VPN scenario 1 problems
So what are the common problems encountered with scenario 1 ?
- I can't establish a connection...
We have of course determined that the PCs at each end of the prospective connection are connected to the Internet! So what else can get in the way or our connection? Well, at the near end we can (and should) have outbound Firewalls in our PC and in the device through which we are connected to the Internet. If you are trying to connect from a hotel or an Internet Hot Spot outbound traffic is not likely to be hindered by a Firewall, so the problem is more likely associated with the inbound end.
Let's follow our connection request across the Internet; the first potential obstacle encountered is the Internet Gateway at the far end. The Firewall inherent to all residential Internet Gateways is by default closed to all unsolicited traffic (that is, traffic arriving at the Firewall which is not the result of a previous request). We must therefore ‘open' the ports used by the particular VPN protocol we are using (the TCP Port for PPTP is 1723 and for L2TP 1701).
Below is the ‘page' in one of my Internet Gateways which is used for ‘opening' ports.
I have opened port 1723 so I can connect using PPTP. Notice that associated with each port is also an IP address. This tells the Internet Gateway where to direct the traffic it receives at this port. Note that only unsolicited traffic needs to be directed. Traffic resulting from a previous request (for example, for a web page) will be returned to the computer which originated the request. Referring again to my Virtual Server table, I have defined ports 80 (HTTP) and 21 (FTP) although these are not currently open. These would be opened to host HTTP and FTP services and receive unsolicited requests from the internet.
Note also that in my particular Internet Gateway (which is very old) I must enter an IP address against a port and so it is preferred that the IP address is fixed, rather than allocated by DHCP. Newer Internet Gateways have DHCP Server and DNS features that enable the PC name to be entered into the Virtual Server table, rather than the IP address.
One final point; do not expect to be able to access your home PC from your corporate network at the office. Most corporate networks are shut down very tightly and the outbound Firewall will most likely not permit connections to an external network or computer where the security arrangements are unknown.
- I am connected but my connection is slow...
First we have to define ‘slow' because there are three parameters which influence speed.
The first parameter is bandwidth which is the amount of data which can flow through the connection, defined in Mb/s (Megabits per second). Most residential broadband lines are asymmetric; that is, downloading is allocated more bandwidth than uploading, which isn't a problem for the average user who is interested in downloading media files and loading web pages. A typical residential broadband connection may be 5 Mb/s download and 1.5 Mb/s upload but some are more asymmetric and may have upload speeds as low as 0.256 Mb/s. Bandwidth and asymmetry have a major effect on VPN because the connection will run at the slowest speed of the link. For example, if one end is 5/1.5 (5 Mb/s download and 1.5 Mb/s upload) and the other end is 1.5/0.256 the VPN connection will operate at 0.256Mb/s.
The second parameter influencing speed is latency, which in simple terms is the time taken to respond to a request. If we return to our ‘ping' tests we will notice that associated with each test is a time, in ms (milliseconds). When we ‘pinged' dell.com the average response time (latency) was 66 ms. If we ping an internal computer we will receive a response in less than 1 ms. The latency of a connection is influenced by the distance apart of the two ends and the number of Routers the data packet must navigate. Latency will have more effect on an interactive application (such as an on-line game or a Remote Desktop connection) than it will have on a file download. Satellite internet connections have a very high latency (500 ms) and this can be very disturbing to a user when initially encountered.
The third parameter is compression, which is a method of speeding up the flow of data by packing it more tightly. You may have noticed that some ISPs and manufacturers of Internet Gateways are offering something called ‘Turbo Boost' which ‘speeds up' your internet connection. Well, it will reduce download time for large files but it will increase latency because of the time taken for the compression algorithms to do their work. More importantly, compression will not operate on VPN packets, because they are ‘secured' from interference. Satellite Internet connections operate exclusively with high data compression so VPN connections via Satellite are very slow.
So, in summary, a VPN connection is inherently slower than your connection to the Internet.