Hello, My goal is to connect my

[jburr827]

Hello,

My goal is to connect my private network at home (Windows XP) (ip address 192.168.1.x, subnet 255.255.0.0) to my private network at work (ip address 192.168.0.x, subnet 255.255.255.0) and be able to view a webpage located on a my work webserver (IP 192.168.0.x, W2K Server). Both networks are located behind netgear RO318 routers.

I have successfully created a vpn, am able to connect to my vpn server at work, and receive an IP address without a problem. The problem is that once I have connected to my vpn server and I type in the address of the web server the page cannot be found. Many of the other staff at work are successfully connecting and viewing the website without a problem using Windows NT 4.0 and the same VPN connection so I am pretty sure the problem is with my home network configuration.

The only differences here that I can tell are that I am using Windows XP and probably more importantly, I am behind a second router at home. Do I need to open a port on my router at home in order to let Internet Explorer find the page? Again, I am able to successfully connect to the VPN server without a problem but simply cannot view the webpage once I get there.

Any ideas?

Thanks,

John

 

[routerjunky]

The problem is with the subnet mask. Your home network is using a 16 bit mask. When your home pc wants to talk to your works private network, it believes its on the local wire and not on the otherside of the VPN tunnel.

Therefore instead of encapsulating the packet and forwarding through the tunnel, it arps for the host on its local wire, since it is not there to reply the app times out.

You may also need to tell your machine to route your works private network through the tunnel. By adding this route you may not have to change the mask on your home network, as this route will be more specific.

 

[jburr827]

Thanks for the quick reply. When you say that my home network is using a 16 bit mask, what does that mean and how do I change it to solve the problem? I figured the problem had to do with the app searching on the local network instead of looking through the tunnel, but I am still not sure what I have to change where to solve the problem. The mask at home is 255.255.0.0. At work it is 255.255.255.0.

I would also be interested in knowing how to tell my machine to route my works private network through the tunnel so I wouldn't have to change the mask on my home network.

Thanks for the help. I am weak in this area and appreciate the education.

 

[spivy66]

can you ping the web address your trying to connect to?by name that is? jburr has a good point try sumthing stuipd like edit your host file(lmhost in xp control panel)and throw the ip address and server name in there,.

 

[routerjunky]

I should have asked this first.

1. What VPN client are you using to connect to your works VPN server? or Are you building a LAN to LAN VPN tunnel?

2. What address and mask is the VPN server issuing you?

Your home address is 192.168.1.x. With a classless IP address there is no way to determine which part of the address belongs to the network and which part is the host address. The mask will tell us which is the network portion and which is the host portion.

A mask consists of 32 bits. These 32 bits are divided into 4 sets of 8 bits referred to as an octet. In dotted decimal notation each octet is separated by a decimal point. octet1.octet2.octet3.octet4

To identify which bits will be used for the network portion of the address the mask bit is set to 1. If the bit is set to zero it is part of the host address. Hence all ones in an octet is equal to 255. In your home network the mask is 255.255.0.0 from this you can see 16 bits where used. Sometimes this is also represented with slash notation, which looks like this 192.168.1.x/16 appended to the end of an IP address. They all mean the same thing.

When a host needs to send a packet it needs to determine if the host is on the local network or if it is not. If it determines the host is not on the local network it will forwarded the packet to the default gateway.

To determine this a host will perform a Boolean AND with the IP address and the mask associated with it.

AND table
0 AND 0 = 0
0 AND 1 = 0
1 AND 0 = 0
1 AND 1 = 1

In binary 192.168.1.x = 11000000.10101000.00000001.xxxxxxxx
mask 255.255.0.0 = 11111111.11111111.00000000.00000000
Network = 192.168.0.0 = 11000000.10101000.00000000.00000000

Unless your pc has a route telling it otherwise, when it sees your work address of 192.168.0.x, it will apply the 16 bit mask to your work's address.

In binary 192.168.0.x = 11000000.10101000.00000000.xxxxxxxx
mask 255.255.0.0 = 11111111.11111111.00000000.00000000
Network = 192.168.0.0 = 11000000.10101000.00000000.00000000

Notice they are the same network, instead of forwarding the packet on to the default gateway it will ARP for host 0.x on the local wire.

What I have described above may be a non issue, depending on the answer to the first question and the type of VPN software you are using.

Depending on the VPN client software, your machine may or may not be doing this. Some clients will disable the local network functionality and only permit traffic to traverse the VPN tunnel.

 

[jburr827]

I figured it out and have it working now. Thanks for all of your help. The following configuration is all it took:

Home:

IP 192.168.1.x
Subnet 255.255.255.0

Work:

IP 192.168.0.x
Subnet 255.255.255.0

It makes sense to me now. Thanks for the helpful explanation.