PPTP VPN lost when DHCP lease renewed

Discussion in 'Server Networking' started by Rob, May 21, 2010.

  1. Rob

    Rob Guest

    We are using some laptops with Windows XP and UMTS wireless wan cards.
    On these laptops a PPTP VPN is setup to the head office.

    Depending on the particular UMTS card driver, the card often implements
    a virtual ethernet card which is in DHCP mode for getting the address.
    The driver runs some DHCP service. The Windows XP OS requests an
    address for the ethernet card, and the DHCP service in the driver answers
    with the IP address and other details of the UMTS connection.
    This works OK.

    However, on some drivers the lease is very short: 5 minutes.
    (this happens with Ericsson cards, with Option cards the lease is 8 days).

    Our problem is: whenever the DHCP lease needs to be renewed, Windows XP
    disconnects the PPTP VPN that is running via this card.
    Apparently the renewal of the DHCP release resets soms things.

    It is not a problem when normally surfing the web, but for the PPTP VPN
    it is unusable because the VPN connection has to be made again every
    5 minutes.
    (for a card with an 8 days lease it is not a real problem)

    Is there some way to tell Windows not to reset the PPTP VPN whenever the
    lease of the underlying network card is being renewed?
     
    Rob, May 21, 2010
    #1
    1. Advertisements

  2. Rob

    Dave Warren Guest

    In message <4all.nl> Rob
    This isn't normal behaviour at all. Normally leases are renewed
    starting at 50% of the leases expiry, so I'm curious if you're seeing
    problems at 50% or near 100% of the expiry?

    If you're getting close to the expiry then it's likely the DHCP server
    isn't responding to renewal requests. There are a couple possibilities,
    but first try renewing a lease, check the expiry time with ipconfig/all,
    then renew with ipconfig/renew and check again with ipconfig/all, see if
    the expiry was extended or not.

    If this does get a successful renewal, try again with the VPN up. If
    you're not able to renew with the VPN up, but can renew with the VPN
    down, it would explain this problem.

    My guess is that a routing table change might help, to avoid routing the
    DHCP renewal request over the VPN (although in most cases it shouldn't
    be routed over the VPN anyway)
     
    Dave Warren, May 21, 2010
    #2
    1. Advertisements

  3. Rob

    Rob Guest

    I will test this further when I am back at work tuesday, but what I
    know now is that the VPN is being disconnected at the end of the lease
    time, and that I can reconnect it at that moment.
    It could well be that the DHCP lease cannot be renewed when the VPN
    is up, and when the VPN goes down because the lease expires it can then
    be renewed and the VPN can again be connected.
    I think you may have a good point there...
    The VPN gets the default route. It may be that the fake "DHCP server"
    that is inside the driver has an address that is outside the area
    reachable via the entries in the routing table (apart from the default).

    Unfortunately I have not yet found a way to tweak the lease time the
    UMTS card driver DHCP server supplies. With a lease longer than one
    day this issue would not exist. I have asked the supplier of the card
    for this info, but they don't understand what I am asking.
     
    Rob, May 21, 2010
    #3
  4. Rob

    Rob Guest

    Thanks to your hint I have found the underlying problem.
    The system has a group policy defined firewall (in IP security policies) that
    did not allow the traffic between the emulated DHCP server and the local system.
    Apparently this prevents the DHCP lease from renewing, but it does not prevent
    the new lease to be obtained. When time elapses and the lease cannot be renewed,
    the interface goes down and the PPTP tunnel is closed, then the new lease is
    obtained and the Internet connection is alive again, but the PPTP tunnel remains
    down.
    (I don't know if a new lease works because this is done using broadcasts as
    communication with the DHCP server, or of the security policies are not in
    effect when the interface is coming up)

    Anyway, thanks for your response as it has been making me think about the
    problem in a different way!
     
    Rob, May 26, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.