I have been trying to get the VPN running between two machines for a couple of weeks and have been severely frustrated. I have a VPN server directly conneded to a cable-modem with a personal firewall allowing access to TCP and UDP ports 809. When I look at the "Local Network - Microsoft Windows Network" in the Network tab of the adminstration server, I can't see my network or my server computer. Previously, I had this machine behind a NAT/firewall/router that was connected to the cable-modem but my ISP decided to start not giving DHCP addresses to the router (another problem that I'm wrestling with the ISP about), so I connected the server directly, and currently am having these problems.
Does anyone have any clue? Does the VPN need to be behind a NAT router/firewall to work properly?
I was having problems before with trying to "see" the server's shares from a client machine - the server would test properly from the client but I couldn't explore the machine. This has added an entirely new dimension to my problems.
Thanks.
dean
VPN problems - server connected directly to Internet
Moderator: Qbik Staff
7 posts
• Page 1 of 1
VPN problems - server connected directly to Internet
by Dean » Dec 20 03 3:06 am
- Dean
- Posts: 3
- Joined: Dec 20 03 2:51 am
by groch » Dec 21 03 10:11 am
> Does anyone have any clue? Does the VPN need to be
> behind a NAT router/firewall to work properly?
no, it doesnt matter if VPN is hosted behind NAT/router or not
the difference is that behind nat/router u have to forward ports direcly to vnp hosting machine
what kind of system is used on both machines
if u get responsive pings, then there could be something wrong in network configuration in windows
> behind a NAT router/firewall to work properly?
no, it doesnt matter if VPN is hosted behind NAT/router or not
the difference is that behind nat/router u have to forward ports direcly to vnp hosting machine
what kind of system is used on both machines
if u get responsive pings, then there could be something wrong in network configuration in windows
- groch
- Posts: 24
- Joined: Dec 12 03 12:40 pm
by Dean » Dec 21 03 10:22 am
I'm suspecting that it is because the IP address for the connection has a non-standard netmask, it is 255.255.255.128, or because the address is a subnetteed Class B, 68.168.105.xxx. I have a test machine that I use to test certain configurations and when I changed from a PRIVATE Class C, standard netmask, 192.168.0.36 mask of 255.255.255.0, to the PUBLIC Class B(?) address, 68.168.105.xxx mask of 255.255.255.138, I was no longer able to see the network of my PC. However, when I changed back, I was able to see my network again, so I am suspecting that is the problem.
Don't know whether it's a bug or feature, but that is what is happening.
dean
Don't know whether it's a bug or feature, but that is what is happening.
dean
- Dean
- Posts: 3
- Joined: Dec 20 03 2:51 am
by groch » Dec 24 03 1:48 pm
it doesn't matter what's u'r internet (ISP) IP or mask is.
VPN is just using internet as a transport method.
dont change u'r local network ip and mask
is u'r VPN something like that?
[VPNclient]---inet---[VPNserver]---lan---[comp1/comp2/comp3/...]
check if u'r firewall isn't blocking port 137 on LAN side of the network
and what kind of VPN participation is used (none/computer/network)
and are tunnels seen as ACTIVE?
VPN is just using internet as a transport method.
dont change u'r local network ip and mask
is u'r VPN something like that?
[VPNclient]---inet---[VPNserver]---lan---[comp1/comp2/comp3/...]
check if u'r firewall isn't blocking port 137 on LAN side of the network
and what kind of VPN participation is used (none/computer/network)
and are tunnels seen as ACTIVE?
- groch
- Posts: 24
- Joined: Dec 12 03 12:40 pm
by adrien » Dec 30 03 2:21 pm
depending on how the personal firewall hooks into NDIS (network stack) this could cause problems with WinGate - what is the personal firewall software?
WinGate VPN has a firewall built-in, so you shouldn't need to run another unless there are more advanced blocking rules you need to set.
As far as browsing shares on a machine, for this to work, you need to be able to communicate with the machine that is the master browser for a network.
In some cases, it may be possible to ping a machine, but if you cannot communicate with the machine that is the master browser on the remote network, then browsing would not work.
Adrien
WinGate VPN has a firewall built-in, so you shouldn't need to run another unless there are more advanced blocking rules you need to set.
As far as browsing shares on a machine, for this to work, you need to be able to communicate with the machine that is the master browser for a network.
In some cases, it may be possible to ping a machine, but if you cannot communicate with the machine that is the master browser on the remote network, then browsing would not work.
Adrien
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by Dean » Dec 31 03 12:44 pm
Well, the problem on the VPN server was fixed by putting it behind a router/NAT firewall. As soon as I did that, I was able to see the Server's Microsoft Windows Network on the Server's Wingate Network Tab and with the latest version, and RIPClient, I was able to get most everything to work.
The only problem now is that I have a client, again directly connected to the Internet - through DSL. that can not browse the server's published directory. It can see the server, explore brings up the windows explorer window with the published folders/shares shown. However, each time I try to browse the share, it times out. Interestingly, I can access individual files on the share if I completely specify the path, "\\<machine>\<sharename>\<filename>". I have another VPN client, this one behind a NAT firewall/router, that has no trouble browsing the shares on the VPN server.
I am lead to believe that the Wingate VPN suffers some when the server/client is directly connected to the Internet and uses a public address, rather than a private IP address.
dean
The only problem now is that I have a client, again directly connected to the Internet - through DSL. that can not browse the server's published directory. It can see the server, explore brings up the windows explorer window with the published folders/shares shown. However, each time I try to browse the share, it times out. Interestingly, I can access individual files on the share if I completely specify the path, "\\<machine>\<sharename>\<filename>". I have another VPN client, this one behind a NAT firewall/router, that has no trouble browsing the shares on the VPN server.
I am lead to believe that the Wingate VPN suffers some when the server/client is directly connected to the Internet and uses a public address, rather than a private IP address.
dean
- Dean
- Posts: 3
- Joined: Dec 20 03 2:51 am
by adrien » Dec 31 03 1:23 pm
hmmm
OK, we haven't seen that here in testing, I have several VPN clients directly connected no problem.
What you may find however is that with public IPs, some clients may be denied certain access, depending on policies (for example policies set in your domain controller or active directory servers, or even IIS or exchange server).
Adrien
OK, we haven't seen that here in testing, I have several VPN clients directly connected no problem.
What you may find however is that with public IPs, some clients may be denied certain access, depending on policies (for example policies set in your domain controller or active directory servers, or even IIS or exchange server).
Adrien
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 47 guests