Solved

VPN connected, but cannot browse home network

Posted on 2007-03-17
21
6,405 Views
Last Modified: 2013-11-25
At home I have comcast cable business account with static IP. My comcast cable modem is forwarded to a Dlink DI-604 router. My home network, connected to the DI-604, consists of several computers running either XP Pro or XP Home. On a Desktop XP Pro computer I have a MS VPN server setup. I have it configured to automatically assign ip address to incomming VPN connection. I have my DI-604 router configured to send PPTP port 1723 TCP to the ip of the Desktop XP Pro computer. I have a laptop XP Pro computer at work with a VPN connection configured for the static ip address of the cable modem. When I dial the VPN connection from the laptop, I connect to the desktop at home with no problem. My laptop shows that I am connected to my home computer and I can browse the internet. My home computer shows that my laptop is connected. However, I cannot browse my home network. I have been searching the internet for a couple of days and cannot figure out how to resolve this problem. Any assistnace would be greatly appreciated! Thanks, -Robert
0
Comment
Question by:baldwinr
  • 8
  • 6
  • 4
  • +2
21 Comments
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740380
A good place to start is to check your ip allocations, dns etc.
your ip and vpn ip cannot be on the same subnet
0
 

Author Comment

by:baldwinr
ID: 18740451
When I connect to the home network via the VPN I get the following on my work computer:
Ethernet adapter Local Area Connection 2:
  Description: Marvel Fast Ethernet Controller
  DHCP Enabled: Yes
  Autoconfiguration Enabled: Yes
  IP Address: 192.168.0.2
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.0.1
  DHCP Server: 192.168.0.1

PPP adapter Home:
  Connection-specific DNS Suffix:
  Description: WAN (PPP/SLIP) Interface
  Dhcp Enable: No
  IP Address: 192.168.0.110
  Subnet Mask: 255.255.255.255
  Default Gateway: 192.168.0.110
  DNS Servers: 192.168.0.1

On my Home computer I get the following:
Ethernet adapter Local Area Connection:
  Description: Realtek Ethernet NIC
  DHCP Enabled: Yes
  Auto configuration enabled: Yes
  IP address: 192.168.0.100
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.0.1
  DHCP Server: 192.168.0.1
  DNS Server: 192.168.0.1

PPP adapter RAS Server (Dial In) Interface:
  Description: Internal RAS Server Interface for Dial In Clients
  DHCP Enabled: No
  IP Address: 192.168.0.106
  Subnet Mask: 255.255.255.255
  Default Gateway:
0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740536
thats is exactly what my post mentioned,
either change your ip on your vpn, or change your ethernets ip address to a different range
0
 

Author Comment

by:baldwinr
ID: 18740637
I am trying my best to understand. Thanks for you help.
In your original post you stated: your ip and vpn ip cannot be on the same subnet.

My post shows that the IP on my work computer is using subnet mask 255.255.255.0 and the VPN IP on my work computer is using subnet mask 255.255.255.255. I thought this was what you meant---my post shows that they are different...

In your second post you state to change my ip on vpn or change ethernet's ip address to different range. For clarification, do you mean change my dlink router to assign ip range 192.168.0.100 - 192.168.0.150 to my home network computers and then change the vpn server on my home computer to assign ip range 192.168.0.151 - 192.168.0.161 to incoming vpn?

-Robert
0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740667
that is a subnet mask 255.255.255.0 etc
your actual subnet is the range of ip address 192.168.0.1 - 192.168.0.254

Your VPN IP cannot be eg. 192.168.0.5 and your ethernet's ip 192.168.0.6
they have to be on a different subnet

you will need to change your vpn ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>

OR

change your ethernet ip allocation from
192.168.0.<2 - 254> to 192.168.1.<2-254>

0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740677
in your case i recommend

VPN - 192.168.1.100 - 150

Dlink router DHCP 192.168.0.100 - 150







0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740679
sorry

your would need to change your office ip if you changed your vpn ip to the above,

rather change like this

VPN - 192.168.0.100 - 150

Dlink router DHCP 192.168.1.100 - 15
0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18740682
correction

Dlink router DHCP 192.168.1.100 - 150
0
 

Author Comment

by:baldwinr
ID: 18741227
Ianintarr-
I have made the changes you suggested, but I still cannot access my home network from the work computer and now, when connected by VPN to my home network I cannot connect to internet. I made the changes by changing the tcp/ip configuration in dlink to 192.168.1.100 - 192.168.1.150 (my computer is set to automatically get it's ip from the router). I forwarded PPTP port 1723 TCP to the ip of the Desktop XP Pro computer. On my home desktop, I changed the vpn server to assign ips 192.168.0.100 - 192.168.0.150

Now my work computer shows:
Ethernet adapter Local Area Connection 2:
  Description: Marvel Fast Ethernet Controller
  DHCP Enabled: Yes
  Autoconfiguration Enabled: Yes
  IP Address: 192.168.0.2
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.0.1
  DHCP Server: 192.168.0.1

PPP adapter Home:
  Connection-specific DNS Suffix:
  Description: WAN (PPP/SLIP) Interface
  Dhcp Enable: No
  IP Address: 192.168.0.101
  Subnet Mask: 255.255.255.255
  Default Gateway: 192.168.0.101
  DNS Servers: 192.168.1.1

On my Home computer I get the following:
Ethernet adapter Local Area Connection:
  Description: Realtek Ethernet NIC
  DHCP Enabled: Yes
  Auto configuration enabled: Yes
  IP address: 192.168.1.100
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  DHCP Server: 192.168.1.1
  DNS Server: 192.168.1.1

PPP adapter RAS Server (Dial In) Interface:
  Description: Internal RAS Server Interface for Dial In Clients
  DHCP Enabled: No
  IP Address: 192.168.0.100
  Subnet Mask: 255.255.255.255
  Default Gateway:

It appears that the vpn server assigns 192.168.0.101, but the DNS remains 192.168.1.1, which I am assuming it adopts from the home computer. In setting up the MS VPN Server, it allows to assign the TCP/IP address, but there is not a place to enter a different DNS. Any other suggestions?
Thanks!
-Robert
0
 
LVL 1

Expert Comment

by:iaintarr
ID: 18741346
Your VPN Server and the IP address it operates on needs to be on the same subnet as your computers ethernet.

So: Your home computers IP needs to be on the same range as your VPN server range.



Like this:

EG:

HOME COMPUTER: - VPN Server

IP: 192.168.1.2
VPN Server Range 192.168.1.100 - 150


Work Computer - VPN Client

Eth: IP 192.168.0.101
VPN: IP 192.168.1.101

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:baldwinr
ID: 18741657
Hi. Thanks for your patience.
Now I have:
Work computer:
Eth IP: 192.168.0.2
VPN IP: 192.168.1.100

Home computer:
Eth IP: 192.168.1.140
VPN Server Range 192.168.1.100-150 (it gave 192.168.1.100 to my work computer)
VPN Server IP: 192.168.1.102

With my work computer connected to my home computer via VPN, I can now connect to the internet again, but I still cannot see my home network computers.

I don't know if the following will help, but here is all the info I have regarding IP addresses:

Comcast Modem:
   Internet IP: 74.93.xxx.xxx
   Subnet Mask: 255.255.255.252
   Default Gateway: 0.0.0.0
   DNS: 68.87.85.98
   DNS: 68.87.69.146
   Gateway IP: 10.1.10.1
   Subnet Mask: 255.255.255.255.0
   IP Range: 10.1.10.10 - 199

Dlink-DI604 (connected to Comcast Modem)
   Static IP: 74.93.xxx.xxx (same as what is given to Comcast Modem by Comcast--same as above)
   Subnet Mask: 255.255.255.252 (same as what is given to Comcast Modem by Comcast)
   ISP Gateway Address: 74.93.xxx.xxx (Provided by Comcast)
   DNS: 68.87.85.98
   DNS: 68.87.69.146
   LAN for DI604
      IP: 192.168.1.1
      Subnet Mask: 255.255.255.0
      DHCP: 192.168.1.100 - 150

VPN Server (on home desktop connected to DI604)
   set to use DHCP as provided by DI604 (192.168.1.100 - 150)

-Robert
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18742243
Though all of the above IP addressing discussions above are correct, you may still have problems connecting to the other devices on the D-Link network, as XP is not designed for routing. On the other hand if using a server O/S with RRAS (Routing and Remote Access) it has built in roting capabilities. Having said that 2 issues:
1)- "Browsing" is not usually possible as it uses NetBIOS which is not routeable and therefore cannot be used over the VPN. Try pinging the other computers by IP. If that works try connecting to devices by IP such as:
\\192.168.1.123\ShareName
2)- When you receive an IP from the VPN server it will have a subnet mask of 255.255.255.255 which means 1 IP, the one you have been assigned. This creates a defined route for that IP, however others of the same subnet are sent to the default gateway. If this is the office default gateway, they are lost. You need to force the office computer to the use the remote site as the default gateway. To do so there is an option, which appears to be disabled in the above ipconfig results. To enable, on the VPN client machine, go to: control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | check  "Use default gateway on remote network"
This will also force your Internet access through the remote connection, which may or may not work.
The other option would be to add a static route to the office computer. However, where the IP changes, this is not a convenient solution.
0
 
LVL 1

Accepted Solution

by:
iaintarr earned 250 total points
ID: 18742951
As mentioned in another post, you may be out of luck.
What RonWill says is correct with regards to the setup, although, I have configured an XP machine to host vpn, connect to and then administer a router from that machine by way of browser to the ip of the router.

So sharing might be an issue, but if you use an IP instead of the computer name as he mentions up there, it could work depending on your setup.

Take a look at the following:
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_20797068.html

Another option would be to purchase a vpn device , obviously more expensive, but a much more flexible solution, and in some cases more secure.

I use Cisco PIX where ever i can, although the cost might deter you, you will be seriously happy with scalability, ease of use, and the VPN abilities.

Another option is a linksys dual wan router, which moves outside of the scope of this conversation, but offers great redundancy support for your wan if it is indeed important, and it offers vpn termination.

The above are merely options, i know they don't solve your immediate crisis.

Just a quick question, are you intending to just access your home pc via vpn, or a., share wise?

 
0
 

Author Comment

by:baldwinr
ID: 18744891
Do you think a dlink DI-804HV would do the trick? Would it be possible to vpn into the DI-804HV in such a way that I would then be able to access the different computers on my home network? I guess this would mean that the vpn server would be the DI-804HV. Is that possible?
Thanks!
-Robert
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 18744952
Absolutely. That is usually the best option. Installing a proper VPN router allows for access to all resources, better security, and slightly better performance.

One thing to look at is what VPN client you need to use to connect to the D-Link. I haven't worked with D-Link and a VPN client, but looking at the on-line manual it appears you can use the standard Windows client but with MS-CHAP v1 protocol (not quite as secure), or using IPSec and Windows client, much more secure but much more difficult to configure.
Others you might want to have a look at are;
Netgear FVS318 (requires buying their very secure client)
Linksys RV042 allows their free IPSec client or Windows standard PPTP client.
0
 
LVL 13

Expert Comment

by:marine7275
ID: 18779415
Change your subnet from 255.255.255.255. to 255.255.255.240 or 252. You can't use 255.255.255.255.
0
 
LVL 13

Expert Comment

by:marine7275
ID: 18779424
I meant subnet mask
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18779503
Actually a VPN client will always be assigned a 255.255.255.255 subnet mask. This is normal and correct.
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18805032
I noted above a suggestion to try to ping and then connect using an IP address instead of a name.  In terms of troubleshooting, that is the key.  You need to determine whether this is a routing problem or a naming problem.  If it works using an IP address, routing is working and you can move on to naming.  If not, you still need to get routing working.

If ping works, then you can use that.  If you want to get naming working, you can work through several options.  Thie hosts file is the simplest.  The next would be NBT (NetBIOS over TCP).  But, your work network may prevent that.  WINS or DNS could have the same problem, actually.  You'd have to check the firewall

But, at this piont, let's ping away and see whether we have a routing problem or a naming problem.
0
 

Author Comment

by:baldwinr
ID: 18805092
Thanks for the support. I have purchased a USR8200 VPN router that has done a great job in solving my problems.
Thanks,
-Robert
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18805229
Glad to hear you are up and running Robert.
Thanks, and Cheers all!
--Rob
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now