Skip to content

Problem with Direct Access and Vodafone 3G/HSDPA

I’ve been testing Microsoft’s Direct Access at work.

In my opinion it’s a true VPN killer, if you only need to deal with Windows Technology in your workplace.

Direct Access uses certificate/IPSEC based encryption/authentication to authorise a remote user and allow them to access a corporate network. The key thing here though is that the remote user doesn’t interact with any software to authenticate. The user’s authenticated without any action on their part – all they need to do is insert their username and password at the login screen much like you would if you were logging onto a terminal in the office.

No more fumbling around with a VPN dongle – if you have a broadband connection you can login and access network resources at the office from home.

I have noticed some problems using Direct Access with a Vodafone 3G/HSDPA connection though so I’d like to share what I did to get the service to work because it can be a pain in the butt to trouble shoot and the advanced diagnostic logs can be hard to decipher.

Firstly make sure you’re using the latest version of your Vodafone Mobile Broadband software (formerly called Vodafone Mobile Connect). I use version 10.2.302. Type “Vodafone Mobile Broadband Software” into Google and your first hit should take you to a page with the latest version. It’s important you get the latest version installed – I initially tried Vodafone Mobile Connect 9.4.6.20539 and couldn’t get Direct Access working no matter what.

The second part of the puzzle is 6to4. I had to completely disable this virtual adapter to force Direct Access to make a connection via Teredo. My suspicion (and this only seems to be a problem with mobile broadband connections) is that Direct Access doesn’t auto-configure the 6to4 adapter address properly and as a result Direct Access doesn’t fail over to any other connection type if it can’t communicate with the 6to4 adapter.

So start a CMD prompt with “Run as administrator” – as below. It’s important you start the CMD prompt with “Run as administrator” as a domain user even with local admin privileges will not be sufficient.

Once you have the CMD prompt up use the following command to disable 6to4:

netsh interface 6to4 set state disabled

And Direct Access should miraculously connect

The following command will take you back to where you started:

netsh interface 6to4 set state enabled

 

 

 

 

Have fun – I hope this helps you out of any Direct Access problems you may be having

The Blog of Martin Birrane