Solved

Remote VPN clients stuck/hang at "Loading Personal Settings" after installing filtering gateway

Posted on 2009-05-05
7
582 Views
Last Modified: 2012-05-06
Let me first explain how the network is set up.

Main Office: VPN Router > Switch > SBS 2003 Server (only DC)

Each of 7 Branch Offices: VPN Router > Switch > Clients (all running XP, all either SP2 or SP3)

Each of the branch offices has an ipsec vpn tunnel into the main office. The DNS setting on each of the clients points only to the SBS 2003 server at the main office. When the users log on group policy is applied and their documents/desktop/application data are redirected to storage locations at their respective branch offices.

Now, I've added a filtering machine (running Untangle in bridge mode) to the main office. It is only filtering for viruses, spam, phishing, inappropriate content based on categories. No protocol filtering or intrusion detection.

New Main Office network setup: VPN Router > Filtering Computer > Switch > SBS 2003 Server

All of a sudden when people started logging on today from the remote sites (first day with the filtering computer in the mix), they are getting stuck at "Loading your personal settings" and it will hang there.

I remove the filtering gateway and everything goes back to normal. Clients that never logged off last night had no problems during the day (exchange mail worked in Outlook, could browse shared on the SBS 2003 server, etc).

So I guess my question is, what would cause logons to fail at "loading your personal settings" in respect to the filtering computer? What is is blocking that the clients need?
0
Comment
Question by:tvacc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24318420
I am not familiar with Untangle, but I assume it uses two network cards? If so are the 'in' and 'out' on the same subnet?

Can the remote client machines ping the SBS?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24318443
The Untangle computer needs to be configured in "transparent bridge mode". Is this the case?
0
 

Author Comment

by:tvacc
ID: 24323299
Yes it is. Only the external address is statically configured in this mode. My clients are all set up as 192.168.4.X, 192.168.5.X, 192.168.6.X, etc The main office is set up as 192.168.3.X

I set the Untangle ip for the external interface to be 192.168.3.159/16. Still nothing. Clients at branch offices can ping the SBS 2003 server by ip address, but not by hostname.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 77

Expert Comment

by:Rob Williams
ID: 24324998
One issue: Every site must use a different subnet (network ID). With a subnet mask of /16 (255.255.0.0) all sites are on the same subnet, it will not work. Try changing to /24 (255.255.255.0). I appreciate this may not be an easy change, but it is a basic routing requirement.
0
 

Author Comment

by:tvacc
ID: 24327415
Each site has their own subnet /24. Someone at Untangle suggested that I make the external interface of the Untangle be /16. That's the only IP that is /16.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24327770
You will need to change that one as well. All network segments between client and server must use a different network ID (Subnet) or routing cannot take place.

However, is routing the main issue? Can users ping all resources? It is very possible they will not be able to resolve names without some tweaks. See my Blog regarding VPN client name resolution:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 

Accepted Solution

by:
tvacc earned 0 total points
ID: 24670428
I am resolving this with the Untangle people. This can be closed.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question