VPNs and HughesNet Satellite Internet

Right up front, Don’t get satellite internet if you can get DSL or cable. Don’t even think about it. If you can’t get DSL or cable, seriously think about a dedicated dial up line (personal), or a fractional T1 (business) as alternatives to satellite. It’s that bad. I’ll put a geek appendix at the end explaining all the reasons why.

If you do get stuck using satellite for business, it’s likely that sooner or later you’ll want a VPN to somewhere. When you do, the odds are that you’ll just want to use the one built into Windows. It won’t work. The FAQ says it does, but is not supported by Hughes. As in they won’t even tell you what to do, at your own risk.

Microsoft, give them credit, is actually as helpful as they can be: They explain that the most likely cause of your error 721 is funky proxying, which looks like double NAT, so that your answer comes from a different IP than you sent the question too. (Hughes tech support denies this. For once I’m believing Redmond.) PPTP quite rightly regards this as as wrong and ignores the response. MS even tell you how to edit the registry to overide the check. They also quite rightly tell you that if you mess up, you’ll probably have to reinstall Windows, and your computer may explode, and it will all be your fault. After all, you did a tricky procedure to make your computer do something stupid.

If Hughes tech support is feeling kindly, they will tell you that you have to have a static IP (at extra cost) to make it work. They will not tell you what you have to do with that IP. After some serious googling, I found this: http://www.dslreports.com/faq/13545.

Executive summary: To put one machine on a VPN, assign the port connected to the satellite modem a static IP as follows:

IP Address: [the one assigned by Hughes] + 1
Netmask: (248 if you paid for the fancy package with 5)
Default Gateway: [Address assigned by Hughes]

In theory you then only have to repair your connection to get the new values assigned. In my experience you should reboot because repair has a less than even chance of getting the static IP in.

You can then configure the VPN. It will be dog slow, with occasional timeouts (Hughes’ excuse for not supporting this.) but it will work.

Security warning: If you do it this way you will have a Windows box directly on the Internet. If you do not have a firewall and Norton/McAffee running you will be rooted within the hour. Even then it’s dangerous: you should put the static IP on a real firewall at your earliest convenience.

How it (seems) to work: There is double NAT going on. The second is your modem doing DHCP to your LAN. By assigning the static IP you stop this. Note that apparently you can have your firewall do NAT for you and things will still work. The second IP is available because you can’t actually assign a single IP. You need a base and a broadcast and then something to actually use, so you have to use four, which leaves two available, not one.

Why Satellite Sucks

A. Technical Reasons

  1. The speed of light. The round trip from you to the satellite ground station is 88,000 miles. That’s a 475 millisecond ping before you even hit the internet. So much for twitch games. See part B for why your FTP crawls.
  2. Weather. Air is transparent to the frequencies used. Water is not. Thus rain is a problem. A nice gusty wind will rock your dish, causing it to go in and out of alignment.

B. Your ISP

  1. Overbooks. When things are busy you’ll think you’re on a 9600 baud modem.
  2. Takes the overbooking out on you. They have a “Fairness Doctrine” that throttles your speed, whether or not the link is congested, if you move too much data per unit time. (I saw 170 megs in 4 hours somewhere on the net, but I can’t vouch for the actual number.)
  3. Has no docs or tech support. As in no where do they tell you how to actually use the static IPs you’re paying for. See above

2 thoughts on “VPNs and HughesNet Satellite Internet”

  1. Oh, Frank, I feel your pain. I didn’t understand a word you wrote, but all I had to read was “Hughes” and “satellite”, and I knew.

    Hughes (former DirecTV) is the worst company I have ever had to deal with in any capacity in all my 40 plus years of life. Really. I could tell you stories….

    By now, I’ve learned how to tell the stories without crying, and can even tell some of them and make you laugh. So remember that, if we ever meet in person, and I’ll buy you both a cold beverage and commiserate.

    Go hug your sheep.

  2. Very few companies seem to believe in customer support anymore… why they expect us to patronize their businesses is a mystery. I second Melanie… go hug your sheep.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.