Why VPN Doesn’t Work on all Broadband

[22 MAR 09 UPDATE: This post fostered an idea for a story I wrote. You can read “VPN Doesn’t Work” at Every Day Fiction.]

I have mentioned here that I must use VPN (Virtual Privacy Networking) to connect into my work computer network.  VPN is a secure way to connect a personal computer anywhere out on the internet to a host computer in a way that ensures that no hackers can snoop in on the data stream.  It is really more complicated than that, but that is the gist of it.  In monitoring my blog hits, especially the search engine hits that direct people here, I see that more than a few are searching for information about VPN connectivity.  I have a little experience with the most common search I have seen: “Why doesn’t VPN work on all broadband connections?

I have found two major reasons for this.  The first, and most frustrating, is that your ISP may not maintain or present a persistent IP address to the outside world.  For normal internet use this is no big deal.  It really doesn’t matter all that much if every time you make a request in a web browser your IP sends that request on a different IP.  This is sometimes called packet-switching.  As long as your IP can route the returned data back to your web browsing session everything seems fine.  An example of an ISP that did this was DirecTV’s DirecWay, now HughesNet.  At the time I investigated using their broadband they had three levels of access.

  • The first was the cheapest.  It pulled incoming data off the satellite feed that DirecTV uses, yet the outgoing data had to be transmitted via a land phone line.  This kind of connection will never work with VPN because it needs a single common communication link.
  • The second was more expensive.  It required a special satellite dish that transmitted data as well as received it.  For normal internet usage it was blazing fast.  However, VPN kept getting disconnected.   I had this installed for a while.  I could connect to my work via VPN but the connection would drop shortly after connection.  This is because when you are authenticated via VPN it notes the IP address that you are using.  If that IP address changes, it appears that you are dropped because the host computer no longer recognizes you as being authenticated.  Just about any ISP that provides its end users with an IP address that begins with 10 does packet switching and will have a problem with VPN.  And because of the packet switching, real time online games would sometimes hang, stutter or run at slower than dial-up speeds.
  • Their final solution appears as if it would have worked.  But frankly, I only needed the one connection with a static IP address.  I didn’t need to buy an entire freaking small business solution at the cost of several thousand dollars a month.

The second problem I have seen may be fixable in some cases.  This problem deals with the type of security protocol that is being used with the VPN.  IPSec has been the most common, but that is changing now that SSL is becoming more popular, that is changing.  What happens in this case is that your ISP and your host computer may have conflicting (incompatable) or different security.  Some ISPs are willing to accomidate the customer and make sure that the security works, other ISPs won’t or can’t due to lack of hardware resources or due to lack of experienced personnel.   Of course the other alternative is to ask the IT staff that run your host computer to permit your ISPs security protocol.  I have found this to not be an effective solution for my workplace.

There you have it.  Some broadband connections won’t work with VPN because of a non-persistent IP address (packet switching) and others won’t work if the security protocols used by your ISP and your host are not compatable.

Keep searching.  Eventually you will find an ISP that fits your needs.  For me that solution was an ISP that uses  a wireless directional high-gain radio to transmit and receive data.  I have one of those funky sideways antennas you see on at police stations mounted to my roof.  My ISP provided me with a static IP address and I have never lost a VPN connection due to anything other than a power failure at a radio tower five miles away.

The lesson I learned is that all “broadband” connections are not the same.  The first question I will always ask an ISP is “do you support VPN”.   And be prepared to ask if they support your host’s security protocol.


2 Responses

  1. Hello my name is Anthon, I really liked your article! Nice work

  2. yes. i might had learned something from your post. Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: