VPN Reconnect: Powerful networking for when the network isn't powerful

Connection drops are a fact of life for on-the-road workers. But VPN Reconnect, a new capability in Windows Server 2008 R2, simplifies the process of reestablishing a connection.

You're on the train, trying to do work as you pass through tunnels, trees and uneven terrain. You're sitting at ground zero of your coffee shop's shoddy network connection. You're at the airport and the only available seat is on the edge of some Internet black hole.

In all these situations, the experience is the same: One minute, you're working on your office intranet, the next, your connection is dropped. And it seems this always occurs at the worst time -- during the last seconds of a file transfer or right as you're about to hit send on a time-critical email.

Connection drops are a fact of life for on-the-road knowledge workers -- every airport, hotel lobby and coffee shop has its problem spots. But what's worse is reestablishing the connection to a traditional virtual private network (VPN) can require several steps: bring your dialer back up, choose the right connection, dig the key fob out of your briefcase, re-authenticate and then hope the connection doesn't drop again in a few minutes.

Inside Windows Server 2008 R2

Check out all of our articles on the new features and improvements in Windows Server 2008 R2.

VPN Reconnect in Windows Server 2008 R2 and Windows 7 improves this process. This new capability, built into the Routing and Remote Access Service (RRAS) along with new functionality in Windows 7, enables VPN connections to remain alive after a drop. Furthermore, VPN Reconnect also keeps the connection of highly-mobile users -– or devices in an office that roam from access point to access point –- alive as their location changes.

Un-breaking the connection

With traditional VPN protocols, when a network connection is dropped, the VPN tunnel that rides along that connection is also lost. To reconnect, users must first relocate a functioning network connection and then reconstruct the tunnel. Depending on a business's security requirements, this process can involve multiple steps and authentications.

VPN Reconnect solves this problem with the IKEv2 Mobility and Multihoming protocol (MOBIKE), which allows the VPN tunnel to remain available for a configurable amount of time after a network interruption. If the user regains a network connection within that time frame, the tunnel will automatically reestablish.

This protocol can be enabled at the server side by installing RRAS to a Windows Server 2008 R2 server. Its client components, however, are only available in Windows 7. This means in order for VPN Reconnect to work, you'll need Windows 7 and either Windows Server 2008 R2's RRAS or another IKEv2-compatible IPsec tunnel-mode server.

IKEv2 in R2's RRAS supports authentication via machine certificates as well as Extensible Authentication Protocol (EAP) based authentication. Installation of the Network Policy Server (NPS) role is required with EAP-based authentication, but it is not required with machine-certificate based authentication.

MOBIKE makes the following scenarios seamless:

  • Switching from IPv4 to IPv6. Users who have simultaneous IPv4 and IPv6 connectivity can switch between addressing mechanisms at will.
  •  

  • Switching from Internet to intranet. Users in the office can be seamlessly switched to Internet-based access as they walk out the door. The opposite can occur as well: users working from the Internet are automatically switched to the business intranet.
  •  

     

  • Switching as the device's IP address changes. As a connecting device's IP address changes, the VPN connection will be seamlessly transferred to the new address.
  •  

  • Switching as networks disconnect and reconnect. VPN connections will persist even during periods of "lossy" WAN connections. Streaming downloads are automatically resumed as the connection is seamlessly reestablished.

VPN Reconnect is easy to set up, with most of the configuration happening on the Windows 7 client side. More high-level information about this new feature is available on Microsoft's RRAS blog. In addition, Microsoft also created a step-by-step guide for configuring a basic setup of both server and client components. .
 

 

 


INSIDE WINDOWS SERVER 2008 R2


Introduction
Remote Desktop Services (RDS)
Hyper-V
File Classification Infrastructure (FCI)
DirectAccess
BranchCache
AppLocker
BitLocker
Internet Information Services 7.5
 VPN Reconnect
Active Directory

 

 

 

 
Greg Shields, MVP, is a co-founder and IT guru with Concentrated Technology with nearly 15 years of IT architecture and enterprise administration experience. He is an IT trainer and speaker on such IT topics as Microsoft administration, systems management and monitoring, and virtualization. His recent book Windows Server 2008: What's New/What's Changed is available from SAPIEN Press.
 


 

This was first published in January 2010

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close