| Author |
Message |
Milo
Guest
|
 Posted:
Thu Mar 10, 2005 8:48 pm Post subject:
Strange results over VPN |
|
|
I am having a problem using Netmeeting 3.01 between two XP Pro SP2
machines.
When both machines are physically on the same network, everything works
fine. However, when one machine is taken off-site and dials in using a
VPN connection (MS Small Business Server 2003), Netmeeting fails to work..
After dialing in the "waiting for a response" dialog hangs around for a
long time (a minute or two) and after it finally disappears neither side
can do anything. Chat messages and whiteboard actions don't make it to
the other side, and application sharing is disabled.
I did some packet sniffing, and the big difference I see between a
succesful (LAN) connection and an unsuccesful (VPN) one is that when
things don't work, there is also no traffic being exchanged on port 1503..
If the "VPN'ed machine" initiates the connection then it will send SYN to
1503 and receive SYN/ACK from 1503, but then does nothing. If the "LAN
machine" initiates the connection then it will send SYN to 1503, and never
hear back.
Can anyone shed some light on this?
Milo |
|
| Back to top |
|
 |
Ray
Guest
|
| Posted:
Thu Mar 10, 2005 9:04 pm Post subject:
Re: Strange results over VPN |
|
|
Is the XP SP2 firewall getting in the way?
"Milo" <milo@nopinnocent.com> wrote in message
news:op.snfh7qk40ga8w4@mvdleij.pqs.local...
I am having a problem using Netmeeting 3.01 between two XP Pro SP2
machines.
When both machines are physically on the same network, everything works
fine. However, when one machine is taken off-site and dials in using a
VPN connection (MS Small Business Server 2003), Netmeeting fails to work.
After dialing in the "waiting for a response" dialog hangs around for a
long time (a minute or two) and after it finally disappears neither side
can do anything. Chat messages and whiteboard actions don't make it to
the other side, and application sharing is disabled.
I did some packet sniffing, and the big difference I see between a
succesful (LAN) connection and an unsuccesful (VPN) one is that when
things don't work, there is also no traffic being exchanged on port 1503.
If the "VPN'ed machine" initiates the connection then it will send SYN to
1503 and receive SYN/ACK from 1503, but then does nothing. If the "LAN
machine" initiates the connection then it will send SYN to 1503, and never
hear back.
Can anyone shed some light on this?
Milo |
|
| Back to top |
|
|
Milo
Guest
|
| Posted:
Thu Mar 10, 2005 9:15 pm Post subject:
Re: Strange results over VPN |
|
|
I don't think so. The XP SP2 firewall is enabled even when both machines
are physically on the LAN, and disabling the firewall on the "VPN'ed
machine" before dialing in did not make a difference.
On Thu, 10 Mar 2005 11:04:29 -0500, Ray <replyhere@newsgroup.only> wrote:
| Quote: | Is the XP SP2 firewall getting in the way?
"Milo" <milo@nopinnocent.com> wrote in message
news:op.snfh7qk40ga8w4@mvdleij.pqs.local...
I am having a problem using Netmeeting 3.01 between two XP Pro SP2
machines.
When both machines are physically on the same network, everything works
fine. However, when one machine is taken off-site and dials in using a
VPN connection (MS Small Business Server 2003), Netmeeting fails to work.
After dialing in the "waiting for a response" dialog hangs around for a
long time (a minute or two) and after it finally disappears neither side
can do anything. Chat messages and whiteboard actions don't make it to
the other side, and application sharing is disabled.
I did some packet sniffing, and the big difference I see between a
succesful (LAN) connection and an unsuccesful (VPN) one is that when
things don't work, there is also no traffic being exchanged on port 1503.
If the "VPN'ed machine" initiates the connection then it will send SYN to
1503 and receive SYN/ACK from 1503, but then does nothing. If the "LAN
machine" initiates the connection then it will send SYN to 1503, and
never
hear back.
Can anyone shed some light on this?
Milo
|
|
|
| Back to top |
|
|
Brian Sullivan MVP
Guest
|
| Posted:
Thu Mar 10, 2005 9:25 pm Post subject:
Re: Strange results over VPN |
|
|
On Thu, 10 Mar 2005 10:48:52 -0500, Milo wrote:
| Quote: | I am having a problem using Netmeeting 3.01 between two XP Pro SP2
machines.
When both machines are physically on the same network, everything works
fine. However, when one machine is taken off-site and dials in using a
VPN connection (MS Small Business Server 2003), Netmeeting fails to work.
After dialing in the "waiting for a response" dialog hangs around for a
long time (a minute or two) and after it finally disappears neither side
can do anything. Chat messages and whiteboard actions don't make it to
the other side, and application sharing is disabled.
I did some packet sniffing, and the big difference I see between a
succesful (LAN) connection and an unsuccesful (VPN) one is that when
things don't work, there is also no traffic being exchanged on port 1503.
If the "VPN'ed machine" initiates the connection then it will send SYN to
1503 and receive SYN/ACK from 1503, but then does nothing. If the "LAN
machine" initiates the connection then it will send SYN to 1503, and never
hear back.
Can anyone shed some light on this?
Milo
|
TCP 1503 is the T.120 port -- T.120 is used for all data operations in
NetMeeting (file transfer, whiteboard, application sharing and chat). So it
is not suprising giving your information that you cannot use those
functions.
TCP 1720 is the H.323 port -- used to establish audio/video connection and
negotiate UDP ports for audio/video transfer.
NetMeeting calls are really two calls in parallel - an H.323 one and a
T.120 one -- either of which can be connected independently. The H.323 part
of the call is established first in a "normal" NetMeeting call.
Does the H.323 part of the call connect? Can you see/hear the other party
at either end. What happens if you try a data only call ( a "secure" call
would be data only).
My suspicion would be that the VPN software is interfering or is faulty
somehow.
--
Brian Sullivan (MVP)
Meeting by Wire ( www.meetingbywire.com) |
|
| Back to top |
|
|
Milo
Guest
|
| Posted:
Thu Mar 10, 2005 9:51 pm Post subject:
Re: Strange results over VPN |
|
|
| Quote: | Does the H.323 part of the call connect? Can you see/hear the other party
at either end. What happens if you try a data only call ( a "secure" call
would be data only).
|
I am seeing traffic on port 1720, then on another port (number varies),
then attempts to communicate on port 1503 start, and while those fail and
retry there is some UDP traffic. So I would assume that the H.323 part of
the call connects.
| Quote: | My suspicion would be that the VPN software is interfering or is faulty
somehow.
|
That would be my suspicion too, however the VPN software is all from
Microsoft. The clients come with XP and the server comes with Small
Business Server 2003. And since Netmeeting is also from Microsoft that
would just be... strange.
If it does turn out to be the VPN software, where would be the best place
to ask for help? |
|
| Back to top |
|
|
Brian Sullivan MVP
Guest
|
| Posted:
Thu Mar 10, 2005 10:40 pm Post subject:
Re: Strange results over VPN |
|
|
On Thu, 10 Mar 2005 11:51:14 -0500, Milo wrote:
| Quote: | Does the H.323 part of the call connect? Can you see/hear the other party
at either end. What happens if you try a data only call ( a "secure" call
would be data only).
I am seeing traffic on port 1720, then on another port (number varies),
then attempts to communicate on port 1503 start, and while those fail and
retry there is some UDP traffic. So I would assume that the H.323 part of
the call connects.
My suspicion would be that the VPN software is interfering or is faulty
somehow.
That would be my suspicion too, however the VPN software is all from
Microsoft. The clients come with XP and the server comes with Small
Business Server 2003. And since Netmeeting is also from Microsoft that
would just be... strange.
|
| Quote: |
If it does turn out to be the VPN software, where would be the best place
to ask for help?
|
microsoft.public.windows.server.sbs or
microsoft.public.isa.vpn
might be good choices
--
Brian Sullivan (MVP)
Meeting by Wire ( www.meetingbywire.com) |
|
| Back to top |
|
|
Milo
Guest
|
| Posted:
Sat Mar 12, 2005 12:29 am Post subject:
Re: Strange results over VPN |
|
|
On Thu, 10 Mar 2005 11:25:30 -0500, Brian Sullivan MVP
<brians@WORMTIREDmeetingbywire.com> wrote:
| Quote: | Does the H.323 part of the call connect? Can you see/hear the other party
at either end. What happens if you try a data only call ( a "secure" call
would be data only).
|
I just tried a data-only ("secure") call, and that works! I don't fully
understand why it works, but I'm not going to argue.
To me the original problem (T.120 connection fails using a non-secure
call) seems like a problem with Netmeeting. The client that dials in
using VPN either doesn't respond to the SYN (for incoming calls) or
doesn't respond to the ACK/SYN (for outgoing calls).
If anyone wants to dig deeper into that problem then I'd be more than
happy to run some more tests. However, I'm perfectly satisfied now that I
have a simple workaround.
Thank you very much for your help!
Milo |
|
| Back to top |
|
|
Brian Sullivan MVP
Guest
|
| Posted:
Sat Mar 12, 2005 1:05 am Post subject:
Re: Strange results over VPN |
|
|
On Fri, 11 Mar 2005 14:29:47 -0500, Milo wrote:
| Quote: | On Thu, 10 Mar 2005 11:25:30 -0500, Brian Sullivan MVP
brians@WORMTIREDmeetingbywire.com> wrote:
Does the H.323 part of the call connect? Can you see/hear the other party
at either end. What happens if you try a data only call ( a "secure" call
would be data only).
I just tried a data-only ("secure") call, and that works! I don't fully
understand why it works, but I'm not going to argue.
To me the original problem (T.120 connection fails using a non-secure
call) seems like a problem with Netmeeting. The client that dials in
using VPN either doesn't respond to the SYN (for incoming calls) or
doesn't respond to the ACK/SYN (for outgoing calls).
If anyone wants to dig deeper into that problem then I'd be more than
happy to run some more tests. However, I'm perfectly satisfied now that I
have a simple workaround.
|
In the original case -- a regular call -- the H.323 (audio/video) part of
the call by design is connected first. The T.120 part of the call connects
after and sometimes takes some time to connect. On mismatched speed
connections (which your dialup vs LAN pair would be) the connection time
seems to be even later and sometimes the connection never seems to succeed
(I am not totally sure why -- a timeout somewhere I am guessing). Another
strategy that seems to help in this situation is to delay video
transmission (by unsetting "Start video on connection)").
--
Brian Sullivan (MVP)
Meeting by Wire ( www.meetingbywire.com) |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in