Re: VPN Routing Problem
- From: Bill Gribble <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Aug 2005 14:49:16 +0100
Fixed. For the moment, at least.
"route print" showed the absence of any path for 172.16.200.0 traffic, which of course is why it was getting routed through the default gateway. Using the "route add" command to put a path in to direct 172.16.200.0 traffic through the 172.26.79.3 gateway on the appropriate interface appears to have corrected the problem.
Of course, when the VPN Server decides to allocate a different IP address to the client (other than 172.26.79.3), I wonder if the route will once more fail? I can't put IP reservations onto the DCHP server associated with the VPN service, so can only influence the range of IP addresses given. Or will the fact that the route add command associated the correct interface with the path mean that Windows will be able to sort itself out if the gateway IP changes?
In any case, thanks again for your help, Samuria. Wouldn't have got this far without your pointing me at subnets and the route command.
Bill Gribble <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes
Samuria, thanks for your help. Adding the correct route via the route command might be the way to go. Am reading through the output of "route print /?" now, trying to get my head around it. I've afraid I'm very much a newbie when it comes to this level of detail with TCP/IP :)
Meanwhile, I've run the ipconfig command on client and server and some ping commands to better illustrate my problem. The output from this follows:
I've masked some of the numbers because I was reluctant to post them in a public forum.
On the VPN Server subsequent to a successful VPN connection from the vpn client:-
ipconfig /all
Windows IP Configuration Host Name . . . . . . . . . . . . : vpnserver Primary Dns Suffix . . . . . . . : nnnnnnnnnn.nnnnn Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : nnnnnnnnnn.nnnnn
Ethernet adapter WAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-E0-18-BE-59-A3 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : nnn.nnn.nnn.nnn Subnet Mask . . . . . . . . . . . : nnn.nnn.nnn.nnn Default Gateway . . . . . . . . . : nnn.nnn.nnn.nnn DNS Servers . . . . . . . . . . . : 158.152.1.43 158.152.1.58 Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC Physical Address. . . . . . . . . : 00-40-F4-78-F6-E3 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.200.210 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 172.16.200.1 158.152.1.43
Ethernet adapter Kerio VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Kerio VPN adapter Physical Address. . . . . . . . . : 44-45-53-54-88-10 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 172.26.79.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 169.254.33.153 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 169.254.33.152 NetBIOS over Tcpip. . . . . . . . : Disabled Lease Obtained. . . . . . . . . . : 17 August 2005 10:48:40 Lease Expires . . . . . . . . . . : 17 August 2005 10:51:40
On the VPN Client, subsequent to a successful VPN connection:-
ipconfig /all
Windows IP Configuration Host Name . . . . . . . . . . . . : vpnclient Primary Dns Suffix . . . . . . . : nnnnnnnnnn.nnnnn Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : nnnnnnnnnn.nnnnn
Ethernet adapter Kerio VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Kerio VPN adapter Physical Address. . . . . . . . . : 44-45-53-54-98-B8 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 172.26.79.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : 169.254.48.17 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 169.254.48.16 DNS Servers . . . . . . . . . . . : 172.26.79.1 NetBIOS over Tcpip. . . . . . . . : Disabled Lease Obtained. . . . . . . . . . : 17 August 2005 10:42:15 Lease Expires . . . . . . . . . . : 17 August 2005 10:45:15
PPP adapter Demon Internet Dial-up: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 158.152.113.143 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 158.152.113.143 DNS Servers . . . . . . . . . . . : 158.152.1.58 158.152.1.43 NetBIOS over Tcpip. . . . . . . . : Disabled
Results of trying to Ping the KWF6 host by name from the VPN client
ping vpnserver
Pinging vpnserver.nnnnnnnnnn.nnnnn [172.26.79.1] with 32 bytes of data: Reply from 172.26.79.1: bytes=32 time=206ms TTL=128 Reply from 172.26.79.1: bytes=32 time=206ms TTL=128 Reply from 172.26.79.1: bytes=32 time=206ms TTL=128 Reply from 172.26.79.1: bytes=32 time=207ms TTL=128
Ping statistics for 172.26.79.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 206ms, Maximum = 207ms, Average = 206ms
Results of trying to Ping a machine on the Remote LAN from the VPN client
ping common-1
Pinging remotepc.nnnnnnnnnn.nnnnn [172.16.200.1] with 32 bytes of data: Reply from 194.159.180.62: Destination net unreachable. Request timed out. Request timed out. Request timed out.
Ping statistics for 172.16.200.1: Packets: Sent = 4, Received = 1, Lost = 3 (75% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Results of trying to Ping a machine on the KWF6 host on its private IP from the VPN client
ping 172.16.200.210
Pinging 172.16.200.210 with 32 bytes of data: Request timed out. Request timed out. Reply from 194.159.180.62: Destination net unreachable. Request timed out.
Ping statistics for 172.16.200.210: Packets: Sent = 4, Received = 1, Lost = 3 (75% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The 194.159.180.2 ip address is a router on vpnclient's ISP, and a tracert shows the ping packets directed at 172.16.200.0 range addresses (eg. vpnserver's private address of 172.16.200.210 and the resolved private address for remotepc) routing out through 158.152.113.143, vpnclient's dial-up internet connection and default gateway.
Samuria <samuria@xxxxxxxx> writesOn Fri, 19 Aug 2005 16:03:16 +0100, Bill Gribble <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
First what subnets are you using on the vpn etc?From the client do a tracert to the ones you cant connect to.
What is needed is a default gateway setting on the client so it knows to goto these ip via it or the other way is to add the correct route to the clients pc by using route print from a cmd window. Do a route print /? for a list of the commands.
If you sned a copy of things like ipconfig /all and tracert we can better understand whats going on. The subnet could be the key. In very simple terms the subnet is a address were the pc's shout out I am here. If you are on the same subnet you then know were everyone is. If its on another subnet it will never get found. It is more complicated than that as it set the host etc but it does give you the idea.
Kadaitcha Man <nospam@xxxxxxxxxxxxxxxxxxxx> writesBill Gribble, <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, the errhine, all-round howler monkey, and employee who makes items for sale from vacuum cleaner dust-bag emptyings, moralised:
Been pulling my hair out trying to set up VPN access from a remote PC to my company's LAN using Kerio Winroute Firewall 6 and the VPN server and client that comes with it. The support people at Kerio are doing their best to help out, but we're not getting anywhere particularly fast, so I thought I'd ask here, as although it might be a problem with the Kerio software, it could also be an issue with the network setup on the two Windows XP Pro machines concerned....
I can connect the VPN client to the VPN server successfully, and browse network resources on the server machine. I can resolve the private IP addresses from machine names of machines on the LAN from the client, but I can't ping them or connect to them to browse shares and the like. I think it's a routing problem.
From the client side, the VPN server name resolves to a 172.26.79.0 range ip address, which is part of the ip range allocated by the VPN server to itself and its clients. Machines on the remote LAN correctly resolve to 172.16.200.0 range ip addresses.
If, from the VPN client, I ping a 172.26.79.0 address, it routes correctly through the VPN connection. If, however, I ping a 172.16.200.0 address, it (incorrectly, I believe) routes out through the client machine's default gateway (ie. The local Internet connection) and, of course, fails to reach it's destination (and my ISP's routers are probably laughing at me for trying to ping a private class ip address through the Internet).
Any ideas?
Talk to your network admins. You may need to setup LMHOSTS.
I think it's a routing problem, not a name resolution problem.
As I understand it, LMHOSTS would, in the absence of a working DNS, resolve the machine names for me to their correct IP addresses, as does the existing HOSTS file on the VPN Server at present, and if that doesn't have the answer, the DHCP lease file.
But the problem is not resolving the ip addresses from their machine names but rather finding a route between the 172.26.79 addresses of the VPN client and server and the remote 172.16.200 network that the VPN is supposed to link the client machine to. Does LMHOSTS have a role to play in this?
-- Bill Gribble http://www.scapegoatsanon.demon.co.uk - Learn from the mistakes of others. - You won't live long enough to make all of them yourself. .
- References:
- VPN Routing Problem
- From: Bill Gribble
- Re: VPN Routing Problem
- From: Kadaitcha Man
- Re: VPN Routing Problem
- From: Bill Gribble
- Re: VPN Routing Problem
- From: Samuria
- Re: VPN Routing Problem
- From: Bill Gribble
- VPN Routing Problem
- Prev by Date: new hostname!
- Next by Date: Re: Weird files
- Previous by thread: Re: VPN Routing Problem
- Next by thread: Re: VPN Routing Problem
- Index(es):
Relevant Pages
|
