DirecWay Satellite Connection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
:confused:

Does anyone know why I cannot log into my employers VPN network using my Direcway connection?

I have satellite internet with Direcway, and it works for everything else I do. But when I go to sign in at work, it says the remote computer is not responding... and I know it should be.

Why do I have a feeling I'm going to find out this is impossible to do??... lol I HATE dialing in.
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
This is all I can find.. in English anyone?


Q: Can I run a VPN over DIRECWAY Professional?
A: Running a VPN client over a satellite network is not an ideal configuration. Although most VPN clients will work, average download speeds with the VPN active will be reduced from typical DIRECWAY speeds by as much as 50 to 75 percent. When you need to access information from your corporate LAN you can enable your VPN client, keeping in mind that you will see a reduction in throughput. When the VPN session is finished simply disable your VPN client and enjoy the full speed of DIRECWAY while surfing the Internet.

At this time, HUGHES does not endorse or support any VPN products. Customers that run VPN products do so at their own risk and will not receive support from HUGHES regarding troubleshooting, configuring, optimizing, or maintaining a VPN connection. It is recommended to use a VPN client on a limited basis.

<< back to top

22 Q: Why does the service slow down when used in conjunction with a VPN?
A: Without consideration for the latency introduced by the path delay to geosynchronous communications satellites (in orbit above the earth’s equator at an altitude of 22,300 miles), high-speed Internet transmission would be difficult. Satellite service providers do however offer high-performance Internet access over satellites (like DIRECWAY) using sophisticated TCP/IP protocol processing and data acceleration algorithms. An IPSEC/VPN secure encrypted connection (IPSEC is the most widely used VPN technology in use) encapsulates the TCP/IP data (called tunneling) which renders useless these performance enhancement techniques. Hence the user’s speed is degraded.

Secure network architectures using satellite access requires a disciplined implementation and close coordination between the service provider and the corporate network customer. Have your IT or data network representative contact HNS re: these specialized services.
 
Joined
Aug 7, 2003
Messages
343
VPN Over direcway is problematic at best, due to the latency of the link ( the time from you to the satellite to the earthstation and to the other IP address) even if the other end of the VPN tunnel is on direcway, the satellite cannot 'route' the data, it has to go to the earthstation first. We use the european version of Direcway, even though all remote nets are on the same subnet (192.168.6.xxx) VPN links are not viable.
HOWEVER, the DW6000 uses a different satellite and protocols, rumour has it ( in europe at least) that the latency and satellite software is improved enough to unofficially allow VPN to work.
We currently encrypt all data using an implementation of PGP, as the data is time sensitive, any decription more than 2 hours old doesn't matter.
not tried the DW6000 yet but I have a new site install somewhere sandy happening soon, so if VPN works, i'll let you know.
Cheers,
10forcash
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
Well that's what I have- DW6000... theoretically, connecting to a VPN "should" work according to what I'm reading, but should have lagged speeds... even with lagged speeds wouldn't it still be faster than dial-up? So why can't I get it even to connect? Of course Direcway will not support any sort of VPN "officially" so calling my install guy won't help. Grr... I'm trying this question at some direcway "boards" I found online in hopes of finding an answer... this is making me crazy! I do not want to connect through dial up- it's so.. SO slow.. :(
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
mmmm I dont think so... seems we had different IP's when I had comcast... it would change now and then... and it never affected my VPN connection.
 
Joined
Aug 7, 2003
Messages
343
Is Comcast Satellite or xDSL / Cable ? The MTU on your VPN server may need to be increased to allow for the latency
Cheers,
10forcash
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
errr... it's Direcway... I don't have the option of comcast cable or dsl.. they aren't available in my area.... hence the satellite. I could always dial into the VPN through dial up.. but that's insanely slow... even with the latency, satellite would be faster than dial up. But it hasn't connected so far... perhaps because of the altency, the vpn server rejects me.. not sure...

*help!*
 
Joined
Aug 7, 2003
Messages
343
Yep, I know youre on Direcway, I was asking if comcast was satellite or cable to acertain if, assuming Comcast is satellite, your VPN link had ever worked over a high latency link
Cheers,
10forcash
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
ohhh. **slaps forehead**

No, the reference to Comcast was when I had cable... I moved though.. and now cable isn't available anymore. :(

VPN worked fine- GREAT in fact, on the cable link.
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
I had one other thought... and mind you.. I'm OBVIOUSLY not a networking guru... my employer uses Win 2000 for their VPN.. client.. or whatever.. (me no speak techie language!)

Just wondering if perhaps there is a setting that limits the amount of time I have to connect to the VPN... For instance... if the connection isn't made with 5 seconds, it would time out and boot me. ???? I get the error, "the remote computer has not responded" do you (or anyone) know if this is a possibility? Something they could potentially change?
 
Joined
Aug 7, 2003
Messages
343
VPN's do have timeouts, yes, however Direcway uses a fair bit of port redirection / blocking. Ask your sysadmin to check their VPN logs for errors relating to your attempted logons, giving them the date / times may make them more conducive to help, also, increasing your network MTU may help - but not too much!! Use something like Dr.TCP or similar, also try looking at www.copperhead.cc you may find more info on there
Cheers,
10forcash
 
Joined
Aug 7, 2003
Messages
343
Just found this,
Might not help much but it does explain the North American implementation of Direcway
Will VPN work over DirecWay ? :

Generally speaking, VPN will not work over 2-way residential service no mater who the dealer is. This is because the residential service offering does not come with a option for a Live IP. The IP address that is used is placed behind a Cisco Pix Firewall that does NAT (Network Address Translation). Most (if not all) VPN solutions require a live IP to be assigned to the host. When the VPN (ipsec or pptp) packets pass thru the NAT they are modified and as such are discard by the VPN server because they are modified. Now wait a minute you say. "Early on when the service just started I could do VPN"… Some NAT's (Cisco pix) have addressed this problem and allow a VPN connection to traverse across the NAT with the following limitations.

1. Only one VPN connection per VPN server.( I.E first person connects to a vpn server at 207.0.0.1. The second person tries to connect to the same vpn server at 207.0.0.1 would fail.

2.The NAT must not be doing PAT (Port Address Translation). This happens when the NAT has more clients using it that real IP address assigned to it.

When the 2-Way service was new the NAT had enough IP's so it didn't do PAT. Now that many people are using the service now it is mostly doing PAT. And a such VPN will not work.

Hughes (and I'll assume powered by) has the option for a Live IP on their Business accounts. To do this they have Gateways that are all Live IP's. Having this will let you do VPN but I will caution you that the performance of VPN over 2-way is low. This is because all of the optimization that Hughes does to minimize satellite latency is lost . I find that VPN over 2-way is about the same as 128 ISDN on receive and at best 33.6-28.8 dial up on return. As well not all VPN clients will install on a system with NAV as some modify the network adapter that it is bound to. Doing this breaks the Satellite USB NIC.
The following is a list of VPN client that I know work over 2-way Live IP.

Microsoft's PPTP
Cisco
Nortel's Extranet client
Indus River
Borderware Secure
PGP
Checkpoint does not work (use PGP as client for Checkpoint server)

The exception to the above is if the network you're trying to connect to supports "Nat Traversal". (Check with your network administrator to find out if this is supported.) Still, even if it does work the connection will be terribly slow due to satellite latency. Even if it does work for you, you might decide using a standard dial-up modem is faster for VPN.

Cheers,
10forcash
 

rocknchic

Thread Starter
Joined
Oct 20, 2002
Messages
543
.... *cries*

so who's gonna fix it?! lol

ok ok.. I think.. I am screwed. I have found my first "downside" to the boondocks!

Thank you anyway, 10forcash... I appreciate the help.. even if it "is" bad news. :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top