baldwinr
asked on
VPN connected, but cannot browse home network
At home I have comcast cable business account with static IP. My comcast cable modem is forwarded to a Dlink DI-604 router. My home network, connected to the DI-604, consists of several computers running either XP Pro or XP Home. On a Desktop XP Pro computer I have a MS VPN server setup. I have it configured to automatically assign ip address to incomming VPN connection. I have my DI-604 router configured to send PPTP port 1723 TCP to the ip of the Desktop XP Pro computer. I have a laptop XP Pro computer at work with a VPN connection configured for the static ip address of the cable modem. When I dial the VPN connection from the laptop, I connect to the desktop at home with no problem. My laptop shows that I am connected to my home computer and I can browse the internet. My home computer shows that my laptop is connected. However, I cannot browse my home network. I have been searching the internet for a couple of days and cannot figure out how to resolve this problem. Any assistnace would be greatly appreciated! Thanks, -Robert
ASKER
When I connect to the home network via the VPN I get the following on my work computer:
Ethernet adapter Local Area Connection 2:
Description: Marvel Fast Ethernet Controller
DHCP Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 192.168.0.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
PPP adapter Home:
Connection-specific DNS Suffix:
Description: WAN (PPP/SLIP) Interface
Dhcp Enable: No
IP Address: 192.168.0.110
Subnet Mask: 255.255.255.255
Default Gateway: 192.168.0.110
DNS Servers: 192.168.0.1
On my Home computer I get the following:
Ethernet adapter Local Area Connection:
Description: Realtek Ethernet NIC
DHCP Enabled: Yes
Auto configuration enabled: Yes
IP address: 192.168.0.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
DNS Server: 192.168.0.1
PPP adapter RAS Server (Dial In) Interface:
Description: Internal RAS Server Interface for Dial In Clients
DHCP Enabled: No
IP Address: 192.168.0.106
Subnet Mask: 255.255.255.255
Default Gateway:
Ethernet adapter Local Area Connection 2:
Description: Marvel Fast Ethernet Controller
DHCP Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 192.168.0.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
PPP adapter Home:
Connection-specific DNS Suffix:
Description: WAN (PPP/SLIP) Interface
Dhcp Enable: No
IP Address: 192.168.0.110
Subnet Mask: 255.255.255.255
Default Gateway: 192.168.0.110
DNS Servers: 192.168.0.1
On my Home computer I get the following:
Ethernet adapter Local Area Connection:
Description: Realtek Ethernet NIC
DHCP Enabled: Yes
Auto configuration enabled: Yes
IP address: 192.168.0.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
DNS Server: 192.168.0.1
PPP adapter RAS Server (Dial In) Interface:
Description: Internal RAS Server Interface for Dial In Clients
DHCP Enabled: No
IP Address: 192.168.0.106
Subnet Mask: 255.255.255.255
Default Gateway:
thats is exactly what my post mentioned,
either change your ip on your vpn, or change your ethernets ip address to a different range
either change your ip on your vpn, or change your ethernets ip address to a different range
ASKER
I am trying my best to understand. Thanks for you help.
In your original post you stated: your ip and vpn ip cannot be on the same subnet.
My post shows that the IP on my work computer is using subnet mask 255.255.255.0 and the VPN IP on my work computer is using subnet mask 255.255.255.255. I thought this was what you meant---my post shows that they are different...
In your second post you state to change my ip on vpn or change ethernet's ip address to different range. For clarification, do you mean change my dlink router to assign ip range 192.168.0.100 - 192.168.0.150 to my home network computers and then change the vpn server on my home computer to assign ip range 192.168.0.151 - 192.168.0.161 to incoming vpn?
-Robert
In your original post you stated: your ip and vpn ip cannot be on the same subnet.
My post shows that the IP on my work computer is using subnet mask 255.255.255.0 and the VPN IP on my work computer is using subnet mask 255.255.255.255. I thought this was what you meant---my post shows that they are different...
In your second post you state to change my ip on vpn or change ethernet's ip address to different range. For clarification, do you mean change my dlink router to assign ip range 192.168.0.100 - 192.168.0.150 to my home network computers and then change the vpn server on my home computer to assign ip range 192.168.0.151 - 192.168.0.161 to incoming vpn?
-Robert
that is a subnet mask 255.255.255.0 etc
your actual subnet is the range of ip address 192.168.0.1 - 192.168.0.254
Your VPN IP cannot be eg. 192.168.0.5 and your ethernet's ip 192.168.0.6
they have to be on a different subnet
you will need to change your vpn ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>
OR
change your ethernet ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>
your actual subnet is the range of ip address 192.168.0.1 - 192.168.0.254
Your VPN IP cannot be eg. 192.168.0.5 and your ethernet's ip 192.168.0.6
they have to be on a different subnet
you will need to change your vpn ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>
OR
change your ethernet ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>
in your case i recommend
VPN - 192.168.1.100 - 150
Dlink router DHCP 192.168.0.100 - 150
VPN - 192.168.1.100 - 150
Dlink router DHCP 192.168.0.100 - 150
sorry
your would need to change your office ip if you changed your vpn ip to the above,
rather change like this
VPN - 192.168.0.100 - 150
Dlink router DHCP 192.168.1.100 - 15
your would need to change your office ip if you changed your vpn ip to the above,
rather change like this
VPN - 192.168.0.100 - 150
Dlink router DHCP 192.168.1.100 - 15
correction
Dlink router DHCP 192.168.1.100 - 150
Dlink router DHCP 192.168.1.100 - 150
ASKER
Ianintarr-
I have made the changes you suggested, but I still cannot access my home network from the work computer and now, when connected by VPN to my home network I cannot connect to internet. I made the changes by changing the tcp/ip configuration in dlink to 192.168.1.100 - 192.168.1.150 (my computer is set to automatically get it's ip from the router). I forwarded PPTP port 1723 TCP to the ip of the Desktop XP Pro computer. On my home desktop, I changed the vpn server to assign ips 192.168.0.100 - 192.168.0.150
Now my work computer shows:
Ethernet adapter Local Area Connection 2:
Description: Marvel Fast Ethernet Controller
DHCP Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 192.168.0.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
PPP adapter Home:
Connection-specific DNS Suffix:
Description: WAN (PPP/SLIP) Interface
Dhcp Enable: No
IP Address: 192.168.0.101
Subnet Mask: 255.255.255.255
Default Gateway: 192.168.0.101
DNS Servers: 192.168.1.1
On my Home computer I get the following:
Ethernet adapter Local Area Connection:
Description: Realtek Ethernet NIC
DHCP Enabled: Yes
Auto configuration enabled: Yes
IP address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DHCP Server: 192.168.1.1
DNS Server: 192.168.1.1
PPP adapter RAS Server (Dial In) Interface:
Description: Internal RAS Server Interface for Dial In Clients
DHCP Enabled: No
IP Address: 192.168.0.100
Subnet Mask: 255.255.255.255
Default Gateway:
It appears that the vpn server assigns 192.168.0.101, but the DNS remains 192.168.1.1, which I am assuming it adopts from the home computer. In setting up the MS VPN Server, it allows to assign the TCP/IP address, but there is not a place to enter a different DNS. Any other suggestions?
Thanks!
-Robert
I have made the changes you suggested, but I still cannot access my home network from the work computer and now, when connected by VPN to my home network I cannot connect to internet. I made the changes by changing the tcp/ip configuration in dlink to 192.168.1.100 - 192.168.1.150 (my computer is set to automatically get it's ip from the router). I forwarded PPTP port 1723 TCP to the ip of the Desktop XP Pro computer. On my home desktop, I changed the vpn server to assign ips 192.168.0.100 - 192.168.0.150
Now my work computer shows:
Ethernet adapter Local Area Connection 2:
Description: Marvel Fast Ethernet Controller
DHCP Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 192.168.0.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Server: 192.168.0.1
PPP adapter Home:
Connection-specific DNS Suffix:
Description: WAN (PPP/SLIP) Interface
Dhcp Enable: No
IP Address: 192.168.0.101
Subnet Mask: 255.255.255.255
Default Gateway: 192.168.0.101
DNS Servers: 192.168.1.1
On my Home computer I get the following:
Ethernet adapter Local Area Connection:
Description: Realtek Ethernet NIC
DHCP Enabled: Yes
Auto configuration enabled: Yes
IP address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DHCP Server: 192.168.1.1
DNS Server: 192.168.1.1
PPP adapter RAS Server (Dial In) Interface:
Description: Internal RAS Server Interface for Dial In Clients
DHCP Enabled: No
IP Address: 192.168.0.100
Subnet Mask: 255.255.255.255
Default Gateway:
It appears that the vpn server assigns 192.168.0.101, but the DNS remains 192.168.1.1, which I am assuming it adopts from the home computer. In setting up the MS VPN Server, it allows to assign the TCP/IP address, but there is not a place to enter a different DNS. Any other suggestions?
Thanks!
-Robert
Your VPN Server and the IP address it operates on needs to be on the same subnet as your computers ethernet.
So: Your home computers IP needs to be on the same range as your VPN server range.
Like this:
EG:
HOME COMPUTER: - VPN Server
IP: 192.168.1.2
VPN Server Range 192.168.1.100 - 150
Work Computer - VPN Client
Eth: IP 192.168.0.101
VPN: IP 192.168.1.101
So: Your home computers IP needs to be on the same range as your VPN server range.
Like this:
EG:
HOME COMPUTER: - VPN Server
IP: 192.168.1.2
VPN Server Range 192.168.1.100 - 150
Work Computer - VPN Client
Eth: IP 192.168.0.101
VPN: IP 192.168.1.101
ASKER
Hi. Thanks for your patience.
Now I have:
Work computer:
Eth IP: 192.168.0.2
VPN IP: 192.168.1.100
Home computer:
Eth IP: 192.168.1.140
VPN Server Range 192.168.1.100-150 (it gave 192.168.1.100 to my work computer)
VPN Server IP: 192.168.1.102
With my work computer connected to my home computer via VPN, I can now connect to the internet again, but I still cannot see my home network computers.
I don't know if the following will help, but here is all the info I have regarding IP addresses:
Comcast Modem:
Internet IP: 74.93.xxx.xxx
Subnet Mask: 255.255.255.252
Default Gateway: 0.0.0.0
DNS: 68.87.85.98
DNS: 68.87.69.146
Gateway IP: 10.1.10.1
Subnet Mask: 255.255.255.255.0
IP Range: 10.1.10.10 - 199
Dlink-DI604 (connected to Comcast Modem)
Static IP: 74.93.xxx.xxx (same as what is given to Comcast Modem by Comcast--same as above)
Subnet Mask: 255.255.255.252 (same as what is given to Comcast Modem by Comcast)
ISP Gateway Address: 74.93.xxx.xxx (Provided by Comcast)
DNS: 68.87.85.98
DNS: 68.87.69.146
LAN for DI604
IP: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP: 192.168.1.100 - 150
VPN Server (on home desktop connected to DI604)
set to use DHCP as provided by DI604 (192.168.1.100 - 150)
-Robert
Now I have:
Work computer:
Eth IP: 192.168.0.2
VPN IP: 192.168.1.100
Home computer:
Eth IP: 192.168.1.140
VPN Server Range 192.168.1.100-150 (it gave 192.168.1.100 to my work computer)
VPN Server IP: 192.168.1.102
With my work computer connected to my home computer via VPN, I can now connect to the internet again, but I still cannot see my home network computers.
I don't know if the following will help, but here is all the info I have regarding IP addresses:
Comcast Modem:
Internet IP: 74.93.xxx.xxx
Subnet Mask: 255.255.255.252
Default Gateway: 0.0.0.0
DNS: 68.87.85.98
DNS: 68.87.69.146
Gateway IP: 10.1.10.1
Subnet Mask: 255.255.255.255.0
IP Range: 10.1.10.10 - 199
Dlink-DI604 (connected to Comcast Modem)
Static IP: 74.93.xxx.xxx (same as what is given to Comcast Modem by Comcast--same as above)
Subnet Mask: 255.255.255.252 (same as what is given to Comcast Modem by Comcast)
ISP Gateway Address: 74.93.xxx.xxx (Provided by Comcast)
DNS: 68.87.85.98
DNS: 68.87.69.146
LAN for DI604
IP: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP: 192.168.1.100 - 150
VPN Server (on home desktop connected to DI604)
set to use DHCP as provided by DI604 (192.168.1.100 - 150)
-Robert
Though all of the above IP addressing discussions above are correct, you may still have problems connecting to the other devices on the D-Link network, as XP is not designed for routing. On the other hand if using a server O/S with RRAS (Routing and Remote Access) it has built in roting capabilities. Having said that 2 issues:
1)- "Browsing" is not usually possible as it uses NetBIOS which is not routeable and therefore cannot be used over the VPN. Try pinging the other computers by IP. If that works try connecting to devices by IP such as:
\\192.168.1.123\ShareName
2)- When you receive an IP from the VPN server it will have a subnet mask of 255.255.255.255 which means 1 IP, the one you have been assigned. This creates a defined route for that IP, however others of the same subnet are sent to the default gateway. If this is the office default gateway, they are lost. You need to force the office computer to the use the remote site as the default gateway. To do so there is an option, which appears to be disabled in the above ipconfig results. To enable, on the VPN client machine, go to: control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | check "Use default gateway on remote network"
This will also force your Internet access through the remote connection, which may or may not work.
The other option would be to add a static route to the office computer. However, where the IP changes, this is not a convenient solution.
1)- "Browsing" is not usually possible as it uses NetBIOS which is not routeable and therefore cannot be used over the VPN. Try pinging the other computers by IP. If that works try connecting to devices by IP such as:
\\192.168.1.123\ShareName
2)- When you receive an IP from the VPN server it will have a subnet mask of 255.255.255.255 which means 1 IP, the one you have been assigned. This creates a defined route for that IP, however others of the same subnet are sent to the default gateway. If this is the office default gateway, they are lost. You need to force the office computer to the use the remote site as the default gateway. To do so there is an option, which appears to be disabled in the above ipconfig results. To enable, on the VPN client machine, go to: control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | check "Use default gateway on remote network"
This will also force your Internet access through the remote connection, which may or may not work.
The other option would be to add a static route to the office computer. However, where the IP changes, this is not a convenient solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do you think a dlink DI-804HV would do the trick? Would it be possible to vpn into the DI-804HV in such a way that I would then be able to access the different computers on my home network? I guess this would mean that the vpn server would be the DI-804HV. Is that possible?
Thanks!
-Robert
Thanks!
-Robert
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Change your subnet from 255.255.255.255. to 255.255.255.240 or 252. You can't use 255.255.255.255.
I meant subnet mask
Actually a VPN client will always be assigned a 255.255.255.255 subnet mask. This is normal and correct.
I noted above a suggestion to try to ping and then connect using an IP address instead of a name. In terms of troubleshooting, that is the key. You need to determine whether this is a routing problem or a naming problem. If it works using an IP address, routing is working and you can move on to naming. If not, you still need to get routing working.
If ping works, then you can use that. If you want to get naming working, you can work through several options. Thie hosts file is the simplest. The next would be NBT (NetBIOS over TCP). But, your work network may prevent that. WINS or DNS could have the same problem, actually. You'd have to check the firewall
But, at this piont, let's ping away and see whether we have a routing problem or a naming problem.
If ping works, then you can use that. If you want to get naming working, you can work through several options. Thie hosts file is the simplest. The next would be NBT (NetBIOS over TCP). But, your work network may prevent that. WINS or DNS could have the same problem, actually. You'd have to check the firewall
But, at this piont, let's ping away and see whether we have a routing problem or a naming problem.
ASKER
Thanks for the support. I have purchased a USR8200 VPN router that has done a great job in solving my problems.
Thanks,
-Robert
Thanks,
-Robert
Glad to hear you are up and running Robert.
Thanks, and Cheers all!
--Rob
Thanks, and Cheers all!
--Rob
your ip and vpn ip cannot be on the same subnet