[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Is it possible to test VPN while connected behind the router?

Posted on 2009-02-18
25
Medium Priority
?
419 Views
Last Modified: 2013-12-27
Hi guys,

not sure if I'm trying to test something here that isn't possible, but I have a snapgear SG560 firewall router. I have setup VPN access (setup a PPTP VPN server and PPTP VPN client) and am trying to test it by connecting through a macbook (os x 10.5.6). So to make it clear, I'm behind the firewall, connected to the local area network. I'm trying to test it locally (if possible) before I head out and try and connect outside of the firewall.

The mac tells me I'm authenticated/connected, however I can't get any web pages up when trying to navigate to anything in a browser. Is this because I am behind the firewall and wont work? Entering an IP address doesn't work either (for example, 74.125.45.100 which is Google's IP address)

Also, I have an iPhone and I setup an L2TP VPN server/client on the router. Via the iphone I can VPN into the router (authenticate and connect) doing it via 3G (i.e. not connected to the local wireless point). I can connect to my servers behind the firewall (for example 192.168.0.10 which is one of my IIS servers works) but trying to resolve a domain name (like google.com) doesn't work. Instead I have to use the domain's IP address (for example, 74.125.45.100 works and brings up the google website).

Any suggestions?

Thanks.


0
Comment
Question by:georgep7
  • 14
  • 11
25 Comments
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23668550
send your configurations
it seems nating problem ,, you need to add
ip nat inside to your tunnel interface ,, depends on your configuration and interfaces
 
BR
0
 

Author Comment

by:georgep7
ID: 23668593
Hi BR,

on the snapgear side I have setup the following:

- the snapgear has an address 192.168.0.1
- in the Firewall section, under NAT/Port Fowarding I have an IIS server setup with a destination address of 192.68.0.10
- in the VPN section, under PPTP VPN Server I have the following:
Enable PPTP Server (on)            
IP addresses to give to remote hosts: 192.168.0.200            
IP Address to Assign VPN Server: 192.168.0.1
Authentication Scheme: encrypted authenticated (MS-Chap v2)
Required Encryption Level: Strong encryption (128bit)
Authentication Database      : Local
PPTP MTU: 5000
Idle Time (minutes): empty
DNS Server: empty
WINS Server: empty

is this the info you need?
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23668898
ok
make a VPN connection from one of yur PCs and send me results for trace route
to www.google.com
 
 
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:georgep7
ID: 23668984
From the mac:

Traceroute has started ...

traceroute: unknown host www.google.com


From a PC:

it resolves to 66.102.11.99
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669054
traceroute: unknown host www.google.com
that means DNS problem !!
can you send all traceroute results,,,
0
 

Author Comment

by:georgep7
ID: 23669117
can you expand on what you mean by "all traceroute results". Funny that it works from the PC but not the mac
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669163
through PC,,using DOS
it's something like this::

>tracert www.google.com 
Tracing route to www.l.google.com [64.233.183.104]
over a maximum of 30 hops:
  1    57 ms    <1 ms     1 ms  
  2   191 ms   247 ms   293 ms  
  3    49 ms    47 ms    47 ms
.
....
Trace complete.
0
 

Author Comment

by:georgep7
ID: 23669194
Tracing route to www.l.google.com [66.102.11.104]

over a maximum of 30 hops:

  1     3 ms     3 ms     3 ms  192.168.0.1
  2    39 ms    38 ms    37 ms  loop0.lns10.mel6.internode.on.net [150.101.212.56]
  3    38 ms    38 ms    38 ms  vlan13.cor2.mel6.internode.on.net [150.101.210.22]
  4    50 ms    50 ms    56 ms  gi1-22-11.cor2.mel6.internode.on.net [150.101.212.173]
  5    50 ms    49 ms    49 ms  pos2-3.bdr1.syd6.internode.on.net [150.101.212.241]
  6    50 ms    49 ms    49 ms  gw.google.com [150.101.225.34]
  7    50 ms    50 ms    50 ms  66.249.95.232
  8    50 ms    53 ms    54 ms  64.233.174.242
  9    51 ms    52 ms    51 ms  kr-in-f104.google.com [66.102.11.104]

Trace complete.
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669211
if these results through VPN connection ,, then every thing ok
you need to check your MAC,,?
0
 

Author Comment

by:georgep7
ID: 23669249
yes, the above tracert is through the PC while connected to VPN. Through the Mac, all I get is:

Traceroute has started ...

traceroute: unknown host www.google.com
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669291
try nslookup www.google.com from your MAC
send results
0
 

Author Comment

by:georgep7
ID: 23669317
Ok, while VPNed in on the Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
;; connection timed out; no servers could be reached
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669346
check all these on mac without VPN connection ??
0
 

Author Comment

by:georgep7
ID: 23669372
Ok, without VPN connection, on Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
www.google.com.            271 IN A 66.102.11.147
www.google.com.            271 IN A 66.102.11.99
www.google.com.            271 IN A 66.102.11.104


Traceroute has started ...

traceroute: Warning: www.google.com has multiple addresses; using 66.102.11.147
traceroute to www.l.google.com (66.102.11.147), 64 hops max, 40 byte packets
 1  192.168.0.1 (192.168.0.1)  4.422 ms  1.654 ms  2.227 ms
 2  loop0.lns10.mel6.internode.on.net (150.101.212.56)  36.503 ms  36.345 ms  37.003 ms
 3  vlan13.cor2.mel6.internode.on.net (150.101.210.22)  36.773 ms  36.796 ms  36.611 ms
 4  gi1-22-11.cor2.mel6.internode.on.net (150.101.212.173)  48.356 ms  48.481 ms  48.000 ms
 5  pos2-3.bdr1.syd6.internode.on.net (150.101.212.241)  49.005 ms  48.277 ms  47.811 ms
 6  gw.google.com (150.101.225.34)  48.258 ms  47.802 ms  48.002 ms
 7  66.249.95.232 (66.249.95.232)  48.136 ms  49.506 ms  49.784 ms
 8  64.233.174.242 (64.233.174.242)  54.573 ms  59.046 ms  52.556 ms
 9  kr-in-f147.google.com (66.102.11.147)  48.300 ms  49.207 ms  48.401 ms

0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669731
last thing
check MAC with VPN,, to trace route 66.102.11.147
and send results
0
 

Author Comment

by:georgep7
ID: 23669832
Traceroute has started ...

traceroute to 66.102.11.147 (66.102.11.147), 64 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *

continues like this
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23669865
what's your LAN IPs,,and your VPN IPs ??
are they of the same range and subnet?
0
 

Author Comment

by:georgep7
ID: 23674988
When I am connected through VPN, the Network profile shows I am connected as IP address 192.168.0.200 - I am connected through a wireless connection at the local network (airport) and that shows an IP address of 192.168.0.7
0
 

Author Comment

by:georgep7
ID: 23675164
And to check one more thing out, I have a virtualize XP disk running on VMWare Fusion on the Mac. I tried to connect to the VPN through that and it works. So it's basically just when I'm trying to connect through the Mac OS. I can't believe this is so difficult to get working.
0
 

Author Comment

by:georgep7
ID: 23675199
And to double check it has nothing to do with being connected wirelessly through AirPort, I disabled wireless connections and connected directly through ethernet on the network. same deal. :-(
0
 

Author Comment

by:georgep7
ID: 23675384
I get this by at the end of the connection log file on the mac when connecting:

Thu Feb 19 08:45:33 2009 : local  IP address 192.168.0.200
Thu Feb 19 08:45:33 2009 : remote IP address 192.168.0.1
Thu Feb 19 08:45:33 2009 : primary   DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : secondary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:36 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:39 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:42 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:45 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:48 2009 : No DHCP server replied

0
 

Author Comment

by:georgep7
ID: 23676508
Ok guys, just tried to connect to my VPN from outside the firewall... and it works! So for the Mac, it cannot work by trying to test from behind the firewall (i.e. connected to the local network).
0
 
LVL 16

Accepted Solution

by:
memo_tnt earned 1500 total points
ID: 23678737
that's fair ..
but did you try to connect from network with different subnet i.e 10.x.x.x ???
at the end good to be solved ,,but check yoyr mac settings well
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 23709378

hey
what's status here
is it solved ??
0
 

Author Comment

by:georgep7
ID: 23752064
Hi memo_tnt, yes it works, but only from outside the network which is fine. One interesting thing is that when connected via VPN through the mac, when using Fusion, you need to select NAT network and not Bridge.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
How to take pictures with depth using iOS 10
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question