1

In our company, we are currently testing whether it would be possible to work from the home office directly via the vpn without having to rely on a virtual computer within the company.

This means that previously, when working at home, the user would connect to the tunnel using the OpenVPN client and then connect to their virtual machine using RDP.

Now we want to change so that the RDP connection is omitted and the office software connects directly to our servers.

This also works in principle. However, we are confronted with some problems, where I could use some approaches.

We use:

  • MS Surface Pro 7 as user computer
  • Sophos UTM 9 as VPN server
  • OpenVPN as VPN Client (TCP)
  • Exchange Server 2016
  • Outlook 2016 / 365 (both same behavior)
  • Stable bandwidth of the connection is guaranteed

The problems:

  1. Outlook responds very slowly in general
  2. Program does not give any response for no apparent reason
  3. The connection breaks off completely to the exchange server
  4. Users report that often a connection to the exchange is only possible after a complete restart of the computer.
  5. Connection terminates as soon as a mailbox is changed

Are you aware of such problems? If further information is needed, I will be happy to provide it.

bjoster
  • 4,423
  • 5
  • 22
  • 32
Maik Thiele
  • 11
  • 1

2 Answers2

0

A common issue with VPNs is MTU sizes. In some cases the additional VPN headers mean the maximum data that can be transmitted is reduced and packets needs to be segmented if supported or simply dropped This can manifest in connection being made but once sizeable data is sent to stalls/slows

I would review the MTU size of the interfaces each side of the VPN

Barry Gleeson
  • 1
  • 1
  • Thanks for your suggestion. We have a MTU of 1500 on both interfaces. That should be fine? – Maik Thiele May 20 '21 at 07:20
  • If your exchange server has an MTU of 1500, and data is sent across a link before hitting the VPN, its possible that the VPN needs 24bytes or so. The links then used by the VPN may also have a 1500 MTU but the extra header means any 'full' packets have to be segmented. But this of course all depends on the settings across these links. – Barry Gleeson May 20 '21 at 16:01
0

Did you encounter the connection issue when using internal office PCs? Or did that only when using VPN to build connections?

What's the connectivity status of other services(e.g. ECP, OWA and PowerShell)?

Were you using online mode for Outlook? If so, try enabling cached exchange mode for Outlook and see if it will mitigate this connectivity issue.

Ivan_Wang
  • 1,323
  • 1
  • 3
  • 4
  • We haven't any issues when using the internal PC's / Network. We allready tested the cached exchange mode and faced the same problems. – Maik Thiele May 20 '21 at 10:49
  • Could you find any HTTP requests about MAPI in IIS log(**%SystemDrive%\inetpub\logs\LogFiles**) when the connectivity between Outlook and Exchange disconnected? – Ivan_Wang May 21 '21 at 09:53