VPN Horror Stories
Scenario: Choosing the default IP ranges to set up the ADSL modem at BOTH ends
Picture a whole swarm of dialup laptop users beginning to change to ADSL connections at home while changing the gateway to the 10.x.x.x
One by one remote users complained the VPN was down however the Internet was working just fine. Days go by before it is discovered that a popular brand of modem is the source of the trouble. The default setups were all IP 192.168.1.1, masked 255.255.255.0 or in the worse case 10.0.0.1, 255.255.0.0. Changing the 10.0.0.1/255.255.0.0 fixed the problem - but what a mess trying to figure out that this was the trouble.
Moral of the story: avoid the defaults in the office and set a standard for work from home equipment connecting to business networks.
Scenario: Screen saver of terminal servers over VPN with chargeable bandwidth
Our remote warehouse uses a VPN through Terminal Servers. Thin clients were used for years without any problems, then, out of the blue came a very expensive bill for 5 GB of additional data use arrives. I looked for the usual suspects on the Internet logs: You Tube, MP3, Napster, virus / hacking etc, and nothing. Remote controlling the client sessions didn’t show anything either. Hardware tests were all negative too. The next month, yet another bill, but this time for 15 GB of excess data…. Turns out that someone set up a screen saver on the thin clients with a fireworks display that was being transmitted through the VPN at about 1mb per minute. Turned out to be one VERY expensive screen saver!
Scenario: Backtracking / organization of a setup
We configured all the VPN PtP site endpoints in a circle—all with the same parameters with no filtering whatsoever (i.e. all sites could reach each other). Each of the parameters for the separate VPN clients were configured as point-to-multipoint into the network and setup user logs from home and had access to the entire corporate network, unfiltered. It was the wild west of VPNs! Of course, with this setup, the admin didn't have any documentation (or clue) as how to track back the problem when things started to go down.
Thanks to everyone who shared their VPN horror stories with us. If you have a VPN story you’d like to share drop us a line DM us on Twitter.