards, sometimes cards from different vendors have trouble communicating, particularly with WEP enabled. At the very least, ensure that WEP settings on both cards are set to that the same level, and that the cards are using identical encryption keys.
   
   
4. Double-check the IP settings of both machines to make sure they have been assigned addresses on the same subnet and share a subnet mask. It’s preferable to assign static IP addresses rather than using DHCP when the DHCP server is itself not a wireless device (as is the case here).
   
   
5. If nothing else works, ping the loopback address (127.0.0.1 or localhost) from both computers to make sure TCP/IP is working correctly on each machine -- in a DOS window type "ping 127.0.0.1" without the quotation marks. If you don’t get the correct response on one of the machines, try reloading the protocol.

Q. I am trying to use Nortel Extranet to connect to my company’s VPN, which uses IPsec. My ISP is DirecWay, which is a two-way satellite modem which connects to my PC via USB. I have no way to connect with a router. When I try to connect to the VPN from my PC, there is no response. I know the data is transmitted because the ISP says they can see my traffic. They said I’m having the problem because I’m not running a static IP address. Any suggestions?

A. Unfortunately, I’m afraid you may be out of luck. Like many ISPs (including cable, DSL, and satellite), DirecWay’s consumer-oriented broadband service uses network address translation (NAT) to assign private, non-routable addresses to clients.

The problem isn’t that your address is dynamically assigned. The problem is that your address is private—that is to say, not routable.

On a network where NAT is enabled, the source address of outgoing packets must be eventually replaced with a global IP address (usually that of the border router) so they can they can traverse the Internet.

IPsec encrypts the entire IP packet, including the source address header. When the packet leaves your network, its source address is changed, so the encryption checksum of the packet is modified. When the packet gets to your company’s VPN server, it fails authentication and is dropped.

Many broadband routers have the capability to pass through IPsec packets unaltered, allowing IPsec and NAT to coexist. As you pointed out though, this is not an option for you since your satellite-based gateway connects via USB rather than an Ethernet port.

I checked with DirecWay, and they offer a business-targeted version of the service which does provide a static, routable IP address. This would probably allow you to successfully connect to your company’s VPN.

However, DirecWay has a disclaimer on their site saying that users of IPsec-based VPNs should expect a 50-75% performance hit. This would yield speeds barely twice as fast as a dial-up modem. DirecWay wasn’t specific as to the cause for the reduction in performance, other than to say that “VPNs are not ideal for satellite connections.”

Some newer VPN products do have other technical methods for getting around the NAT problem. You might want to check with your company’s network administrator to see if there might the possibility of upgrading to one of them. The solution could be as simple as a more recent version of the VPN client software.

Use our feedback form to submit your questions on home or SOHO networking issues.  We can not guarantee to answer every question we get, but we'll consider them all.