Announcement

Collapse
No announcement yet.

VPN Access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN Access

    I have a Netgear FVS318V3 firewall in my office, with access through a cable internet provider. The Netgear box is attached to a WinXP Pro PC in the office. At home I am running the Netgear VPN client software on a Toshiba Laptop. I am able to establish the VPN tunnel from home and ping the Netgear box. I cannot ping or access the office PC. I temporarily disabled all Windows and third party firewalls and still cannot ping the office PC. Any thoughts?

  • #2
    Re: VPN Access

    A few ideas
    Try changing the IP scheme for one of your networks if there are the same. For example if both use 192.168.1.x change one of them to 192.168.2.x

    Also if by cable provider you mean Comcast, they are notorious for blocking GRE packet 47.

    On your local (toshiba) network, be sure to allow VPN pass through, on your router.

    Post back with your results.
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: VPN Access

      Thanks, I will try your suggestions tonight. My home provider is Verizon FIOS and work is Comcast Cable. Since I can ping the Netgear box through the VPN can't I rule out the internet provider blocking traffic?

      Comment


      • #4
        Re: VPN Access

        Any luck with this?
        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: VPN Access

          No luck.

          I do have two different subnets, and VPN passthrough is on my home router like Lior_s suggested. What I don't know is if Comcast is blocking anything.

          I am trying to map to \\192.168.0.X\share. I just get "network path . . . could not be found". I do see green for a couple of blinks in the VPN client icon in the tray, then red, then green - eventually times out.

          Thanks for all help offered.

          Comment


          • #6
            Re: VPN Access

            Update: I have set up the VPN client at another location and have successfully made a connection and can access data!

            I tested again from home and discovered that my ActionTec router is blocking packets after the VPN has been established. The error is: "First packet in connection is not a SYN packet". I suspect the router is not any good but don't know how to be sure. I will check for firmware updates tonight.

            Comment


            • #7
              Re: VPN Access

              The VPN now works! It turns out that the ActionTec router did not have all NAT settings necessary for outbound traffic.

              Thanks to all who offered suggestions.

              This thread can be considered closed.

              Comment


              • #8
                Re: VPN Access

                Hmm... Can you elaborate on the solution? I appear to be having the same symptoms - VPN client connects just fine (In my case, CISCO VPN client, both Windows XP and Linux), but then essentially drops off after that. I can log in to a server remotely (ssh to a UNIX host) and it works fine for about the first, oh, 500 bytes of visible text, then dies.

                Everything else works fine (outside the VPN issue).

                I'll have to see if I can figure out how to analyze the packet info on the router (didn't see enough useful in it's internal logs that I found)..

                Or, if you could partially detail the steps ...

                Thanks for the info!
                Last edited by JonV; 27th March 2007, 22:07.

                Comment


                • #9
                  Re: VPN Access

                  My situation was a little different. I had a VPN established, but could not talk to server at all. Anyway, in my case, Port Triggering was not set properly for outgoing TFTP. I had to add ports 1024-65535->69.

                  Good luck.

                  Comment


                  • #10
                    Re: VPN Access

                    Originally posted by SteveF View Post
                    My situation was a little different. I had a VPN established, but could not talk to server at all. Anyway, in my case, Port Triggering was not set properly for outgoing TFTP. I had to add ports 1024-65535->69.

                    Good luck.
                    Interesting. If the VPN is established, I assume that means that you're ip address and all that kind of stuff was then within your work network. I get more or less the same thing. It also lets me do a teeny bit of stuff when I'm connected to the VPN (by teeny, I mean probably about 1k worth of talking) before it, too cuts out. However, after that, about all I can do is ping servers.. I also see a lot of errors in my "Security Log" of the form:

                    Mar 28 17:54:06 2007 Inbound Traffic Blocked - Illegal packet options TCP Fragment xxx.xxx.xxx.xxx->yy.yyy.yyy.yyy offset: 1112 on clink0
                    Mar 28 17:54:36 2007 Inbound Traffic Blocked - Fragmented packet TCP xxx.xxx.xxx.xxx->yy.yyy.yyy.yyy fragment_offset=0

                    where xxx.xxx.xxx.xxx is the IP address of the VPN server I'm connecting to, and yy.yyy.yyy.yyy is the IP address Verizon gives me.

                    This is all after I've already established the VPN connection properly (I do the authentication step, and I get the "greeting" window to tell me that I'm now connected to my work's VPN). I then go to, for example, an internal web page (like http://home.internal.server) and it just hangs. No response or anything.

                    Is this the normal behavior?

                    Comment


                    • #11
                      Re: VPN Access

                      I spoke with one of my techs for work, and I came up with the following solution (which appears to be working now) -

                      I use the CISCO VPN solution. I selected the Server to connect to, right-clicked, went to "Modify...", then to the "Transport" tab, then unchecked "Enable Transparent Tunneling" (It was set to enable, then IPSec over TCP with TCP Port: xxxxx).

                      Now, it seems to work again.

                      How odd..

                      I'll have to find the equivalent setting on the Linux and Mac clients now.

                      Linux client:
                      cd /etc/opt/cisco-vpnclient/Profiles
                      edit the ProfileName.pcf file
                      change "TunnelingMode" from "1" to "0"
                      save, quit

                      Mac Client: see PC client.

                      Last edit: It seems that as long as I don't use "IPSec over TCP" (use IPSec over UDP), it all works fine. I'll have to figure out what is really going on there.
                      Last edited by JonV; 28th March 2007, 23:43.

                      Comment

                      Working...
                      X