Link to home
Start Free TrialLog in
Avatar of georgep7
georgep7

asked on

Is it possible to test VPN while connected behind the router?

Hi guys,

not sure if I'm trying to test something here that isn't possible, but I have a snapgear SG560 firewall router. I have setup VPN access (setup a PPTP VPN server and PPTP VPN client) and am trying to test it by connecting through a macbook (os x 10.5.6). So to make it clear, I'm behind the firewall, connected to the local area network. I'm trying to test it locally (if possible) before I head out and try and connect outside of the firewall.

The mac tells me I'm authenticated/connected, however I can't get any web pages up when trying to navigate to anything in a browser. Is this because I am behind the firewall and wont work? Entering an IP address doesn't work either (for example, 74.125.45.100 which is Google's IP address)

Also, I have an iPhone and I setup an L2TP VPN server/client on the router. Via the iphone I can VPN into the router (authenticate and connect) doing it via 3G (i.e. not connected to the local wireless point). I can connect to my servers behind the firewall (for example 192.168.0.10 which is one of my IIS servers works) but trying to resolve a domain name (like google.com) doesn't work. Instead I have to use the domain's IP address (for example, 74.125.45.100 works and brings up the google website).

Any suggestions?

Thanks.


Avatar of memo_tnt
memo_tnt
Flag of Palestine, State of image

send your configurations
it seems nating problem ,, you need to add
ip nat inside to your tunnel interface ,, depends on your configuration and interfaces
 
BR
Avatar of georgep7
georgep7

ASKER

Hi BR,

on the snapgear side I have setup the following:

- the snapgear has an address 192.168.0.1
- in the Firewall section, under NAT/Port Fowarding I have an IIS server setup with a destination address of 192.68.0.10
- in the VPN section, under PPTP VPN Server I have the following:
Enable PPTP Server (on)            
IP addresses to give to remote hosts: 192.168.0.200            
IP Address to Assign VPN Server: 192.168.0.1
Authentication Scheme: encrypted authenticated (MS-Chap v2)
Required Encryption Level: Strong encryption (128bit)
Authentication Database      : Local
PPTP MTU: 5000
Idle Time (minutes): empty
DNS Server: empty
WINS Server: empty

is this the info you need?
ok
make a VPN connection from one of yur PCs and send me results for trace route
to www.google.com
 
 
From the mac:

Traceroute has started ...

traceroute: unknown host www.google.com


From a PC:

it resolves to 66.102.11.99
traceroute: unknown host www.google.com
that means DNS problem !!
can you send all traceroute results,,,
can you expand on what you mean by "all traceroute results". Funny that it works from the PC but not the mac
through PC,,using DOS
it's something like this::

>tracert www.google.com 
Tracing route to www.l.google.com [64.233.183.104]
over a maximum of 30 hops:
  1    57 ms    <1 ms     1 ms  
  2   191 ms   247 ms   293 ms  
  3    49 ms    47 ms    47 ms
.
....
Trace complete.
Tracing route to www.l.google.com [66.102.11.104]

over a maximum of 30 hops:

  1     3 ms     3 ms     3 ms  192.168.0.1
  2    39 ms    38 ms    37 ms  loop0.lns10.mel6.internode.on.net [150.101.212.56]
  3    38 ms    38 ms    38 ms  vlan13.cor2.mel6.internode.on.net [150.101.210.22]
  4    50 ms    50 ms    56 ms  gi1-22-11.cor2.mel6.internode.on.net [150.101.212.173]
  5    50 ms    49 ms    49 ms  pos2-3.bdr1.syd6.internode.on.net [150.101.212.241]
  6    50 ms    49 ms    49 ms  gw.google.com [150.101.225.34]
  7    50 ms    50 ms    50 ms  66.249.95.232
  8    50 ms    53 ms    54 ms  64.233.174.242
  9    51 ms    52 ms    51 ms  kr-in-f104.google.com [66.102.11.104]

Trace complete.
if these results through VPN connection ,, then every thing ok
you need to check your MAC,,?
yes, the above tracert is through the PC while connected to VPN. Through the Mac, all I get is:

Traceroute has started ...

traceroute: unknown host www.google.com
try nslookup www.google.com from your MAC
send results
Ok, while VPNed in on the Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
;; connection timed out; no servers could be reached
check all these on mac without VPN connection ??
Ok, without VPN connection, on Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
www.google.com.            271 IN A 66.102.11.147
www.google.com.            271 IN A 66.102.11.99
www.google.com.            271 IN A 66.102.11.104


Traceroute has started ...

traceroute: Warning: www.google.com has multiple addresses; using 66.102.11.147
traceroute to www.l.google.com (66.102.11.147), 64 hops max, 40 byte packets
 1  192.168.0.1 (192.168.0.1)  4.422 ms  1.654 ms  2.227 ms
 2  loop0.lns10.mel6.internode.on.net (150.101.212.56)  36.503 ms  36.345 ms  37.003 ms
 3  vlan13.cor2.mel6.internode.on.net (150.101.210.22)  36.773 ms  36.796 ms  36.611 ms
 4  gi1-22-11.cor2.mel6.internode.on.net (150.101.212.173)  48.356 ms  48.481 ms  48.000 ms
 5  pos2-3.bdr1.syd6.internode.on.net (150.101.212.241)  49.005 ms  48.277 ms  47.811 ms
 6  gw.google.com (150.101.225.34)  48.258 ms  47.802 ms  48.002 ms
 7  66.249.95.232 (66.249.95.232)  48.136 ms  49.506 ms  49.784 ms
 8  64.233.174.242 (64.233.174.242)  54.573 ms  59.046 ms  52.556 ms
 9  kr-in-f147.google.com (66.102.11.147)  48.300 ms  49.207 ms  48.401 ms

last thing
check MAC with VPN,, to trace route 66.102.11.147
and send results
Traceroute has started ...

traceroute to 66.102.11.147 (66.102.11.147), 64 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *

continues like this
what's your LAN IPs,,and your VPN IPs ??
are they of the same range and subnet?
When I am connected through VPN, the Network profile shows I am connected as IP address 192.168.0.200 - I am connected through a wireless connection at the local network (airport) and that shows an IP address of 192.168.0.7
And to check one more thing out, I have a virtualize XP disk running on VMWare Fusion on the Mac. I tried to connect to the VPN through that and it works. So it's basically just when I'm trying to connect through the Mac OS. I can't believe this is so difficult to get working.
And to double check it has nothing to do with being connected wirelessly through AirPort, I disabled wireless connections and connected directly through ethernet on the network. same deal. :-(
I get this by at the end of the connection log file on the mac when connecting:

Thu Feb 19 08:45:33 2009 : local  IP address 192.168.0.200
Thu Feb 19 08:45:33 2009 : remote IP address 192.168.0.1
Thu Feb 19 08:45:33 2009 : primary   DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : secondary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:36 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:39 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:42 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:45 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:48 2009 : No DHCP server replied

Ok guys, just tried to connect to my VPN from outside the firewall... and it works! So for the Mac, it cannot work by trying to test from behind the firewall (i.e. connected to the local network).
ASKER CERTIFIED SOLUTION
Avatar of memo_tnt
memo_tnt
Flag of Palestine, State of image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

hey
what's status here
is it solved ??
Hi memo_tnt, yes it works, but only from outside the network which is fine. One interesting thing is that when connected via VPN through the mac, when using Fusion, you need to select NAT network and not Bridge.