• IT Services
• Virtual Private Networking (VPN)
• Frequently Asked Questions
  • Disconnection
  • Platforms

• Related links
  • A-Z index
  • Help and support
  • Key services

Disconnection Problems

Why do I keep getting disconnected from the VPN when I'm using a wireless connection?

It has been reported from a small number of users that occasionally they are disconnected from the VPN service when using a campus wireless access point.

At this point the networking team have been unable to replicate this behaviour on the laptops available to them. However, it is apparent that on specific combinations of hardware and software on particular laptops there does seem to be a problem. Investigations are continuing, but in the meantime, below are some pointers that may enable you to eliminate possible causes of this behaviour.

Update, January 2009: An issue with XP service pack 3 and the built-in firewall has been identified; see below for details

Note: that the wireless LAN is designed for quick network access such as checking for new mail or browsing a few web pages. If you require a long period of concentrated network usage, you should if at all possible use a wired ethernet point (University network socket in the wall).

The possible causes include:

• XP SP3 firewall issue
• Fluctuating signal strength
• Response timeout
• Computer going into standby mode
• DHCP IP address renewal
• OpenAFS client

XP SP3 firewall issue

Windows XP service park 3 (SP3) appears to change the behaviour of the built-in firewall, applying a 20minute idle timeout and a generic timeout even if the connection is not idle. Applying a firewall exception for the cisco VPN client solves this problem:

1. Click the START tab, then select Settings > Control Panel > Security Center
2. Click Windows Firewall (under 'Manage security settings for:') and select 'On (recommended)' if not already on.
3. Select the Exceptions tab and click on 'Add Program...'
4. Click Browse... and set the directory to C:\Program Files\Cisco Systems\VPN Client
5. Highlight the 'cvpnd.exe' program and the click Open. Click OK as necessary.
6. The cvpnd program should now have an entry in the list of 'programs and services'. Click OK to finish.

This will now stop the VPN session from being terminated after a short period of inactivity

Fluctuating signal strength

This can happen when the signal strength between the wireless client (i.e.laptop) and the access point fluctuates. This can be due to movement of the laptop, or some intervening obstacle (such as people moving in a corridor). VPN connections require continuous network connectivity to remain established.

Response timeout

To change the timeout, follow the steps below:

1. On the PC's main drive, navigate to Program Files > University of Manchester > VPN Client > Profiles.
2. Right-click on the profile that you are using (i.e. Wireless User) and choose Open With from the submenu to open the profile in an editor (i.e. Notepad). (When you choose the program to use, be sure to uncheck the box that says "Always use this program to open these files.")
3. Locate the profile parameter for ForcekeepAlives and change the value from 0 to 1 (if it is not set to 1 already, which it should be if you obtained it from the IT services website), then save the profile.
4. Run the VPN Client,
5. Go to Options > Properties > General and enter a value for the Peer Response Timeout of between 30 seconds to 480 seconds.
6. Experiment with this value to find a good setting for your particular hardware.
   

Computer going into standby mode

When your computer goes into screen-saver or hibernation/standby mode, some hardware devices can also be put into standby. This often includes powering down the wireless/network card to save battery power. Since VPNs require constant communication with the server, this disruption to networking can cause the connection to disconnect.

This has not been reported as an issue for Unix or Mac OS X users.

Mac

On Macintosh versions 7.5 to 9.x, entering sleep mode while the VPN software is running can 'freeze' the Mac. You should always log out of the VPN software and exit it before putting your pre-OS X Macintosh into sleep mode.

Windows

While there have been no reports of Windows machines freezing in this way, the VPN software often loses communication even after the screen saver or hibernation is ended and normal network card activity resumes. Stopping and restarting the software will not solve the problem; you will need to reboot the machine in order to connect correctly again. You should always log out of the VPN software and exit it before letting your system go into screen saver or hibernation mode.

DHCP IP address renewal

If your computer tries to renew its IP address with the DHCP server while the VPN connection is enabled, and the VPN software has not been told to expect new DHCP communications, your computer can have an identity crisis (because the DHCP server cannot renew the IP address the VPN server expects, and the computer chooses a different IP address instead).

To determine if this may be your problem, check to ensure that your configuration matches the following:

1. In the Configuration tab of the VPN software window, click on the appropriate profile to highlight it.
2. Click Edit. In the window which appears, click Advanced. Another window with several check boxes should appear (five for Windows, three for Macintosh).
3. Make sure that all boxes are selected, as shown (Windows interface).

   

4. Click OK until you return to the main window; then click Exit.

The next time you start the VPN software, the changed settings will be in place.

You can force DHCP to renew your address in order to test that this configuration is functioning correctly on your hardware:

Under Windows 95, 98, or ME

1. Click Start, then Run. In the window that appears, type command.
2. In the DOS window that opens, type winipcfg. A window will appear with network information.
3. First, click Release All (many of the numbers shown will change to a string of zeros), then click Renew All (your IP address and other networking numbers should reappear). Click OK.
4. Your IP address has now been renewed.

Under Windows 2000, NT, or XP

1. Click Start > Run. In the window that appears, type cmd.
2. In the DOS window that opens, type ipconfig /release followed by ipconfig /renew.

Under Macintosh 8.6-9.x (pre-OS X)

1. First, under the Apple menu, select Control Panels, then TCP/IP. The relevant control panel window will appear.
2. Under the TCP/IP control panel's Edit menu (found at the top of the screen, not on the above window), first choose User Mode, and then click Advanced. Click OK.
3. Back in the TCP/IP panel, click Options. The further window will appear. Click Inactive, then OK.
4. Next, close the TCP/IP control panel; you will be asked whether you want to save changes. Click Yes.
5. Next, reopen the TCP/IP control panel, and click Yes at the prompt. Close the control panel again.
6. Your IP address has now been renewed.

Under Macintosh OS X

You will need an administrative password to perform this operation.

1. Under the Apple menu, choose System Preferences. In the window which appears, select Network.
2. You should see a second window with the TCP-IP tab active. Click on the Show drop-box and select Active Network Ports.
3. First, uncheck all active network connections and click Apply Now. (The button will be grayed out for a few seconds while the network is being disconnected).
4. Next, click the check mark back on for all active network connections. Again, click Apply Now.
5. Your IP address has now been renewed.
   

OpenAFS client

Earlier versions of the OpenAFS client appear to be a possible cause of disconnection to the VPN. Please upgrade your AFS client to the most recent release, obtainable from http://www.openafs.org/.