Link to home
Start Free TrialLog in
Avatar of bkana
bkanaFlag for United States of America

asked on

MAC can't connect to remote web server using FTP through VPN.

Experts,

My web manager can connect to our network via VPN using his MAC (10.8.2 Mountain Lion) without issue. The VPN server is  a simple Windows 2008 R2 box utilizing RRAS. He then launches Dream Weaver but cannot connect using FTP to our web server, which is hosted at Rackspace. So, he is essentially trying to connect to our hosted web server while going through the work network using VPN. Rackspace has only allowed connections from this network, hence the need to VPN first. Now, while I’m working remotely from my home via VPN, I am able FTP to the web server without issue, but I am using a Windows 7 machine. Why can’t the MAC make the FTP connection.

 I have tried changing the VPN to use our Cisco ASA, but that didn’t work. Do you think it would have something to do with the static routes on the MAC? One more thing, I gave him a Windows 7 machine loaded with Dream Weaver to test from home, and that works.

Thank you.
Avatar of aindelicato
aindelicato

Sounds like you have split tunnel enabled.. which means that even though he is connected via VPN, the request to the internet is going out through his gateway.  You need to disable split tunnels.
Avatar of bkana

ASKER

Thanks for responding aindelicato. But then why does it work for me when I try it on my Windows 7 machine and also works for him on the temporary Windows 7 machine I gave him. It's only when using the MAC that it won't connect – and that’s with trying it through Dream Weaver or the Terminal.
Avatar of bkana

ASKER

I even tried the setting on the MAC to "Send All Traffic down the VPN Tunnel"
Unfortunately, that setting doesn't seem to do anything. See my post here:  https://www.experts-exchange.com/questions/27936166/Mac-to-windows-VPN.html

The trick is to make sure the local LAN the Mac is on uses a different subnet from the remote LAN the VPN server is on. This is accomplished by changing the LAN address of the local router the Mac is connected to in the user's home.

For instance, if both are on 192.168.1.x, change the home network to 192.168.3.x
Avatar of bkana

ASKER

Strung: I thought about that (it's actually the same sort of problem you'll run into when trying to use VPN phones from home). However, he is able to see and access other resources on the Local LAN. It's getting through the Local LAN out to our remote hosted web server (RackSpace) via FTP that is the issue.
Avatar of bkana

ASKER

Again, my Windows 7 laptop and the one I gave him (temporarily) can both connect via FTP to the web server while on VPN connected to the Local LAN. If his home subnet was on the same as the Local LAN's, then nothing would work - this I understand.
ASKER CERTIFIED SOLUTION
Avatar of strung
strung
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
from the MAC (connected to VPN) can he provide a tracert to the rackspace IP?

Can he print a routing table?

This will show us exactly where the traffic is going.
BTW, for some reason, Windows machines don't seem to be bothered by the same subnet issue, so the fact the Windows machine worked doesn't not guarantee the subnets are different.

Easiest way to check is to have the Mac user check his Network Preferences (Apple Menu > System Preference > Network) for his LAN IP address.
Easiest way to do a traceroute on a Mac is to use the Network Utility found in /Applications/Utilities.
Other alternative is to activate Terminal (Mac equivalent of CMD) by typing Terminal into the Spotlight window. Then type

traceroute

followed by the IP address or domain name.

(the abbreviation "tracery" won't work)
You can then copy and paste either from the terminal window or the Network Utility window into a message here.
Avatar of bkana

ASKER

Strung: Didn’t realize that about Windows machines because I had similar issues some time ago where the same subnet was definitely an issue. Either way, I will have him check his home subnet this evening and try the “trick” you suggested.

Aindelicato: I’ll also see if he can provide the routing tables and trace route info this evening.

I’ll post the information tomorrow.
You are right. If he can access other resources on the VPN from his Mac, the problem is not the subnet problem. The problem is forcing traffic through the VPN.

Try the suggestion in my post ID: 39003675 above,  to see if that helps. (We all posting so quickly our response are getting out of sync, I am afraid).
In network, prefs, go to the little wheel symbol in the bottom, and select Set Service order and drag the VPN service to the top. See attached screen shots.
Screen-Shot-2013-03-20-at-11.33..pdf
Screen-Shot-2013-03-20-at-11.34..pdf
Avatar of bkana

ASKER

Strung: thanks for the screen shots. I have instructed him to try the suggestion in  post ID: 39003675.

Thanks for the help/suggestions guys. Will post back tomorrow with the results.
If that doesn't work, the simplest solution might be to set a static route in the user's home router?

I have found several suggestions for setting up a static route on the Mac itself by googling, but they are all a bit complicated.
Avatar of bkana

ASKER

Looks like simply moving the VPN connection "up" in the Service Order did the trick.

I still need to have him setup Dreamweaver to the appropriate paths on the remote web server and actually send and receive some data, but I think we’re good. Once I verify this, I'll post back and award the points.

Amazing how something so simple can solve an issue.
Glad to hear it worked.
Avatar of bkana

ASKER

Just out of curiosity, did you stumble upon that fix while troubleshooting your own connectivity issues? Sort of a trial and error approach?
Yes. I had the subnet problem trying to connect to my office VPN. I found the solution about moving the interfaces by googling once I realized exactly what your particular problem was.
Avatar of bkana

ASKER

Sorry for the delay. Strung: your solution was spot on. Thank you.