georgep7
asked on
Is it possible to test VPN while connected behind the router?
Hi guys,
not sure if I'm trying to test something here that isn't possible, but I have a snapgear SG560 firewall router. I have setup VPN access (setup a PPTP VPN server and PPTP VPN client) and am trying to test it by connecting through a macbook (os x 10.5.6). So to make it clear, I'm behind the firewall, connected to the local area network. I'm trying to test it locally (if possible) before I head out and try and connect outside of the firewall.
The mac tells me I'm authenticated/connected, however I can't get any web pages up when trying to navigate to anything in a browser. Is this because I am behind the firewall and wont work? Entering an IP address doesn't work either (for example, 74.125.45.100 which is Google's IP address)
Also, I have an iPhone and I setup an L2TP VPN server/client on the router. Via the iphone I can VPN into the router (authenticate and connect) doing it via 3G (i.e. not connected to the local wireless point). I can connect to my servers behind the firewall (for example 192.168.0.10 which is one of my IIS servers works) but trying to resolve a domain name (like google.com) doesn't work. Instead I have to use the domain's IP address (for example, 74.125.45.100 works and brings up the google website).
Any suggestions?
Thanks.
not sure if I'm trying to test something here that isn't possible, but I have a snapgear SG560 firewall router. I have setup VPN access (setup a PPTP VPN server and PPTP VPN client) and am trying to test it by connecting through a macbook (os x 10.5.6). So to make it clear, I'm behind the firewall, connected to the local area network. I'm trying to test it locally (if possible) before I head out and try and connect outside of the firewall.
The mac tells me I'm authenticated/connected, however I can't get any web pages up when trying to navigate to anything in a browser. Is this because I am behind the firewall and wont work? Entering an IP address doesn't work either (for example, 74.125.45.100 which is Google's IP address)
Also, I have an iPhone and I setup an L2TP VPN server/client on the router. Via the iphone I can VPN into the router (authenticate and connect) doing it via 3G (i.e. not connected to the local wireless point). I can connect to my servers behind the firewall (for example 192.168.0.10 which is one of my IIS servers works) but trying to resolve a domain name (like google.com) doesn't work. Instead I have to use the domain's IP address (for example, 74.125.45.100 works and brings up the google website).
Any suggestions?
Thanks.
ASKER
Hi BR,
on the snapgear side I have setup the following:
- the snapgear has an address 192.168.0.1
- in the Firewall section, under NAT/Port Fowarding I have an IIS server setup with a destination address of 192.68.0.10
- in the VPN section, under PPTP VPN Server I have the following:
Enable PPTP Server (on)
IP addresses to give to remote hosts: 192.168.0.200
IP Address to Assign VPN Server: 192.168.0.1
Authentication Scheme: encrypted authenticated (MS-Chap v2)
Required Encryption Level: Strong encryption (128bit)
Authentication Database : Local
PPTP MTU: 5000
Idle Time (minutes): empty
DNS Server: empty
WINS Server: empty
is this the info you need?
on the snapgear side I have setup the following:
- the snapgear has an address 192.168.0.1
- in the Firewall section, under NAT/Port Fowarding I have an IIS server setup with a destination address of 192.68.0.10
- in the VPN section, under PPTP VPN Server I have the following:
Enable PPTP Server (on)
IP addresses to give to remote hosts: 192.168.0.200
IP Address to Assign VPN Server: 192.168.0.1
Authentication Scheme: encrypted authenticated (MS-Chap v2)
Required Encryption Level: Strong encryption (128bit)
Authentication Database : Local
PPTP MTU: 5000
Idle Time (minutes): empty
DNS Server: empty
WINS Server: empty
is this the info you need?
ASKER
From the mac:
Traceroute has started ...
traceroute: unknown host www.google.com
From a PC:
it resolves to 66.102.11.99
Traceroute has started ...
traceroute: unknown host www.google.com
From a PC:
it resolves to 66.102.11.99
traceroute: unknown host www.google.com
that means DNS problem !!
can you send all traceroute results,,,
that means DNS problem !!
can you send all traceroute results,,,
ASKER
can you expand on what you mean by "all traceroute results". Funny that it works from the PC but not the mac
through PC,,using DOS
it's something like this::
>tracert www.google.com
Tracing route to www.l.google.com [64.233.183.104]
over a maximum of 30 hops:
1 57 ms <1 ms 1 ms
2 191 ms 247 ms 293 ms
3 49 ms 47 ms 47 ms
.
....
Trace complete.
it's something like this::
>tracert www.google.com
Tracing route to www.l.google.com [64.233.183.104]
over a maximum of 30 hops:
1 57 ms <1 ms 1 ms
2 191 ms 247 ms 293 ms
3 49 ms 47 ms 47 ms
.
....
Trace complete.
ASKER
Tracing route to www.l.google.com [66.102.11.104]
over a maximum of 30 hops:
1 3 ms 3 ms 3 ms 192.168.0.1
2 39 ms 38 ms 37 ms loop0.lns10.mel6.internode .on.net [150.101.212.56]
3 38 ms 38 ms 38 ms vlan13.cor2.mel6.internode .on.net [150.101.210.22]
4 50 ms 50 ms 56 ms gi1-22-11.cor2.mel6.intern ode.on.net [150.101.212.173]
5 50 ms 49 ms 49 ms pos2-3.bdr1.syd6.internode .on.net [150.101.212.241]
6 50 ms 49 ms 49 ms gw.google.com [150.101.225.34]
7 50 ms 50 ms 50 ms 66.249.95.232
8 50 ms 53 ms 54 ms 64.233.174.242
9 51 ms 52 ms 51 ms kr-in-f104.google.com [66.102.11.104]
Trace complete.
over a maximum of 30 hops:
1 3 ms 3 ms 3 ms 192.168.0.1
2 39 ms 38 ms 37 ms loop0.lns10.mel6.internode
3 38 ms 38 ms 38 ms vlan13.cor2.mel6.internode
4 50 ms 50 ms 56 ms gi1-22-11.cor2.mel6.intern
5 50 ms 49 ms 49 ms pos2-3.bdr1.syd6.internode
6 50 ms 49 ms 49 ms gw.google.com [150.101.225.34]
7 50 ms 50 ms 50 ms 66.249.95.232
8 50 ms 53 ms 54 ms 64.233.174.242
9 51 ms 52 ms 51 ms kr-in-f104.google.com [66.102.11.104]
Trace complete.
if these results through VPN connection ,, then every thing ok
you need to check your MAC,,?
you need to check your MAC,,?
ASKER
yes, the above tracert is through the PC while connected to VPN. Through the Mac, all I get is:
Traceroute has started ...
traceroute: unknown host www.google.com
Traceroute has started ...
traceroute: unknown host www.google.com
ASKER
Ok, while VPNed in on the Mac:
Lookup has started ...
; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
;; connection timed out; no servers could be reached
Lookup has started ...
; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
;; connection timed out; no servers could be reached
check all these on mac without VPN connection ??
ASKER
Ok, without VPN connection, on Mac:
Lookup has started ...
; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
www.google.com. 271 IN A 66.102.11.147
www.google.com. 271 IN A 66.102.11.99
www.google.com. 271 IN A 66.102.11.104
Traceroute has started ...
traceroute: Warning: www.google.com has multiple addresses; using 66.102.11.147
traceroute to www.l.google.com (66.102.11.147), 64 hops max, 40 byte packets
1 192.168.0.1 (192.168.0.1) 4.422 ms 1.654 ms 2.227 ms
2 loop0.lns10.mel6.internode .on.net (150.101.212.56) 36.503 ms 36.345 ms 37.003 ms
3 vlan13.cor2.mel6.internode .on.net (150.101.210.22) 36.773 ms 36.796 ms 36.611 ms
4 gi1-22-11.cor2.mel6.intern ode.on.net (150.101.212.173) 48.356 ms 48.481 ms 48.000 ms
5 pos2-3.bdr1.syd6.internode .on.net (150.101.212.241) 49.005 ms 48.277 ms 47.811 ms
6 gw.google.com (150.101.225.34) 48.258 ms 47.802 ms 48.002 ms
7 66.249.95.232 (66.249.95.232) 48.136 ms 49.506 ms 49.784 ms
8 64.233.174.242 (64.233.174.242) 54.573 ms 59.046 ms 52.556 ms
9 kr-in-f147.google.com (66.102.11.147) 48.300 ms 49.207 ms 48.401 ms
Lookup has started ...
; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options: printcmd
www.google.com. 271 IN A 66.102.11.147
www.google.com. 271 IN A 66.102.11.99
www.google.com. 271 IN A 66.102.11.104
Traceroute has started ...
traceroute: Warning: www.google.com has multiple addresses; using 66.102.11.147
traceroute to www.l.google.com (66.102.11.147), 64 hops max, 40 byte packets
1 192.168.0.1 (192.168.0.1) 4.422 ms 1.654 ms 2.227 ms
2 loop0.lns10.mel6.internode
3 vlan13.cor2.mel6.internode
4 gi1-22-11.cor2.mel6.intern
5 pos2-3.bdr1.syd6.internode
6 gw.google.com (150.101.225.34) 48.258 ms 47.802 ms 48.002 ms
7 66.249.95.232 (66.249.95.232) 48.136 ms 49.506 ms 49.784 ms
8 64.233.174.242 (64.233.174.242) 54.573 ms 59.046 ms 52.556 ms
9 kr-in-f147.google.com (66.102.11.147) 48.300 ms 49.207 ms 48.401 ms
last thing
check MAC with VPN,, to trace route 66.102.11.147
and send results
check MAC with VPN,, to trace route 66.102.11.147
and send results
ASKER
Traceroute has started ...
traceroute to 66.102.11.147 (66.102.11.147), 64 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
continues like this
traceroute to 66.102.11.147 (66.102.11.147), 64 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
continues like this
what's your LAN IPs,,and your VPN IPs ??
are they of the same range and subnet?
are they of the same range and subnet?
ASKER
When I am connected through VPN, the Network profile shows I am connected as IP address 192.168.0.200 - I am connected through a wireless connection at the local network (airport) and that shows an IP address of 192.168.0.7
ASKER
And to check one more thing out, I have a virtualize XP disk running on VMWare Fusion on the Mac. I tried to connect to the VPN through that and it works. So it's basically just when I'm trying to connect through the Mac OS. I can't believe this is so difficult to get working.
ASKER
And to double check it has nothing to do with being connected wirelessly through AirPort, I disabled wireless connections and connected directly through ethernet on the network. same deal. :-(
ASKER
I get this by at the end of the connection log file on the mac when connecting:
Thu Feb 19 08:45:33 2009 : local IP address 192.168.0.200
Thu Feb 19 08:45:33 2009 : remote IP address 192.168.0.1
Thu Feb 19 08:45:33 2009 : primary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : secondary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:36 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:39 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:42 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:45 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:48 2009 : No DHCP server replied
Thu Feb 19 08:45:33 2009 : local IP address 192.168.0.200
Thu Feb 19 08:45:33 2009 : remote IP address 192.168.0.1
Thu Feb 19 08:45:33 2009 : primary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : secondary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:36 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:39 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:42 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:45 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:48 2009 : No DHCP server replied
ASKER
Ok guys, just tried to connect to my VPN from outside the firewall... and it works! So for the Mac, it cannot work by trying to test from behind the firewall (i.e. connected to the local network).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hey
what's status here
is it solved ??
ASKER
Hi memo_tnt, yes it works, but only from outside the network which is fine. One interesting thing is that when connected via VPN through the mac, when using Fusion, you need to select NAT network and not Bridge.
it seems nating problem ,, you need to add
ip nat inside to your tunnel interface ,, depends on your configuration and interfaces
BR