Vpn Question?

[iphonogasm]

hi,

 

Ive just created a VPN and connected sucessfully.

 

However, ive noticed its not quite performing correctly.

 

1. I cant use the internet when connected to the server (locally or remotely, no internet at all)

2. i cant find printers on the remote local server

3. i cant ping local hosts remotely

4. nothing appears under the "network", i thought the network name or host name would appear under network and allow me to browse shared documents, eg, COMPUTER_NAME in "networ"

 

however i can map network drives.

 

Any help much appreciated,

 

Cheers

[ICTCity]

I think the problem is you firewall, maybe not the local, but the network FW.

 

Can you provide what kind of VPN are you using (Windows, Cisco, ...), which protocol (L2TP,...) and if other users don't have this problem.

 

Cheers

[iphonogasm]

Its currently only me using this VPN while in testing

 

Its over windows with port 1723 TCP forwarded on a SMC router. The VPN server is server 2008 and protocol PPTP.

 

Ive got the internet issue sorted, but still cant find any printers,

 

However whwn i ping the printer (192.168.1.200) i get a reply from xxx.xxx.xxx.xxx: destination host unreachable

 

And when it pings for some reason, changes the IP to 192.168.1.4

 

Thanks for your help!

[iphonogasm]

one more thing, when i ping the printer 192.168.1.200 i get reply from 192.168.1.200:Destination host unreachable

and it displays the ip address 192.168.1.4 like its changed it?

 

Thanks

[ICTCity]

I think the problem is your network firewall which is blocking some ports and protocols. For example, you should enable ECHO REPLY / ECHO REQUEST in order to receive an answer from the printer.

[iphonogasm]

But when im local, i can ping fine, its just remotely

 

I have ping enabled on the router

[ICTCity]

When you are local... WHERE? On the "office" network? This is correct, on LAN usually you don't have to pass a firewall because of you are on the same LAN. When you use VPN you create a tunnel and sometime the firewall blocks other communications channels.

[iphonogasm]

So what would i need to configure in the firewall to enable this

 

Just odd i cant find printers either. Its not really working as a VPN yet

 

Also windows firewall is disabled and i dont really use the router firewall

 

Would this require setting up routing?

 

Thanks again!

[iphonogasm]

so reading a bit further, i found i may need to forward Protocol 47 GRE.

 

However, in port forwarding, only TCP and UDP are avalibale protocols for forwarding.

I have a SMC Barrigde router.

 

thanks

[ICTCity]

I don't think this will solve the problems with ping and printer but try the following procedure: (from technet):

 

To prevent the new default route from being created, select Internet Protocol (TCP/IP) on the Networking tab for the properties of the VPN connection. Click Properties, and then click Advanced. In Advanced TCP/IP Settings, on the General tab, clear the Use default gateway on remote network check box.

 

Check this:

Go to network and sharing center and click advanced sharing settings on the left, see if there are any profile which block network discovery.

 

If you type the IP address of the print server, can you see printers?

 

Regarding the PING it's still strange, anyway, from your client to your server ARE THERE ANY FIREWALL? Correct?

[iphonogasm]

box use default gateway on remote network is already cleared.

 

when i try my printer IP, Which is 192.168.1.200 (thats the local address)

it says

 

reply from 192.168.1.4: Destination host unreachable

 

and changed the ip address to 192.168.1.4 from 192.168.1.200

 

also, no printer can be found if i add network printer

 

thanks

[ICTCity]

Ok, so the problem may be your routing table.

 

Tell me:

Your LAN address

Your VPN address

Post the output of "route print" before connecting to VPN and then post the same command AFTER the connection.

[iphonogasm]

Could you explain how to do this

 

Im sorry this is a learning curve to me

 

I have however just found the server was assigning

Vpn connections static ips not assigning over DHCP?

 

Not sure if this would make a difference

 

Thanks for your patience

[ICTCity]

No difference (I think).

 

Open a command prompt (cmd) and type:

 

ipconfing /all && route print

then connect to the vpn and do the same:

ipconfing /all && route print

 

Thanks

[iphonogasm]

Server or client side?

 

Thanks

[ICTCity]

client

[iphonogasm]

This is route print before....

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : Dean

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home

 

Wireless LAN adapter Wireless Network Connection:

 

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter

Physical Address. . . . . . . . . : EC-55-F9-6C-D6-39

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::d84d:b16f:1b2e:8f9f%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Wednesday, 29 June 2011 6:27:41 p.m.

Lease Expires . . . . . . . . . . : Thursday, 30 June 2011 6:27:41 p.m.

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 334255609

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-28-9D-F9-98-4B-E1-C8-F6-3

 

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 11:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8ef:29f:85c2:387e(Prefe

red)

Link-local IPv6 Address . . . . . : fe80::8ef:29f:85c2:387e%15(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.home:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

===========================================================================

Interface List

12...ec 55 f9 6c d6 39 ......Atheros AR9285 802.11b/g/n WiFi Adapter

1...........................Software Loopback Interface 1

15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.6 281

192.168.1.6 255.255.255.255 On-link 192.168.1.6 281

192.168.1.255 255.255.255.255 On-link 192.168.1.6 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.6 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.6 281

===========================================================================

Persistent Routes:

None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

15 58 ::/0 On-link

1 306 ::1/128 On-link

15 58 2001::/32 On-link

15 306 2001:0:4137:9e76:8ef:29f:85c2:387e/128

On-link

12 281 fe80::/64 On-link

15 306 fe80::/64 On-link

15 306 fe80::8ef:29f:85c2:387e/128

On-link

12 281 fe80::d84d:b16f:1b2e:8f9f/128

On-link

1 306 ff00::/8 On-link

15 306 ff00::/8 On-link

12 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

 

This is route print after

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : Dean

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home

 

Wireless LAN adapter Wireless Network Connection:

 

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter

Physical Address. . . . . . . . . : EC-55-F9-6C-D6-39

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::d84d:b16f:1b2e:8f9f%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Wednesday, 29 June 2011 6:27:41 p.m.

Lease Expires . . . . . . . . . . : Thursday, 30 June 2011 6:27:41 p.m.

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 334255609

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-28-9D-F9-98-4B-E1-C8-F6-3

 

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 11:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8ef:29f:85c2:387e(Prefe

red)

Link-local IPv6 Address . . . . . : fe80::8ef:29f:85c2:387e%15(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.home:

 

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

===========================================================================

Interface List

12...ec 55 f9 6c d6 39 ......Atheros AR9285 802.11b/g/n WiFi Adapter

1...........................Software Loopback Interface 1

15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.6 281

192.168.1.6 255.255.255.255 On-link 192.168.1.6 281

192.168.1.255 255.255.255.255 On-link 192.168.1.6 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.6 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.6 281

===========================================================================

Persistent Routes:

None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

15 58 ::/0 On-link

1 306 ::1/128 On-link

15 58 2001::/32 On-link

15 306 2001:0:4137:9e76:8ef:29f:85c2:387e/128

On-link

12 281 fe80::/64 On-link

15 306 fe80::/64 On-link

15 306 fe80::8ef:29f:85c2:387e/128

On-link

12 281 fe80::d84d:b16f:1b2e:8f9f/128

On-link

1 306 ff00::/8 On-link

15 306 ff00::/8 On-link

12 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

 

 

Thanks!!

[iphonogasm]

can someone please help me with this one

 

Ive got no access to my network over VPN

 

Thanks!

[ICTCity]

Excuse me, what is your VPN Address (IP)?

 

From what I can see, you LOCAL NETWORK (your computer) is on 192.168.1.0 and your office network (where the VPN is connected), is 192.168.1.0. If so, I think the problem is that you router actually doesn't know where to send packets.

 

Let me know.

[iphonogasm]

ok remote IP for VPN is

 

Thanks

[ICTCity]

That's ok, but once you are connected to that VPN, you are on your office. What's the LAN IP of that network? The point is that after you are connected, you don't have any IP address for your VPN. Take a look at your second IPCONFIG, only the Wireless adapter has an IP (192.168.1.6), the others interfaces NO!

 

So, how does this work? You said that when you are connected you can't ping and so on, but you can map REMOTE network drive. What is the IP of remote network drive? Just to understand on which class you are working now.

[iphonogasm]

That's ok, but once you are connected to that VPN, you are on your office. What's the LAN IP of that network? The point is that after you are connected, you don't have any IP address for your VPN. Take a look at your second IPCONFIG, only the Wireless adapter has an IP (192.168.1.6), the others interfaces NO!

 

So, how does this work? You said that when you are connected you can't ping and so on, but you can map REMOTE network drive. What is the IP of remote network drive? Just to understand on which class you are working now.

 

Ok well the network drive im mapping is on the server so 192.168.1.2. This is probobally why its working, because im connected to the server right?

 

But nothing onwards works, 192.168.1.3 onwards, cant ping

 

However when i ping my printer, 192.168.1.200 over the vpn it says

 

Reply from 192.168.1.4: destination host unreachable

 

So it knows its there, and also changes the ip for sone reason?

 

Thanks

[ICTCity]

Finally we get the point.

 

You can connect via VPN but you DON'T have an IP, or, better, there's a problem.

 

Your LAN at your home is: 192.168.1.0

Your LAN at WORK is: 192.168.1.0

 

Now when you try to do something on your network (let's say a ping), your router tries to send packet on your LAN because of the IP address 192.168.1.X is on the same class as your PC! Your router doesn't know anything about the other network.

 

First, you must understand WHY you don't have another NIC with another IP (you say it is assigned by DHCP, but this is not true). Then we can investigate on how to get rid of this problem. I never had a problem like this because I ever set to the firewall another IP class which usually is not used by nobody.

 

Let me know.

[iphonogasm]

ok thanks so where do i change the VPN ip address. do you mean i need to put the local IP of my computer on a different SUBNET to the LAN that im connecting to. So right now thyre on the same subnet

 

eg, 192.168.1.1 current network on my laptop

192.168.1.1 VPN LAN network IP

 

so when im pinging, its not sure which network to ping on?

 

like local or over the VPN?

 

thanks again for you patience!

 

your awesome

 

PS. check you inbox, i PMed you

[ICTCity]

Actually you could change your LOCAL (home) connection:

 

For example use 10.0.0.1 for your router and 10.0.0.10 for your PC (this is an example).

 

Your VPN IP (public) is fine. Don't change it.

 

You just need to understand WHY your server is not giving an IP address to your client!