Sorry for the long question but I've packed it with lots of juicy information about my configuration and what I've already tried!

Well, my first problem is that this is my first experience of VPN and, although I did the MCSA courses on Windows 2000 and 2003 Server, my network is still fundamentally controlled by an NT4 PDC so I haven't been able to put it all into practice. I've got a Symantec hardware firewall and I've got that routing VPN traffic to a Windows 2000 RAS server that's running PPTP VPN ports. However, the DHCP, DNS and WINS is all being managed on the NT4 PDC. That seems to be running really well within the office (all on 100Mbps wired LAN) and the Internet connection is a reasonable speed as well.

Unfortunately, the Internet connection from the office is a 512k satellite link (we're in quite a rural location and can't get a cabled connection as we're too far out of town). The latency on it is really bad. I did get a test going the other night where I saw a good throughput once I got some reasonable sized data transferring but, most of the time, I'm getting timeouts and really dreadful performance because it takes so long to get a request from my 512k connection at home, to my ISP, to my office ISP, up to the satellite, back down to the office and then for it to work out what I've asked and send the data all the way back up to the sky and back down again. (was that a long sentence? Well, it's a very long way!!)

I can just about get Outlook to connect from my PC at home to the Exchange Server at the office but, again, it's really slow whenever I ask it to do anything. Overall, the performance is worse than 33K dial-up.

I also haven't been able to connect network drives. I'm really puzzled by this. My Win2000 PC at home (a Pentium 4) is on a workgroup called "Workgroup" which is very typical but, whenever I try to connect a network drive on the domain through Windows Explorer, it just times out and says it can't find it. If I try net use from a command prompt, I get an error 53 which, I think, says something like 'the resource cannot be located' (I'll have to check that again later).

I've added the NT4 PDC into my local hosts file and that made things more reliable but no faster. The DHCP server is giving me a valid IP address on the domain ...... but it doesn't seem to be passing the DNS and WINS server information to me so I've been adding those manually into the connection.

I read in a Microsoft web chat thing that PPTP is known to be slow as it's old NT technology and L2TP is much better on Windows 2000 VPN servers. However, you need to get certificates and I don't know anything about how you do this.

What makes it worse is that, when I am in the office, sitting next to the firewall and servers, I can only get a really slow link out to the Internet (using a 33K phone line or my mobile phone via Bluetooth) in order to be able to connect back into the VPN server without actually being on the LAN. So I'd rather do as much troubleshooting from home (I can configure the firewall remotely from here).

Is there something obvious that I've got wrong? Or does anyone have any other suggestions. I've still got a couple of things on my checklist for tonight (like going back into the office and bypassing the firewall) but I'm not too optimistic about those.

Aha! I might be onto something here:

IPCONFIG shows that I'm being given the wrong subnet mask. Can anyone suggest why?

I can't find any way to set the subnet on my connection from my client PC so it looks like I may have to go back into the office to investigate

Incidentally, once I do finally manage to get into Outlook and slowly browse through my mailbox, I am able to save a large attachment (e.g. 1Mb) from my networked mailbox onto my local desktop and, after a while of it warming up and picking up speed, I can end up with burst speeds of up to 30KB per second, which ties up exactly with the satellite's uplink rating of 250Kbps. Just takes ages to get there and, most of the time, we want to browse round the network and open small emails, view Outlook calendars, etc., not open large attachments or large files. I know that the latency is a bit of an issue on our satellite link but it's nowhere near as bad as this for any other kind of usage.

Hmmm, I'm still on the wrong subnet but, all of a sudden as far as I can tell, DHCP has now given me the correct DNS server and WINS server. I don't know why - I haven't changed anything on the server at all yet.

OK, try to believe me when I say that, although I haven't changed anything on the servers or firewall since I started this thread, everything is starting to come together now

- IPCONFIG is showing the correct IP, gateway, DNS server and WINS server, all being assigned to me by the DHCP server.

- I can ping an IP address and a host name, so DNS and/or WINS is definitely working

- The overall connection speed has picked up and, for long bursts of data transfer, I'm getting the kind of data throughput that I would expect for the office's satellite broadband link (512kbps down, 250kbps up), although I still have a big latency issue

- Outlook is now running over the VPN and, although it's still basically as slow as dial-up, it is all working and, where I get it to display a large address book or save an attachment to my local desktop, I'm getting bursts above dial-up speeds

However, I still can't browse the network. In 'My Network Places', all I've got is my local workgroup, not the remote domain. I can't map a network drive through Windows Explorer either using the Netbios name or the IP address - it just says the resource can't be found. I also can't map it through the command prompt (Net Use) - I get "System error 53 has occurred. The network path was not found". I think this is because I'm still getting the wrong subnet mask for some reason. I'm going to have to go into the office now to see if I can work out why.

DJ, you stated you have your own local workgroup, but on the LMHOST file, what is the domain you are using for the VPN? Our VPN uses an LMHOST file to define what the services are when connected through the VPN...Just trying to think why you are not attaching.

Do I still need the hosts file, since DNS and WINS are now working? Having said that, it can't do any harm to give the connection as much information from fast sources as possible.

I only entered the PDC's name, not the domain. Incidentally, I was using the HOSTS file, not the LMHOSTS file. Maybe that's where I've been going wrong - I don't know what the difference is.

Well I'm back home now - I got past the 11.59pm deadline when the network shuts down for the night to run the backup. I've left my company laptop at the office and also my new home laptop - I've only just really got it out of the box but it has meant that I've been able to take a home system (that's never been on the domain) into the office this evening and connect over a dial-up connection into the VPN. It worked .... though, of course, no faster than my broadband PC. I'll check out the HOSTS and LMHOSTS file when I'm back in the office in the morning.

Thanks for the suggestion

..................Aha! I've just looked at the LMHOSTS file on my home desktop PC. I now see what the difference is! Should have looked at that earlier instead of just filling in the HOSTS file (which doesn't give you the syntax to specify domains).

I'll get that filled in at the office in the morning and see if it makes a difference. Thanks

Filled out the HOSTS file and the LMHOSTS file this morning but it didn't make any difference Tried it on both my laptop (dial-up) and my home PC (512K).

Next thing I think I need to look at is what L2TP certificates are all about. I'm thinking that maybe I need to ditch the old PPTP protocol.

Failing that, the only thing left on my checklist is to try bypassing the office firewall and see if that helps.

Been working through L2TP/IPSEC all day and am getting thoroughly fed up with it all. I've configured my Win2000 RAS/VPN server as a Certificate Authority and I've created a certificate for it to prove that it is the server. But, as we're still on an NT network with no Active Directory, it seems that the only way that I can get a certificate onto the client PC (to authenticate to the server that the client is allowed to connect through the VPN) is to develop some kind of web page so that the client PC can request a certificate through Internet Explorer Come on Microsoft, you must be joking. I'm certainly no web developer - that's going too far for me. So, I'm giving up with that - another wasted half a day

So, PPTP is all I'm left with.

The only thing left on my list to look at is whether the firewall is slowing the connection down for some reason .... but I doubt that's the problem. Which means that I can only blame the poor performance (as slow as 33K dial-up) on the fact that it's a satellite connection, which doesn't really stack up.

And I still haven't worked out why I can't browse the network in Windows Explorer properly yet.