Yesterday was a Hurricane Rita day for us here in Miami. No major storm damage and no work. So, where's the rant?
I had been unable to VPN into the office for a couple of weeks, so I thought I would experiment with the connection since no one was at the office. It's a pretty standard setup: SBS 2000 server with RRAS, 2 NICs and ISA; a Netopia 3346w from BellSouth with a DSL connection and 5 static IPs on the office end; and a D-Link DI-624 router connected to a Westell 6100 DSL router from BellSouth in bridged mode on the other.
The problem began about 2 weeks ago; before that, the VPN connections worked like butter. I was now getting an error 721 when attempting to establish a VPN connection. What had changed?
For starters, I had upgraded the firmware on the Netopia. No harm done there, right? Now, I wasn't so sure. I had also disabled a couple of ISA access policies that were not necessary -- nothing related to VPN. After searching the web, the problem seemed to be related to the GRE protocol 47 not being passed through the routers in one or both directions. The log files did not contain any error messages; the only solution I could find was to adjust the WAN NIC's MTU setting, which I tried, but did not work. Time to focus on the other side.
I had also upgraded the D-Link firmware. The new firmware added WPA2 and did not work any worse than the previous firmware, or so it seemed. I had not changed anything on my laptop, so my focus had to be the D-Link. Did WPA2 break VPN? Was the PPTP passthrough enabled? Did the inaccurate time on the router play a role? After checking everything I could think of, I downgraded the firmware and sure enough the VPN started working again. The time was also synchronizing again. Everything was back to square one on my end.
D-Link caused me all the headaches I encountered (or at least my trusting in their newest, non-beta firmware). Why do software vendors think they can release software that has bugs and not call it beta? Did D-Link do sufficient due diligence when testing this software? No.
Newsflash to D-Link: your 2.70 firmware for the DI-624 does not do PPTP passthrough correctly. Fix it or you will lose customers.
Tags: commentary, troubleshooting
No comments:
Post a Comment