Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN connection not working for all computers

Status
Not open for further replies.
BigDaddyB

BigDaddyB

IS-IT--Management
Oct 10, 2002
14
CA
I have a fistfull of Linksys BEFVP41 routers and I can connect VPN tunnels and get them working in my sleep. It works great, except for on two servers.

The one server is a P4 with WinXP Pro, and a few hundred megs of RAM. I can connect to it great on the local network (192.168.1.0), but when I go through a VPN tunnel to get to it, it times out every time. Through the same tunnel I can access the rest of the servers on the .1.0 network just fine (it's a subnet on remote and local secure groups).

The other server is Win2k Server and similarly loaded. I have used the Network Monitor to trace what's hitting this server, and I get a handful of packets from my client machine, but they are not quite the same in number or content as a computer on the same subnet as the server.

This has had me stumped for months, so any suggestion would be appreciated.

Bruce
 
Sort by date Sort by votes
I have a slight update to my situation that may give someone a hint to the cause of the problem.

The test workstation I was using was set up to use 192.168.2.24, just like the client who initially reported the problem. I was getting the same results as he was. I changed the IP to .2.200 (the tunnel allows the whole .2 subnet), and I connected through to the server in a flash.

This makes me think that there is a MAC being stored somewhere that won't allow traffic to the server when the ip that usually corresponds to that MAC has changed.

Just a thought?
 
Upvote 0 Downvote
This would be ARP table stuff, and that only lasts minutes, up to hours on most everything. Unless something is making static ARP tables then this should not be an issue. What might be an issue is if the remote machine sees another 1.x address that matches that of the server on another network someplace, or if the server sees another 2.24 address someplace other than the machine you are trying to connect from. You can test the MAC address saving, known as ARP (Adress Resolution Protocol), by issueing the "arp -a" command on windows boxes and "show arp" on cisco routers (other routers will vary, but you should know it if you use them). Other causes could be mismatched subnets or software firewalls too, but you would have noticed this before now if these were true.

EV
 
Upvote 0 Downvote
I have to say it now. I'm an idiot.

While looking for another clue I noticed that I had one tunnel defined with a remote group of 192.168.2.24, and another tunnel had a remote group 192.168.2.22-101, which ofg course overlapped. I changed the setting to 192.168.2.22 on the one tunnel and poof, I can see all my servers again, and I can even print to the networked printer at the office remotely.

Duh. Of course, this sort of thing is ever mentioned in the Linksys documentation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
243
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top