The vpn that wouldn't

Some time ago one of my clients said he needed to work from home now and then. As we were already using a Multitech RouteFinder, I just added a PPTP vpn user for him. That's the easiest thing to do for Windows users: no additional software, just use the built in Windows "Connect to" software. Everything was fine.

After a few months, his wife started using it so that she didn't need to drive to the store just to confirm payroll numbers. Then there was the partner who needed access while on the road, so I had to add a few more ip addresses to the assigned range. That's how you control the number of vpn users with the Multitech: you give it a range of ip's it can use for the vpn. I gave it 195 to 199 on their subnet - two more users than they actually were using. I figured that would let me in if necessary and left one as a spare.

A few months ago, the owner's wife started having sporadic connection problems. As it happened, I wasn't immediately available when these occurred, but when I would check, everything was fine. I asked the owner if he was having any problems; he said he never did. OK, one of those stupid non-reproducible annoyances. Live with it until you can't stand it and then I'll look at her machine.

Yesterday he called again saying his wife couldn't get in. I was sitting at my desk this time, so I tried. Hmmm.. just like his wife said: Windows said it was connected, but I couldn't do anything. Hmmm.. looks like an ip problem

I sshed in instead and did an "arp -an". I knew that my DHCP server should be assigning addresses from 100 to 175, but to my complete surprise only a few addresses were down in that range. Most were above that, running from 175 to 199, and 195 to 199 were definitely occupied. Aaargh. I know what's wrong: they put in a Windows server a while back for some other project, and the stupid thing must be serving addresses. It's trampling all over my structure and particularly is using up my pptp addresses. I dialed the phone to explain this to my client.

"Oh, before I forget", he interjected before I began, "the service techs are having trouble sometimes too."

Slight pause as my brain spun 180 degrees.

"The service techs? Are they using the vpn?"

"Oh, yeah. I gave them all laptops and Verizon Internet. It's great!"

I bet. "How many techs?", I asked.

"Uh, six. But we usually have at least one or two doubled up."

Let's see: five allocated ip addresses, one work at home wife, one sometimes traveling partner, and six techs. Maybe the Windows server problem isn't the whole of it. I took another look at the arp listing.. nothing above 199. I did a mental count of machines I knew about and came up with less than twenty. Looks to me like I do need to go find out who's handing out ip's without my permission, but the vpn problem is probably more easily fixed: I bumped the Multitech to let it use up to 210. I explained all this to the owner, and said I'd stop in when next in the area to hunt down the rogue DHCP server.

Got something to add? Send me email.

4 comments

Thu Aug 17 13:37:51 2006: 2405   BigDumbDInosaur


"Oh, before I forget", he interjected before I began, "the service techs are having trouble sometimes too."

Doncha love it when clients leave out essential information? I have several that routinely do that and then complain because the bill to fix whatever ailed them is high. They just can't seem to make the connection between them not giving me all the facts and the amount of time I have to consume hunting down the information that they could have given me. Oh well! It keeps me busy and out of trouble (most of the time, anyhow).



Thu Aug 17 13:56:18 2006: 2406   TonyLawrence


At least this client understands things. After all this, he said "I should have mentioned the techs.. I just forgot because they hadn't complained much"





Fri Aug 18 04:30:36 2006: 2408   Sledge


Why do they do it? Why do they start meddling in the affairs of things too deep for them? Casually, like it doesn't matter. Then they get angry and say things like "Ever since you made that change..."
My systems are a pristine digital entity, a perfect being. End users are a parasitic infestation of it.
"Oh I forgot to mention. I read two inches of copy in a trade rag about 'appliances' and I replaced the router, switch, and firewall with a toaster and swapped all the machines with either a paper shredder or a dirt devil. The clerk at the office supplies store says it wouldn't have caused any of these problems. So what did you do to my network?"



Fri Aug 18 10:49:36 2006: 2409   TonyLawrence


Naaw. I don't have clients like that. That is, if I do happen to get tangled up with someone like that, I disengage and don't do any more work for them.

My clients are all good, intelligent people who need a little help now and then.





------------------------

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us