Routing and Remote Access Blog

VPN articles - straight from Windows development team

Windows7 PPPoE or VPN connectivity experience – we would like to hear back from you

Windows7 PPPoE or VPN connectivity experience – we would like to hear back from you

  • Comments 8
  • Likes

Hello Friends,

As you know – Windows7 RC is out and we will like to hear back from you !

In Windows7, we did couple of changes on the remote access client that includes dialup, broadband (aka PPPoE) and VPN scenarios. Windows7 brings in simpler connectivity experience inside View Available Networks (VAN) that is shown in networking system tray icon.

In Windows7 beta release, we heard from you on some PPPoE connectivity issues in certain regions and some PPPoE performance issues. We actively listened to your valuable feedback and quickly acted on it. We have fixed all of those issues in Windows7 RC release.

If you are using Windows7 RC build and still facing any connectivity or performance issues in  dialup, PPPoE or VPN area, please get back to us by sending us an email (click on the Email link above).

We sincerely appreciate your feedback.

With Regards,

Samir Jain

Senior Program Manager

Windows Networking

[This posting is provided “AS IS” with no warranties, and confers no rights.]

Comments
  • I purchased a brand new HP laptop for the sole purpose of enabling my wife to VPN to her office from home.  After over 6 months of trying to get it to work I have a $800 door stop.  Both my wife and I have engineering degrees from the university of pennsylvania, mine in computer science, yet your computer will not do something my basic machine has done for 10+years.

    My wife will not let me purchase another Microsoft product.  Is this the customer experience you want to create?  I have actually served Microsoft as a client professionally and this makes me very sad.

    Additionally, with only a browser installed, I cant even get this machine to serve the web wirelessly without frequent lags, timeout errors and DEP shutdowns (if a popup java applet is running).  What is up with your addition of complexity and removal of basic needed services from the basic product?  Do you think your monopoly status makes you immune from business losses?  I am also a MSFT shareholder so this really makes me angry too.

  • Hi,

    I'm not able to bring up IKEv2 VPN connection from Win7 client. Can you please clarify the following things?

    1) Following the previous blog entry, I created a

      certificate for the vpn server with its IP address

      in the Subject Name as "CN=10.0.0.1". Client still

      gives an error saying certificate for the server is

      not found with error number as 13806. What does

      this error mean?

    2) I see that when EAP authentication is selected,

      VPN client is sending its IP address in the ID

      payload of the AUTH exchange (message 3 of the

      IKEv2 exchange). This is happening even though I

      filled the username and password in the required

      fields of the dialog box. How does IP address as

      identity field help in remote access scenario?

      With IPv6 it may make sense, as there are no

      private addresses, but I'm using IPv4 here.

      How I can specify to the client to use username as

      the IKE identity payload?

    3) A general Question: Is L2TP supported with IKEv2?

      I see that L2TP is still using IKEv1 with Win7

      client. Is there any plan to support this?

    Thanks,

    Srinivas

  • Hi Srinivas,

      In order to investigate the issue you are seeing we would need RAS and IPSec logs. Can you collect the same and send them to me? (aanandr@microsoft.com)? I am assuming that you are running the RC build. Here is the procedure to follow to collect the logs

    RAS Logs

    --------

    Run the netsh commands from an elevated command prompt

    1. Netsh ras diag set tracefacilities enable  

      <this will enable RAS logging>

    2. Recreate the issue

    3. Netsh ras diag set tracefacilities disable  

      <this will disable RAS logging>

    This will create log files under the %WINDIR%\tracing directory. Zip these files and send it

    IPSec Logs

    ----------

    1. Go to %WINDIR%\tracing dir

    2. From an elevated command prompt run the following

          - del *

          - netsh wfp cap start

          - <repro the problem>

          - netsh wfp cap stop

    This will generate .cab file in the same directory. Please send it to me

    L2TP is not supported with IKEv2 and there is no plan to add support in the near future.

    We will get back to you regarding question #2

    Aanand Ramachandran

    Program Manager, RRAS

  • Hi Stephen

      Sorry to hear about your problems with Microsoft VPN. The VPN product team at Microsoft is committed to helping you resolve your issues. Can you provide us some info on what the problems are that you are facing and we can take it from there?

    Aanand Ramachandran

    Program Manager, RRAS

  • Hi Srinivas

      Here is the response to your 2nd question

    2) I see that when EAP authentication is selected,

     VPN client is sending its IP address in the ID

     payload of the AUTH exchange (message 3 of the

     IKEv2 exchange). This is happening even though I

     filled the username and password in the required

     fields of the dialog box. How does IP address as

     identity field help in remote access scenario?

     With IPv6 it may make sense, as there are no

     private addresses, but I'm using IPv4 here.

     How I can specify to the client to use username as

     the IKE identity payload?

    Response: You cannot configure the client to use username as the IKE identity payload. The value in the identity payload doesnt matter because the peer is ultimately authenticated by the EAP module.

    Aanand Ramachandran

    Program Manager, RRAS

  • Hi Anand,

    Thanks a lot for getting my questions answered.

    Regarding Question #1), it was a misconfiguration of the certificates on my part, the issue is no longer seen. Thanks much for the detailed debugging steps, anyway :-).

    Coming to Question #2), about the identity sent in IKE_AUTH message, is there any way we can configure various options like which identity to send, which cipher suites to use etc on the client? Is there any config file that can be used for these options? If so, can I know the location of this config file?

    Thanks,

    Srinivas

  • I use PPPoE and here are my grudges:

    1.  Since Vista, the built-in client never connects quickly enough even after specifying "Service name". In XP it was always instantaneous, in Vista and Windows 7 RC, it fails sometimes, and usually takes a long time to connect.

    2.  No connection blinking like XP is a huge disappointment for me since it was on the taskbar which is the only always visible area when working with maximized apps. A gadget doesn't cut it. For monitoring whether any network traffic is being transferred, I now use TCPView from Sysinternals which also shows the app accessing it.

    3.  Till XP, I also used a CFOS PPPoE/DSL and it allowed me to simultaneously connect 10 connections at a time (RASPPPOE also did but it doesn't work with Vista and later at all). Now CFOS only allows 1 connection under Windows 7 RC/Vista. As soon as I connect 1 connection, it drops the other or stops transferring data from the earlier one.

    4.  KeepRasConnections value doesn't work=another disappointment for PPPoE user such as myself.

    5.  Windows 7 improves upon notification area customizability yet it takes away ability to show/hide individual connections. Not done.

  • I installed windows 7 but it doesn't save my pppoe user and pass .. every time i reboot or try to reconnect to internet i have to re-enter both user name and password..

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment