VPN Software

[EnemyGateIsDown]

Hi,

I am new to VPN and want to configure a machine on the office network to allow users who work from home to connect to the network using their ADSL connections.

Whats the best VPN solution/software to use for this type of access?

Any help is greatly appreciated.

Chris

 

[ChicagoTechNet]

the simple solution is using MS VPN. For more tips or information, go to

http://www25.brinkster.com/ChicagoTech

>VPN Setup.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www25.brinkster.com/ChicagoTech

 

[EnemyGateIsDown]

Hi

Thanks for the info..

I began to configure this as per the instructions however the machine only has a single connection onto a LAN (which has a gateway onto the internet) and during the configuration process it said that it could not continue as it was using the last remaining connection.. it seems the module requires two is this correct? I was hoping that the lan connection would carry both the inbound VPN connection and the outgoing traffic

Any help is as always greatly appreciated.

Chris

 

[ChicagoTechNet]

the following quotation from

http://www25.brinkster.com/ChicagoTech

may help you to understand the issue which is routing.

Do not install VPN on W2K with ICS running

Many users have reported that they were experienced some difficulties after installing VPN on w2k/xp running ICS and ICS clients may receive &quot;Error: Page Can Not be Displayed&quot; message. The reason is that establishing a VPN connection on the ICS Host modifies the Routing Table on the ICS Host. that will forces all clients that try to connect to the Internet to use the VPN routing table instead of the ICS routing table used to connect to the Internet service provider (ISP). You may modify the route table to fix this problem, for example, route -p add <network> mask <subnet mask> <router ip>. If you want too add a route for a single host (firewall which is on another subnet), do this route -p add <ip> mask 255.255.255.255 <host ip>, for example, route -p add 192.168.0.100 255.255.255.255 160.213.320.1.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www25.brinkster.com/ChicagoTech

 

[EnemyGateIsDown]

Hi

Right, I have managed to get my home pc to connect to the office domain. My machine at home is a member of a workgroup. The connection status shows as connected (I am logging on using windows authentication including the domain name so that the VPN connection authenticates against the domain). This is all fine.

The problem I have is that I have a connection including the following protocols:

TCP/IP (IP/DNS etc allocated by router on office network)
Client For Microsoft Networks
File and Print sharing

Despite this I cannot ping any of the other machines on the office network, create network shares or access our exhchange server.

So I seem to have a connection but no services.. The only indication that I am on the office network at all is that if i do an ipconfig /all I can see the ip info allocated by the office router.

Do any of you VPN gurus have any idea what the problem might be?

Any help is as always greatly appreciated.

Chris

 

[John Lewis]

I would suspect that your home LAN and your office LAN are using the same network address. If your office is using 192.168.0.xxx, your home network needs something different, 192.168.1.xxx for example.

Post your ipconfig /all if you need a better explaination or need help ruling that out -- block out your public IP (the one assigned by your ISP) if it shows up there for security.

Another problem could be firewall software on the client. Keep in mind that several AV vendors include a firewall with their product and don't document that well.

Beyond that, you can ping, you just aren't getting a good reply. What specific error message are you getting from ping?

 

[EnemyGateIsDown]

Hi

Thanks alot for your help so far. Don't think it is an address range clash as My home LAN is really just one pc and a laptop that is occasionally connected via a USB PC Link cable...

ipconfig excluding my public isp connection is as below..

Chris

Windows IP Configuration



Host Name . . . . . . . . . . . . : ath1400

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-40-95-30-4A-EA



Ethernet adapter PC Link:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : GeneLink Network Adapter

Physical Address. . . . . . . . . : 00-9A-10-62-84-1F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.103.20

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



PPP adapter Business Solve:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 192.168.0.2

DNS Servers . . . . . . . . . . . : 4.2.2.1

4.2.2.2

 

[John Lewis]

Nope, doesn't look like an address problem.

Are you trying to ping by computer name or IP? What message are you getting when you ping?

When you start the VPN connection, Windows should add a route for you. If you do a 'route print' you should see a line similar to:

192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 1

If not, try to add it manually.

route add 192.168.0.0 mask 255.255.255.0 192.168.0.2

Make the connection first, either check the status/details for your vpn connection and use the client IP address for in place of 192.168.0.2 above or do the ipconfig /all and use the address of the PPP interface from there. Pay attention as you do so and report any errors. Also make sure your service packs are up to date. BTW, what version of Windows (including service pack) are you using on the client?

 

[EnemyGateIsDown]

Hi,

I am pinging by IP..

Below is my route print info when connected to the VPN. I have replaced my Public ISP allocated IP address with xxx.xxx.xxx.xxx. OS wise I am running Windows XP Pro SP1

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 95 30 4a ea ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 9a 10 62 84 1f ...... GeneLink Network Adapter - Packet Scheduler Miniport
0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x90006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 2
0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.2 1
xxx.xxx.xxx.xxx 255.255.255.255 127.0.0.1 127.0.0.1 50
62.3.82.18 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1
62.255.255.255 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.103.20 169.254.103.20 30
169.254.103.20 255.255.255.255 127.0.0.1 127.0.0.1 30
169.254.255.255 255.255.255.255 169.254.103.20 169.254.103.20 30
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 50
212.36.38.101 255.255.255.255 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1
224.0.0.0 240.0.0.0 169.254.103.20 169.254.103.20 30
224.0.0.0 240.0.0.0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 2
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 1
255.255.255.255 255.255.255.255 169.254.103.20 169.254.103.20 1
255.255.255.255 255.255.255.255 192.168.0.2 2 1
Default Gateway: 192.168.0.2
===========================================================================
Persistent Routes:
None

 

[John Lewis]

Forgot about the defualt gateway option on the VPN connection.

Looks like you have that checked, so most of your traffic should be going across the VPN. You should not be able to connect to any host anywhere on the internet (except those that are on your internet subnet as determined by your ISP). That in itself is not a problem if that is the behavior that you want, and there are some good reasons to do that. Just kinda forgot that you might be configured that way. Again not a problem, but that is why you don't have a line like the one I described earlier.

Based upon what I see in your routing table, I think the Realtek ethernet adapter might be causing some problems. Even though it is not active, there is a routing entry pointing to is (last line before the default gateway, referencing interface 2). Worth a try, as all looks well otherwise. Goto your Network and Dialup Connections folder, right-click on the connection associated with that adapter and select 'Disable'. Restart your machine and try again.

If that doesn't help, disconnect from the VPN, unmark the box that says 'Use default gateway on remote network' (Connection properties, networking tab, highlight TCP/IP and click properties, then advanced.) Try the connection again and see what happens.

 

[EnemyGateIsDown]

My VPN server is configured to support both l2tp and pptp. Someone mentioned to me that if the connection was being made using l2tp that I the server would need to be or have access to a certification server, is this correct?

Cheers,

Chris

 

[rezeldazel]

mhkwood , how can I block out the IP assigned by my ISP?

 

[rezeldazel]

mhkwood , how can I block out the IP assigned by my ISP? Regards

 

[EnemyGateIsDown]

Got it sorted .. Appears that i need to enable Netbios over TCP/IP on my Broadband provider connection.

Thanks for your help mhkwood

Cheers,

Chris