Re: VPN Routing Problem
- From: Bill Gribble <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Aug 2005 15:20:45 +0100
Samuria, thanks for your help. Adding the correct route via the route
command might be the way to go. Am reading through the output of "route
print /?" now, trying to get my head around it. I've afraid I'm very
much a newbie when it comes to this level of detail with TCP/IP :)
Meanwhile, I've run the ipconfig command on client and server and some
ping commands to better illustrate my problem. The output from this
follows:
I've masked some of the numbers because I was reluctant to post them in
a public forum.
On the VPN Server subsequent to a successful VPN connection from the vpn
client:-
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vpnserver
Primary Dns Suffix . . . . . . . : nnnnnnnnnn.nnnnn
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nnnnnnnnnn.nnnnn
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SiS 900-Based PCI Fast
Ethernet Adapter
Physical Address. . . . . . . . . : 00-E0-18-BE-59-A3
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : nnn.nnn.nnn.nnn
Subnet Mask . . . . . . . . . . . : nnn.nnn.nnn.nnn
Default Gateway . . . . . . . . . : nnn.nnn.nnn.nnn
DNS Servers . . . . . . . . . . . : 158.152.1.43
158.152.1.58
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI
Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-40-F4-78-F6-E3
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.200.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 172.16.200.1
158.152.1.43
Ethernet adapter Kerio VPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Kerio VPN adapter
Physical Address. . . . . . . . . : 44-45-53-54-88-10
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.26.79.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 169.254.33.153
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 169.254.33.152
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : 17 August 2005 10:48:40
Lease Expires . . . . . . . . . . : 17 August 2005 10:51:40
On the VPN Client, subsequent to a successful VPN connection:-
>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vpnclient
Primary Dns Suffix . . . . . . . : nnnnnnnnnn.nnnnn
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nnnnnnnnnn.nnnnn
Ethernet adapter Kerio VPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Kerio VPN adapter
Physical Address. . . . . . . . . : 44-45-53-54-98-B8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.26.79.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 169.254.48.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 169.254.48.16
DNS Servers . . . . . . . . . . . : 172.26.79.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : 17 August 2005 10:42:15
Lease Expires . . . . . . . . . . : 17 August 2005 10:45:15
PPP adapter Demon Internet Dial-up:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 158.152.113.143
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 158.152.113.143
DNS Servers . . . . . . . . . . . : 158.152.1.58
158.152.1.43
NetBIOS over Tcpip. . . . . . . . : Disabled
Results of trying to Ping the KWF6 host by name from the VPN client
>ping vpnserver
Pinging vpnserver.nnnnnnnnnn.nnnnn [172.26.79.1] with 32 bytes of data:
Reply from 172.26.79.1: bytes=32 time=206ms TTL=128
Reply from 172.26.79.1: bytes=32 time=206ms TTL=128
Reply from 172.26.79.1: bytes=32 time=206ms TTL=128
Reply from 172.26.79.1: bytes=32 time=207ms TTL=128
Ping statistics for 172.26.79.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 206ms, Maximum = 207ms, Average = 206ms
Results of trying to Ping a machine on the Remote LAN from the VPN
client
>ping common-1
Pinging remotepc.nnnnnnnnnn.nnnnn [172.16.200.1] with 32 bytes of data:
Reply from 194.159.180.62: Destination net unreachable.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 172.16.200.1:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Results of trying to Ping a machine on the KWF6 host on its private IP
from the VPN client
>ping 172.16.200.210
Pinging 172.16.200.210 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 194.159.180.62: Destination net unreachable.
Request timed out.
Ping statistics for 172.16.200.210:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The 194.159.180.2 ip address is a router on vpnclient's ISP, and a
tracert shows the ping packets directed at 172.16.200.0 range addresses
(eg. vpnserver's private address of 172.16.200.210 and the resolved
private address for remotepc) routing out through 158.152.113.143,
vpnclient's dial-up internet connection and default gateway.
Samuria <samuria@xxxxxxxx> writes
>On Fri, 19 Aug 2005 16:03:16 +0100, Bill Gribble
><BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>First what subnets are you using on the vpn etc?
>>From the client do a tracert to the ones you cant connect to.
>
>What is needed is a default gateway setting on the client so it knows
>to goto these ip via it or the other way is to add the correct route
>to the clients pc by using route print from a cmd window. Do a route
>print /? for a list of the commands.
>
>
>If you sned a copy of things like ipconfig /all and tracert we can
>better understand whats going on. The subnet could be the key. In very
>simple terms the subnet is a address were the pc's shout out I am
>here. If you are on the same subnet you then know were everyone is. If
>its on another subnet it will never get found. It is more complicated
>than that as it set the host etc but it does give you the idea.
>
>
>
>>Kadaitcha Man <nospam@xxxxxxxxxxxxxxxxxxxx> writes
>>>Bill Gribble, <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, the errhine,
>>>all-round howler monkey, and employee who makes items for sale from vacuum
>>>cleaner dust-bag emptyings, moralised:
>>>
>>>> Been pulling my hair out trying to set up VPN access from a remote PC
>>>> to my company's LAN using Kerio Winroute Firewall 6 and the VPN
>>>> server and client that comes with it. The support people at Kerio are
>>>> doing their best to help out, but we're not getting anywhere
>>>> particularly fast, so I thought I'd ask here, as although it might be
>>>> a problem with the Kerio software, it could also be an issue with the
>>>> network setup on the two Windows XP Pro machines concerned....
>>>>
>>>> I can connect the VPN client to the VPN server successfully, and
>>>> browse network resources on the server machine. I can resolve the
>>>> private IP addresses from machine names of machines on the LAN from
>>>> the client, but I can't ping them or connect to them to browse shares
>>>> and the like.
>>>> I think it's a routing problem.
>>>>
>>>> From the client side, the VPN server name resolves to a 172.26.79.0
>>>> range ip address, which is part of the ip range allocated by the VPN
>>>> server to itself and its clients. Machines on the remote LAN correctly
>>>> resolve to 172.16.200.0 range ip addresses.
>>>>
>>>> If, from the VPN client, I ping a 172.26.79.0 address, it routes
>>>> correctly through the VPN connection. If, however, I ping a
>>>> 172.16.200.0 address, it (incorrectly, I believe) routes out through
>>>> the client machine's default gateway (ie. The local Internet
>>>> connection) and, of course, fails to reach it's destination (and my
>>>> ISP's routers are probably laughing at me for trying to ping a
>>>> private class ip address through the Internet).
>>>>
>>>> Any ideas?
>>>
>>>Talk to your network admins. You may need to setup LMHOSTS.
>>
>>I think it's a routing problem, not a name resolution problem.
>>
>>As I understand it, LMHOSTS would, in the absence of a working DNS,
>>resolve the machine names for me to their correct IP addresses, as does
>>the existing HOSTS file on the VPN Server at present, and if that
>>doesn't have the answer, the DHCP lease file.
>>
>>But the problem is not resolving the ip addresses from their machine
>>names but rather finding a route between the 172.26.79 addresses of the
>>VPN client and server and the remote 172.16.200 network that the VPN is
>>supposed to link the client machine to. Does LMHOSTS have a role to play
>>in this?
--
Bill Gribble
http://www.scapegoatsanon.demon.co.uk
- Learn from the mistakes of others.
- You won't live long enough to make all of them yourself.
.
- Follow-Ups:
- Re: VPN Routing Problem
- From: Bill Gribble
- Re: VPN Routing Problem
- References:
- VPN Routing Problem
- From: Bill Gribble
- Re: VPN Routing Problem
- From: Kadaitcha Man
- Re: VPN Routing Problem
- From: Bill Gribble
- Re: VPN Routing Problem
- From: Samuria
- VPN Routing Problem
- Prev by Date: Re: XP does not reconize my burner in properties
- Next by Date: Re: XP does not reconize my burner in properties
- Previous by thread: Re: VPN Routing Problem
- Next by thread: Re: VPN Routing Problem
- Index(es):
Relevant Pages
|
