Etusivu Etusivu
Vastattu

Simultaneous VPN connections to corporate network

  • 8 March 2022
  • 7 kommenttia
  • 198 katselukerrat
mohan

Recently I and my partner started working for same company and when we tried to connect to corporate network VPN simultaneously it didn’t go through, it allows one VPN connection at a time. Home broadband is from Elisa’s fibre and using TP link AX 50 router. Brought router FW to latest with no luck.

Is it possible to allow simultaneous VPN connections, if so what needs to be changed on home router. Appreciate any pointers. Thanks!

 

icon

Vastauksen tähän kysymykseen jakoi irritus 8 March 2022, 11:06

Katso alkuperäinen viesti

Tämä keskustelu on suljettu, eikä tätä voi kommentoida.

Kokeile löytyisikö samasta aiheesta toinen tai uudempi keskustelu.
Jos keskustelua tai vastausta ei löytynyt, aloita uusi keskustelu.

HAE KESKUSTELUISTA

7 kommenttia

Lautturi
Arvonimi
Käyttäjätaso 6
Kunniamerkki +12

Hi @mohan!

 

I think the issue is not caused by our connection. If the TP-link AX50 router has any PPTP or L2TP passthrough options you should check them first. There’s also a possibility that your VPN provider can do something about this issue.

mohan

Thanks @Lautturi 

Both PPTP and L2TP are enabled in the router and the corporate VPN profile installed on the laptops is using “L2TP/IPSec”. Lets say, if VPN provider supports both the VPN types, does it work switching one laptop to use PPTP VPN type while the other to L2TP? No idea though what is supported by VPN provider. 

Sokrates
Käyttäjätaso 7

You should disable VPN in router and install some VPN client in both computers. Hopefully that helps.

Saunalahti Korttelikuitu VDSL
irritus
Käyttäjätaso 7
Kunniamerkki +21

PPTP, L2TP and IPsec are all challenging VPN protocols to run over NAT.

Like @Lautturi suggested, first check if AX50 has any nat passthrough, nat helper or application layer gategay (ALG) options and turn them on. Though it may be that AX50 doesn’t have any ALG settings. At least I could not find any in the User Guide.

Because working with IPsec and NAT is hard, your router might be overwhelmed by too many IPsec connections at one. As VoWIFi uses IPsec, too, check all your mobile phones and turn VoWiFi off.

You could also ask your company’s IT support if you could switch to OpenVPN or Wireguard protocols. These two do not require any special handling by the NAT router, unlike PPTP, L2TP and IPsec.

┈─┈

If everything else fails, the last resort is to buy another router and a small Ethernet switch, like 5 or 6 ports.

If your connection is faster than 100 Mbit/s, make sure that you buy a Gigabit switch.

Connect your fibre converter to your Ethernet switch. Now connect your routers’ WAN ports to the switch, too.

Make sure that you connect your work machines to different routers.

Elisa’s fixed internet connections have up to 5 dynamic public ip addresses available. Thus you can hook up to five routers on your fibre connection this way.

irritus
Käyttäjätaso 7
Kunniamerkki +21

Both PPTP and L2TP are enabled in the router

Please make sure that you enabled L2TP passthrough, helper or ALG.

The TP-Link Archer AX50 has a built in VPN server, too, which you could use for example for connecting your cottage’s surveillance cameras to your home network.

In other words, make sure Advanced → VPN Server → PPTP VPN is disabled. That will just hog even more resources away from your laptops.

Lets say, if VPN provider supports both the VPN types, does it work switching one laptop to use PPTP VPN type while the other to L2TP?

Yes, this would work. However, most businesses do not allow using PPTP, because it is no longer considered secure.

You should disable VPN in router

PPTP, L2TP and IPsec VPN clients and servers, yes, they should be disabled.

But PPTP, L2TP and IPsec ALG should be enabled.

and install some VPN client in both computers.

I think this is exactly what @mohan is doing.

If he would have a physical IPsec router provided by his company, there would be only a single VPN connection for all work related devices. Thus he would not have a problem of multiple simultaneous VPN instances in the first place.

mohan

You could also ask your company’s IT support if you could switch to OpenVPN or Wireguard protocols. These two do not require any special handling by the NAT router, unlike PPTP, L2TP and IPsec

IT support has suggested an alternate that in one of the laptops, change the VPN address to use IP address of VPN from another region (by forking hosts file). It seems to work, haven’t noticed any delay. Instead of connecting to a VPN hosted in Helsinki, now it connects to London.

Elisa’s fixed internet connections have up to 5 dynamic public ip addresses available. Thus you can hook up to five routers on your fibre connection this way.

Thanks for the suggestion @irritus 

irritus
Käyttäjätaso 7
Kunniamerkki +21

@mohan, thank you for the tip of connecting to different VPN servers. I’ll have to add the suggestion to a Finnish thread about a similar problem. Miksi työpaikan etäyhteys ei toimi.

Osallistu arvontaan OmaElisassa!

OmaYhteisö-käyttöehdot