Here is the scenario:
Network1: 193.168.1.0 / 24
Network2: 195.168.1.0 / 24
The VPN tunnel between Site1 and Site2 is established fine without error. However, only the VPN server can ping or communicate with hosts on the other network. Desktops (W2k Pro SP4) on the network cannot ping or communicate with hosts on the other network.
While on the Network2 VPN Server, I can ping 193.168.1.34 and a tracert gives a positive 1 hop response. If I try pinging it from, say, 195.168.1.20 on Network1, I get a ping replies from a public IP (66.??.??.??) saying "Net destination unreachable".
Could this be a problem of non-private IPs being treated as private IPs? I must check "Allow allocation of non-private addresses" in order for DHCP to work.
The ISP connections go through a broadband router on their network and the routers go through a DSL modem. Desktops on the network can browse the Internet and get Internet email without any (apparent) problems.
Tunnel established but cannot attach to remote server.
Moderator: Qbik Staff
8 posts
• Page 1 of 1
Tunnel established but cannot attach to remote server.
by ALien » Jan 07 04 10:35 am
- ALien
- Posts: 3
- Joined: Jan 07 04 9:51 am
Re: Tunnel established but cannot attach to remote server.
by Pascal » Jan 07 04 11:53 am
ALien wrote:other network. Desktops (W2k Pro SP4) on the network cannot ping or communicate with hosts on the other network.
Two thoughts:
1. How are the desktops configured? Do they use the VPN box as their default gateway ? Or are you using static routes / RIP to make them aware of where they have to go.
2. Do the routers have pinholes for the appropriate ports, etc. ? It sounds like they do (Because you can ping the servers on either end), but just to be safe.
Question though - why are you using non-private IPs for your internal network ? That could cause a few problems. Would it be difficult to renumber them to use private IPs ?
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by ALien » Jan 08 04 3:39 am
<<1. How are the desktops configured? Do they use the VPN box as their default gateway ? Or are you using static routes / RIP to make them aware of where they have to go. >>
The desktops use the VPN box as their default gateway.
<<2. Do the routers have pinholes for the appropriate ports, etc. ? It sounds like they do (Because you can ping the servers on either end), but just to be safe. >>
Yes, they do. In fact, the firewall option is disabled on Network2.
<<why are you using non-private IPs for your internal network ? That could cause a few problems. Would it be difficult to renumber them to use private IPs ?>>
I am with you on that. It would be difficult to renumber them since in the example I listed only 2 of many VPN tunnels and some of the sites have fixed IP servers, etc. The ultimate goal is to renumber the VPN to a proper addressing scheme. Would it be possible to renumber one site at a time? I am thinking that should be possible with WinGate VPN.
Does anyone know of a tech doc that lists all the most common problems when using non-private ranges in this fashion? I know it is a bad thing, but I'm just curious.[/quote]
The desktops use the VPN box as their default gateway.
<<2. Do the routers have pinholes for the appropriate ports, etc. ? It sounds like they do (Because you can ping the servers on either end), but just to be safe. >>
Yes, they do. In fact, the firewall option is disabled on Network2.
<<why are you using non-private IPs for your internal network ? That could cause a few problems. Would it be difficult to renumber them to use private IPs ?>>
I am with you on that. It would be difficult to renumber them since in the example I listed only 2 of many VPN tunnels and some of the sites have fixed IP servers, etc. The ultimate goal is to renumber the VPN to a proper addressing scheme. Would it be possible to renumber one site at a time? I am thinking that should be possible with WinGate VPN.
Does anyone know of a tech doc that lists all the most common problems when using non-private ranges in this fashion? I know it is a bad thing, but I'm just curious.[/quote]
- ALien
- Posts: 3
- Joined: Jan 07 04 9:51 am
by genie » Jan 08 04 10:59 am
Hi, Alien
Can you give us more details about this setup? Routing tables from both Wingate machines (taken from Gatekeeper), the way clients are assigned with their IP address (static allocation or DHCP-based allocation)?
Can you give us more details about this setup? Routing tables from both Wingate machines (taken from Gatekeeper), the way clients are assigned with their IP address (static allocation or DHCP-based allocation)?
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
vpn connected so tunel established but cant browse
by azizercan » Jan 30 04 11:12 pm
Hi,
My name is aziz. I have been trying to solve a connection problem for a mounth. First I want to tell about the scenario.
PC1: WinXP installed, VPN server 1.2.2 installed, Behind NAT (Paradigm ADSL router. I configured TCP/UDP port 809 by virtual serev to PCs ip 192.168.144.41), seems working fine no problem.
PC2: Win98 installed. VPN server 1.2.2 installed. Dialup connection
PC1 connects to internet via turkeys ADSL service provider Turkish telecom. I also use Dynip service to find my server ip from clients easily. I can establish the VPN connection. And I can also see the tunels and clients behind the NAT. But I can browse neither server nor clients. What is the problem. What must I do. Isnt ther a way to make Wingate detect the system and configure it self or tell the real problem.
Im waiting your help.
My name is aziz. I have been trying to solve a connection problem for a mounth. First I want to tell about the scenario.
PC1: WinXP installed, VPN server 1.2.2 installed, Behind NAT (Paradigm ADSL router. I configured TCP/UDP port 809 by virtual serev to PCs ip 192.168.144.41), seems working fine no problem.
PC2: Win98 installed. VPN server 1.2.2 installed. Dialup connection
PC1 connects to internet via turkeys ADSL service provider Turkish telecom. I also use Dynip service to find my server ip from clients easily. I can establish the VPN connection. And I can also see the tunels and clients behind the NAT. But I can browse neither server nor clients. What is the problem. What must I do. Isnt ther a way to make Wingate detect the system and configure it self or tell the real problem.
Im waiting your help.
- azizercan
- Posts: 10
- Joined: Jan 30 04 10:37 pm
- Location: turkey
Re: vpn connected so tunel established but cant browse
by Pascal » Feb 02 04 7:07 am
azizercan wrote:clients behind the NAT. But I can browse neither server nor clients. What is the problem. What must I do. Isnt ther a way to make Wingate detect the system and configure it self or tell the real problem.
The first thing is, how are your client machines behind the Server configured ? There are three configuration options for them:
1. Point their default Gateways to the VPN Server
2. Use static routes
3. Install a RIP v 2 compatible listener on each client and make sure the Server is broadcasting RIP updates.
You need to have those clients configured in some way, so they will actually be aware of the remote side of the VPN. There is a good document in our support section about this.
Secondly, you indicate that the appropriate ports (809 TCP and UDP) are being forwarded on. That is good. You also need to make sure that Windows Networking is bound to at least one of the adapters.
Hope that helps,
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
Re: vpn connected so tunel established but cant browse
by azizercan » Feb 06 04 5:23 am
Paskal thanks for your help.
I can now connect to wingate vpn server. But there are some problems. First Although I have installed Rip2 client to the computers in the network I still can not browse clients from remote connection. second I connect to server and can browse the shared directories. but I can not browse some sub directories. For example there are 6 subdirectories under one shared folder. First I map the network path then try to browse all the subdirs from command prompt. some directories can be browsable but others cant. whats the problem. I saw a differences between directories. I can browse the directory if there is not much file or subdir inside. the third problem is about maping network paths. I can easily map a network path after I connect to the vpn server. But when I restart the computer, windows tries to reconnect to the map. At this point I cant do any thing because system is just opening an wingate vpn engine is not startet. so the connection is not established. I pass the connection section by presing esc key. After windows started and wingate works properly I click the ignored connection in the windows explorer. And then connection to the path established. I will use this software for my costumers so that I must install and configure it for one time. As you know company owners doesnt want any one to intervene the installed system. What is your suggestion. Thanks for your help.
I can now connect to wingate vpn server. But there are some problems. First Although I have installed Rip2 client to the computers in the network I still can not browse clients from remote connection. second I connect to server and can browse the shared directories. but I can not browse some sub directories. For example there are 6 subdirectories under one shared folder. First I map the network path then try to browse all the subdirs from command prompt. some directories can be browsable but others cant. whats the problem. I saw a differences between directories. I can browse the directory if there is not much file or subdir inside. the third problem is about maping network paths. I can easily map a network path after I connect to the vpn server. But when I restart the computer, windows tries to reconnect to the map. At this point I cant do any thing because system is just opening an wingate vpn engine is not startet. so the connection is not established. I pass the connection section by presing esc key. After windows started and wingate works properly I click the ignored connection in the windows explorer. And then connection to the path established. I will use this software for my costumers so that I must install and configure it for one time. As you know company owners doesnt want any one to intervene the installed system. What is your suggestion. Thanks for your help.
- azizercan
- Posts: 10
- Joined: Jan 30 04 10:37 pm
- Location: turkey
by adrien » Feb 09 04 1:21 am
Hi
which version of WinGate VPN is this? There were changes made between 1.0.7 and 1.2.2 which affect the way large packets are sent over the VPN tunnel. This could possibly cause problems enumerating large directories if you are not running the same version of WinGate VPN on each end of the VPN.
As for the problem with connecting drives etc on startup, the only real way to get around this is running an NT based system, either NT or 2k or XP which lets you run WinGate VPN as a true service, then you configure WinGate VPN to automatically connect to the VPN on startup, and drives are only connected once a user logs in - if the user logs in after WinGate VPN has started and connected, there should be no problem.
Adrien
which version of WinGate VPN is this? There were changes made between 1.0.7 and 1.2.2 which affect the way large packets are sent over the VPN tunnel. This could possibly cause problems enumerating large directories if you are not running the same version of WinGate VPN on each end of the VPN.
As for the problem with connecting drives etc on startup, the only real way to get around this is running an NT based system, either NT or 2k or XP which lets you run WinGate VPN as a true service, then you configure WinGate VPN to automatically connect to the VPN on startup, and drives are only connected once a user logs in - if the user logs in after WinGate VPN has started and connected, there should be no problem.
Adrien
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 17 guests