Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VPN tunnel established, now what?

Posted on 2007-08-07
10
Medium Priority
?
954 Views
Last Modified: 2008-02-01
Have 2 Linksys befvp41 routers, one at work and one at home.  After much loss of sleep I have established a tunnel.  In the linksys setup, VPN setup screen there is a button to connect.  It shows connected and the log and status screens show that it is connected.  This is the only way that I can get it to connect.  My problem is now I can't do anything----can't join the other network or see anything else on the other side. What do I need to do?
0
Comment
Question by:drprm1
  • 6
  • 4
10 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19649804
Computer names will often not work over a VPN, though that can often be dealt with (see below), but as a test try connecting to a remote resource using the IP address such as:
\\192.168.123.123  or \\192.168.123.123\ShareName
If that doesn't work, can you ping a computer on the remote network?
If not the most common cause of this is using the same subnet at both site such as both using 192.168.1.x. They must be different for a VPN to route packets.

NetBIOS names  (computer names) are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

0
 

Author Comment

by:drprm1
ID: 19650193
Is this the way I would start the tunnel by going into the router's setup each time? Can I disconnect and connect from either end regardless of what end initiated it? Can I set it to keep alive and leave it? Should I?


Is this why I keep finding how to set static ip addresses behind your routers?

Thanks for the help.
0
 

Author Comment

by:drprm1
ID: 19650233
Could I just set the subnet to a different value on one end?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 19650235
The tunnel should stay connected at all times on it's own. Enabling "keep alive" will help with brief disconnects caused by the ISP.
I am not familiar with the BEFVP41 but the other Linksys are actually showing the status of the connection. If the "button" shows "Disconnect" it indicates the connection has been established.

>>"Is this why I keep finding how to set static ip addresses behind your routers?"
Sorry, not sure what you are asking with ti line.

Are you able to ping devices at the remote site/s?
0
 

Author Comment

by:drprm1
ID: 19650242
How would I ping a computer on the remote?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19650244
>>"Could I just set the subnet to a different value on one end?"
Yes. Keep in mind though, it the subnet, not the subnet mask.
If one end is using 192.168.1.x with 255.255.255.0, then try 192.168.2.x with 255.255.255.0 at the other site.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19650260
>>"How would I ping a computer on the remote?"
At a command line (DOS Windows) enter ping and the IP of a computer at the remote end. Try using a local IP first just so you are familiar with the response:
ping 192.168.2.123

If you have a connection you should get a response similar to:
Pinging 192.168.19.10 with 32 bytes of data:
Reply from 192.168.19.10: bytes=32 time<1ms TTL=128
...repeated 4 times

If you do not have a connection, or a software firewall is blocking the connection, you should receive something like:
Pinging 192.168.2.123 with 32 bytes of data:
Request timed out.
...repeated 4 times
0
 

Author Comment

by:drprm1
ID: 19657566
Downloaded Greenbow client IPSec Client , configured and got a tunnel established. Can't do much of anything with it though.In the process of changing configurations of things to establish network.  Am I correct to assume that I should be able to treat this like any other network, ie treat it like a LAN? Point software to data somewhere remote. Backup remote files etc?

I need to have all computers in the same workgroup etc.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 19659414
Thought we were discussing a site to site VPN with 2 BEFVP41's ?
Are they working correctly now?
If so TheGreenBow discussion should really be handled in a new question.

>>"Am I correct to assume that I should be able to treat this like any other network, ie treat it like a LAN?"
More or less. Effectively you have two network segments connected by a router. You can connect to any device by IP or mapping a drive to a device using the IP to access data such as:
net  use  Z:  \\192.168.123.123\ShareName
The two main restrictions with VPN's are
-accessing data bases will usually not work due to the fact that the VPN uses a much slower connection
-name resolution over a VPN does not always work for various reasons especially in a workgroup environment. Workgroups generally rely on NetBIOS broadcasts for name resolution. Broadcasts are not routable, and therefore cannot be forwarded over a VPN. If you have a domain with your own DNS and WINS servers name resolution can usually be dealt with. Following are some ways to deal with connecting to remote devices over a VPN:

1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19659419
Sorry forgot I posted the name resolution "list" earlier.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question