My wife and I both need to connect to the same external VPN server simultaneously. Since we had Bluecurve installed, we cannot do this.
The Bluecurve gateway we have is the Technicolor Model CGM4140COM, PN CGMF141SHW . I've found various references to people having problems with VPN connections via this modem being unstable, but in our situation, it is generally stable, it's just that we can't both use it at the same time.
My guess would be this is because since we're both going through the same Shaw gateway, we have the same external/public IP address, and 2 identical identities can't connect to the same VPN at the same time. I think other gateways, such as what we used before, automatically put something into the packets to distinguish them from one another, but this isn't happening with the Bluecurve gateway.
Would anyone have any suggestions as to settings or setup options that might get around this problem/restriction?
Thx
@sillsd -- Since we had Bluecurve installed, we cannot do this.
What happens when you try? Any error-message? Can the second person connect?
When you try to connect to anything on the Internet, you need to send an IP-address (in this case, the IP-address assigned by Shaw to your cable-modem) and a "port-number". To compare, if you work in an office with a switchboard, all outgoing calls show the same Caller-ID information. But, if somebody calls to that number, the caller needs to indicate which person they are calling -- "press 1 to talk to Shaw Sales, press 2 for new activations", and so on. So, your two VPN connections should be sending unique port-numbers (any number between 1025 and 65535), and your router should map any responses from the VPN back to the port-number that sent the request for a response.
Thanks, I will need to find out how to (if I can) make the port numbers unique in the VPN connection. The only place I can see to enter a Port is under VPN Proxy Settings (under manual settings), but am not using a Proxy server.
Both of us are using Windows 10. If nobody is connected to the VPN server in question, the first person to connect does so without problem, and has a generally stable connection. If one is already connected, when the other PC attempts, it will pause for about 30 seconds, then return the message "Can't connect to <VPN server name>" "The VPN connection between your computer and the VPN server could not be completed. The most common cause for this failure is that at least one Internet device (for example a firewall or a router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet Service Provider".
BTW we have disabled the firewall on the Bluecurve gateway.
@sillsd -- make the port numbers unique in the VPN connection,
Windows (NT/2000/XP/Vista/7/8/10) "randomly" assigns port-numbers, in the range 1025 to 65535, as each application on your computer tries to "open" a port, in order to build a connection with the remote VPN server.
Use the Windows command-line utility: netstat -a -n | find "TCP"
to see which ports have been opened.
Thanks, the command revealed the following lines associated with the VPN server I've connect to at IP address 192.168.10.142. If these are being assigned randomly in such a large range, wouldn't it be odd that my wife's PC would choose the identical ones causing conflict (every time, preventing us from ever both connecting to the same VPN server)?
TCP 192.168.10.142:49835 192.168.10.30:23 ESTABLISHED
TCP 192.168.10.142:49839 192.168.10.30:23 ESTABLISHED
TCP 192.168.10.142:49859 192.168.10.2:25871 ESTABLISHED
TCP 192.168.10.142:49879 192.168.10.2:25871 ESTABLISHED
TCP 192.168.10.142:49883 192.168.10.2:58146 ESTABLISHED
First, the output from NETSTAT shows your "private" IP-address (192.168.10.142) and port #49835 as the "source" for the connection to another "private" IP-address (192.168.10.30) on port #23.
Second, port #23 is usually associated with a server operating with the "TELNET" protocol.
For comparison, when you use the FTP command, your computer will connect to TCP port #21 on the FTP-server.
Third, you are correct -- it is unusual for two computers to "randomly" get the same port-number.
Many programs on your computer "open a port", e.g., anti-virus update, iTunes update, web-browser has one port per web-site that you visit. So, getting a "match" between two computers is extremely rare.
There must be something else preventing "simultaneous" connections.
> I've connected to at IP address 192.168.10.142
Do you have your own router, on the "192.168.10.xxx" network, that is connected to your BlueCurve router?
I don't have a BlueCurve, but I think that it uses the "10.0.xxx.yyy" network, when it not configured into "bridge" mode.
What happens if you connect both computers directly to the BlueCurve, temporarily bypassing your router? Do both computers get new IP-addresses, namely on the "10.0.xxx.yyy" network? Can both use VPN at the same time?
No other router here other than the Bluecurve gateway (so your last question above doesn't apply -- we are both behind Bluecurve and only Bluecurve). We let Bluecurve give us our 10.0.... local/LAN addresses via DHCP. We VPN to an external address who's internal domain provides the 192.168.10.xxx addresses -- which are internal to its LAN, behind its router. So 192.168.10.142 is not an outward facing address, and if you connected to it it wouldn't be ours.
Working from home i use Shaw to connect to my company's VPN. The performance through a VPN is slow and unstable. Shaw Support says this isn't their problem. As usual they check that their modem is running and wash their hands. Helpfully they say you shouldn't rely on wifi but tether yourself to ethernet. But keep those payments coming
@peter_orr -- The performance through a VPN is slow and unstable.
Of course, the I.T. Department at your company will say "our VPN server is working fine, and it is not overwhelmed by the large number of VPN connections from hundreds of our employees who are now working-from-home", and "our connection from our internal network to the Internet (Shaw Business?) is not saturated". Do you always rely on what your I.T. crew says? 🙂
> You shouldn't rely on WiFi.
Nonsense. If you have a good WiFi connection between your computer and your cable-modem, it should be almost as fast as a "wired" connection -- some older WiFi adapters max-out around 150 Mbps, even when your cable-modem is receiving at 300 or 600 or 750 or 1000 Mbps.