Welcome to our new regular feature here at PracticallyNetworked, where we answer your questions. This week, columnist Joe Moran addresses issues with ad hoc wireless networks and explains why you can't VPN via your broadband satellite connection.
By Joseph Moran
Q. Iím trying to set up a peer-to-peer wireless network between two machines. One is running Windows 2000 Advanced Server with an ORiNOCO Gold card and the other is running Windows XP Professional with a Linksys card.
Although an icon in the status bar says Iím connected, I canít ping from one machine to the other. Any suggestions you have would be greatly appreciated.
A. Without more detailed information about your configuration, itís impossible to know exactly what problem you are experiencing. It is possible to be ďseeingĒ the wireless signal and still not have end-to-end IP connectivity. Any number of problems could be occurring, so weíll outline the most likely possibilities here.
Q. I am trying to use Nortel Extranet to connect to my companyís VPN, which uses IPsec. My ISP is DirecWay, which is a two-way satellite modem which connects to my PC via USB. I have no way to connect with a router. When I try to connect to the VPN from my PC, there is no response. I know the data is transmitted because the ISP says they can see my traffic. They said Iím having the problem because Iím not running a static IP address. Any suggestions?
A. Unfortunately, Iím afraid you may be out of luck. Like many ISPs (including cable, DSL, and satellite), DirecWayís consumer-oriented broadband service uses network address translation (NAT) to assign private, non-routable addresses to clients.
The problem isnít that your address is dynamically assigned. The problem is that your address is privateóthat is to say, not routable.
On a network where NAT is enabled, the source address of outgoing packets must be eventually replaced with a global IP address (usually that of the border router) so they can they can traverse the Internet.
IPsec encrypts the entire IP packet, including the source address header. When the packet leaves your network, its source address is changed, so the encryption checksum of the packet is modified. When the packet gets to your companyís VPN server, it fails authentication and is dropped.
Many broadband routers have the capability to pass through IPsec packets unaltered, allowing IPsec and NAT to coexist. As you pointed out though, this is not an option for you since your satellite-based gateway connects via USB rather than an Ethernet port.
I checked with DirecWay, and they offer a business-targeted version of the service which does provide a static, routable IP address. This would probably allow you to successfully connect to your companyís VPN.
However, DirecWay has a disclaimer on their site saying that users of IPsec-based VPNs should expect a 50-75% performance hit. This would yield speeds barely twice as fast as a dial-up modem. DirecWay wasnít specific as to the cause for the reduction in performance, other than to say that ďVPNs are not ideal for satellite connections.Ē
Some newer VPN products do have other technical methods for getting around the NAT problem. You might want to check with your companyís network administrator to see if there might the possibility of upgrading to one of them. The solution could be as simple as a more recent version of the VPN client software.
Use our feedback form to submit your questions on home or SOHO networking issues.† We can not guarantee to answer every question we get, but we'll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|