• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

Is it possible to test VPN while connected behind the router?

Hi guys,

not sure if I'm trying to test something here that isn't possible, but I have a snapgear SG560 firewall router. I have setup VPN access (setup a PPTP VPN server and PPTP VPN client) and am trying to test it by connecting through a macbook (os x 10.5.6). So to make it clear, I'm behind the firewall, connected to the local area network. I'm trying to test it locally (if possible) before I head out and try and connect outside of the firewall.

The mac tells me I'm authenticated/connected, however I can't get any web pages up when trying to navigate to anything in a browser. Is this because I am behind the firewall and wont work? Entering an IP address doesn't work either (for example, 74.125.45.100 which is Google's IP address)

Also, I have an iPhone and I setup an L2TP VPN server/client on the router. Via the iphone I can VPN into the router (authenticate and connect) doing it via 3G (i.e. not connected to the local wireless point). I can connect to my servers behind the firewall (for example 192.168.0.10 which is one of my IIS servers works) but trying to resolve a domain name (like google.com) doesn't work. Instead I have to use the domain's IP address (for example, 74.125.45.100 works and brings up the google website).

Any suggestions?

Thanks.


0
georgep7
Asked:
georgep7
  • 14
  • 11
1 Solution
 
memo_tntCommented:
send your configurations
it seems nating problem ,, you need to add
ip nat inside to your tunnel interface ,, depends on your configuration and interfaces
 
BR
0
 
georgep7Author Commented:
Hi BR,

on the snapgear side I have setup the following:

- the snapgear has an address 192.168.0.1
- in the Firewall section, under NAT/Port Fowarding I have an IIS server setup with a destination address of 192.68.0.10
- in the VPN section, under PPTP VPN Server I have the following:
Enable PPTP Server (on)            
IP addresses to give to remote hosts: 192.168.0.200            
IP Address to Assign VPN Server: 192.168.0.1
Authentication Scheme: encrypted authenticated (MS-Chap v2)
Required Encryption Level: Strong encryption (128bit)
Authentication Database      : Local
PPTP MTU: 5000
Idle Time (minutes): empty
DNS Server: empty
WINS Server: empty

is this the info you need?
0
 
memo_tntCommented:
ok
make a VPN connection from one of yur PCs and send me results for trace route
to www.google.com
 
 
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
georgep7Author Commented:
From the mac:

Traceroute has started ...

traceroute: unknown host www.google.com


From a PC:

it resolves to 66.102.11.99
0
 
memo_tntCommented:
traceroute: unknown host www.google.com
that means DNS problem !!
can you send all traceroute results,,,
0
 
georgep7Author Commented:
can you expand on what you mean by "all traceroute results". Funny that it works from the PC but not the mac
0
 
memo_tntCommented:
through PC,,using DOS
it's something like this::

>tracert www.google.com 
Tracing route to www.l.google.com [64.233.183.104]
over a maximum of 30 hops:
  1    57 ms    <1 ms     1 ms  
  2   191 ms   247 ms   293 ms  
  3    49 ms    47 ms    47 ms
.
....
Trace complete.
0
 
georgep7Author Commented:
Tracing route to www.l.google.com [66.102.11.104]

over a maximum of 30 hops:

  1     3 ms     3 ms     3 ms  192.168.0.1
  2    39 ms    38 ms    37 ms  loop0.lns10.mel6.internode.on.net [150.101.212.56]
  3    38 ms    38 ms    38 ms  vlan13.cor2.mel6.internode.on.net [150.101.210.22]
  4    50 ms    50 ms    56 ms  gi1-22-11.cor2.mel6.internode.on.net [150.101.212.173]
  5    50 ms    49 ms    49 ms  pos2-3.bdr1.syd6.internode.on.net [150.101.212.241]
  6    50 ms    49 ms    49 ms  gw.google.com [150.101.225.34]
  7    50 ms    50 ms    50 ms  66.249.95.232
  8    50 ms    53 ms    54 ms  64.233.174.242
  9    51 ms    52 ms    51 ms  kr-in-f104.google.com [66.102.11.104]

Trace complete.
0
 
memo_tntCommented:
if these results through VPN connection ,, then every thing ok
you need to check your MAC,,?
0
 
georgep7Author Commented:
yes, the above tracert is through the PC while connected to VPN. Through the Mac, all I get is:

Traceroute has started ...

traceroute: unknown host www.google.com
0
 
memo_tntCommented:
try nslookup www.google.com from your MAC
send results
0
 
georgep7Author Commented:
Ok, while VPNed in on the Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
;; connection timed out; no servers could be reached
0
 
memo_tntCommented:
check all these on mac without VPN connection ??
0
 
georgep7Author Commented:
Ok, without VPN connection, on Mac:

Lookup has started ...


; <<>> DiG 9.4.2-P2 <<>> www.google.com +multiline +nocomments +nocmd +noquestion +nostats +search
;; global options:  printcmd
www.google.com.            271 IN A 66.102.11.147
www.google.com.            271 IN A 66.102.11.99
www.google.com.            271 IN A 66.102.11.104


Traceroute has started ...

traceroute: Warning: www.google.com has multiple addresses; using 66.102.11.147
traceroute to www.l.google.com (66.102.11.147), 64 hops max, 40 byte packets
 1  192.168.0.1 (192.168.0.1)  4.422 ms  1.654 ms  2.227 ms
 2  loop0.lns10.mel6.internode.on.net (150.101.212.56)  36.503 ms  36.345 ms  37.003 ms
 3  vlan13.cor2.mel6.internode.on.net (150.101.210.22)  36.773 ms  36.796 ms  36.611 ms
 4  gi1-22-11.cor2.mel6.internode.on.net (150.101.212.173)  48.356 ms  48.481 ms  48.000 ms
 5  pos2-3.bdr1.syd6.internode.on.net (150.101.212.241)  49.005 ms  48.277 ms  47.811 ms
 6  gw.google.com (150.101.225.34)  48.258 ms  47.802 ms  48.002 ms
 7  66.249.95.232 (66.249.95.232)  48.136 ms  49.506 ms  49.784 ms
 8  64.233.174.242 (64.233.174.242)  54.573 ms  59.046 ms  52.556 ms
 9  kr-in-f147.google.com (66.102.11.147)  48.300 ms  49.207 ms  48.401 ms

0
 
memo_tntCommented:
last thing
check MAC with VPN,, to trace route 66.102.11.147
and send results
0
 
georgep7Author Commented:
Traceroute has started ...

traceroute to 66.102.11.147 (66.102.11.147), 64 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *

continues like this
0
 
memo_tntCommented:
what's your LAN IPs,,and your VPN IPs ??
are they of the same range and subnet?
0
 
georgep7Author Commented:
When I am connected through VPN, the Network profile shows I am connected as IP address 192.168.0.200 - I am connected through a wireless connection at the local network (airport) and that shows an IP address of 192.168.0.7
0
 
georgep7Author Commented:
And to check one more thing out, I have a virtualize XP disk running on VMWare Fusion on the Mac. I tried to connect to the VPN through that and it works. So it's basically just when I'm trying to connect through the Mac OS. I can't believe this is so difficult to get working.
0
 
georgep7Author Commented:
And to double check it has nothing to do with being connected wirelessly through AirPort, I disabled wireless connections and connected directly through ethernet on the network. same deal. :-(
0
 
georgep7Author Commented:
I get this by at the end of the connection log file on the mac when connecting:

Thu Feb 19 08:45:33 2009 : local  IP address 192.168.0.200
Thu Feb 19 08:45:33 2009 : remote IP address 192.168.0.1
Thu Feb 19 08:45:33 2009 : primary   DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : secondary DNS address 192.168.0.1
Thu Feb 19 08:45:33 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:36 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:39 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:42 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:45 2009 : sent [IP data <src addr 192.168.0.200> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Thu Feb 19 08:45:48 2009 : No DHCP server replied

0
 
georgep7Author Commented:
Ok guys, just tried to connect to my VPN from outside the firewall... and it works! So for the Mac, it cannot work by trying to test from behind the firewall (i.e. connected to the local network).
0
 
memo_tntCommented:
that's fair ..
but did you try to connect from network with different subnet i.e 10.x.x.x ???
at the end good to be solved ,,but check yoyr mac settings well
0
 
memo_tntCommented:

hey
what's status here
is it solved ??
0
 
georgep7Author Commented:
Hi memo_tnt, yes it works, but only from outside the network which is fine. One interesting thing is that when connected via VPN through the mac, when using Fusion, you need to select NAT network and not Bridge.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 14
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now