VPN Router Supposedly Messing Up Emails


#1

One of my clients just switched to a setup where their internet connection is provided through a VPN router. Exactly why, I don’t know.

Since then the client has experienced agonizingly sllloooooowww email performance. They are not happy. At all.

According to the sphincter that installed the VPN setup, it must be a problem with Dreamhost – there couldn’t possibly be a configuration or performance problem with anything he touched.

He’s adamant about talking to a Dreamhost tech on the phone, and claims that will solve everything. (A phone call is also quite unlikely to ever happen, so I asked Mr. Snotty Tech to send me an email with his concerns, which he refused to do. DH does respond fairly quickly to emailed or written support issues, but I’ve never known them to actually accept or place a call.)

I’m rather fuzzy on VPNs, but as you can tell I’m getting sick of this tech guy, and it smells to me like he’s trying to cover up his router misconfiguration by blaming the lowly discount web host.

Let’s see…email was working fine, he changes some stuff, and now it doesn’t work for him. Email still works fine for everyone else using the same email server. The client can happily look at web pages using their new connection. Sounds to me like the problem must be the stuff he changed, ya think?

I’d hazard a guess that the shiny new router is partially blocking or delaying internet traffic for ports 25 and 110. Shouldn’t the VPN router separate out “internet” traffic from “VPN” traffic?

Anyway, does anyone have any idea what could cause this sort of problem? Is it remotely possible that something really is messed up at DH?


#2

Thanks for replying!

I’ve had three available callback requests showing in my support panel for many, many months – as long as I can remember.

I’ve tried to use callbacks twice before this incident. Once about a year ago I actually got a call, but it was several days after the issue was already resolved. The other time, I didn’t ever hear anything at all. And I just now got a call back with this incident – about 74 hours after the original request. The tech basically said there are no problems with slowdowns currently, so the problem must be happening on the client’s end.

Anyway, my client’s Tech from Hell is being very evasive when I ask him about this VPN setup, so I think what we have here is more of a, shall we say, social problem. He just keeps blabbing about “I need a number to call to talk to a DH tech! Waaahh!”. Personally, I’d much rather DH spend its time and money doing something besides staffing a phone line.

So if it’s the client’s VPN, why should it affect only DH mail servers? Does a VPN connection mean you are stuck using encryption to talk to the outside world no matter what? That doesn’t make any sense to me. The majority of servers out there don’t even offer secure connections.

However, I will freely admit that while VPN isn’t a new concept to me, I don’t know squat about it. Maybe I’ve got an important concept backwards.

Personally, I think there’s just a 99.999% chance that DH is fine and the client’s VPN setup is just wrong.


#3

I may be incredbly wrong and off of my mark, seeing as I’m only a novice web teche, and don’t work in the industry… but I’ve never heard of using a VPN anything as a means of connecting with the internet. VPN stand for Virtual Private Nteworking, and is a means of extablishing a secure connection into a newtowork. ie. Joe Pinguin goes home at night from work and needs to connection to a resource on his compan’s secure LAN, he can use his home network to connection through a VPN connectoin or Tunnel to his office server. In earlier methods of a VPN you might have used a 56k modem to dial directly into your server and extablish a VPN connection.

I know you can also use a VPN connection to establish a WAN. For instance Joe Pinguin’s company may have two office buildings each with LAN, and they want to share resorces securely, you can set up a VPN connection through an existing internet connection now a days, or earlier in time over a dedicated line.

I even spent a little time on google, and the sites I found seemed to agree with me. So like I said, I may not have a clue in the world what I’m talking about, but it seems to me that it is not the design of a VPN connection to have anything to do with how computers on a LAN access the internet, things like websites and E-mail.

I would venture a guess that for some reason the SMTP request are for some reason being routed through this VPN connection that was set up to some other office building, and is accessing the internet through this other office’s internet connection.

If I’m wrong about this, sorry. I’d be interested to know if this actually works a different way now.


#4

Thanks for reading and replying, mattail!

From what I’ve been able to figure out, your description of a VPN is pretty much on the mark. The client is a small company where the employees travel quite a bit and need to work from many different locations. A VPN allows them a reasonably secure way to access things back at the office.

Anyway, the different types of internet traffic zinging back and forth (VPN, SMTP, HTTP, etc.) should all be handled smoothly by their router and firewall.

I’m also quite convinced something is misconfigured or misrouted, and the goober who changed things and messed it up should fix it or put it back the way it was.

He was just such a dipwad that I wanted to do a sanity check here – no matter how PO’d I was at the surly tech, I wanted to do everything I could to help the client with their problem.

I’ll let y’all know if/when I find out anything.


#5

I think it’s unlikely that the slowdown is caused by VPN encryption. First, it doesn’t sound like the VPN is being used except by remote employees. Second, if that was the issue, it would affect all kinds of traffic equally.

If I had to guess, I’d say that the company was using a connection that requires PPPoE and there was a problem with the MTU settings in the router. This kind of thing produces symptoms where most things work, but a handful of sites fail to work reliably. Most routers have a way to force the MTU to a specific value.

(Here’s one technical explanation of the issue: http://www.eastserve.com/opencms/opencms/My_Computer/help_support/mtu.html; scroll down to “Example Path MTU Discovery Failure Scenario”.)