Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote VPN clients stuck/hang at "Loading Personal Settings" after installing filtering gateway

Posted on 2009-05-05
7
Medium Priority
?
584 Views
Last Modified: 2012-05-06
Let me first explain how the network is set up.

Main Office: VPN Router > Switch > SBS 2003 Server (only DC)

Each of 7 Branch Offices: VPN Router > Switch > Clients (all running XP, all either SP2 or SP3)

Each of the branch offices has an ipsec vpn tunnel into the main office. The DNS setting on each of the clients points only to the SBS 2003 server at the main office. When the users log on group policy is applied and their documents/desktop/application data are redirected to storage locations at their respective branch offices.

Now, I've added a filtering machine (running Untangle in bridge mode) to the main office. It is only filtering for viruses, spam, phishing, inappropriate content based on categories. No protocol filtering or intrusion detection.

New Main Office network setup: VPN Router > Filtering Computer > Switch > SBS 2003 Server

All of a sudden when people started logging on today from the remote sites (first day with the filtering computer in the mix), they are getting stuck at "Loading your personal settings" and it will hang there.

I remove the filtering gateway and everything goes back to normal. Clients that never logged off last night had no problems during the day (exchange mail worked in Outlook, could browse shared on the SBS 2003 server, etc).

So I guess my question is, what would cause logons to fail at "loading your personal settings" in respect to the filtering computer? What is is blocking that the clients need?
0
Comment
Question by:tvacc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24318420
I am not familiar with Untangle, but I assume it uses two network cards? If so are the 'in' and 'out' on the same subnet?

Can the remote client machines ping the SBS?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24318443
The Untangle computer needs to be configured in "transparent bridge mode". Is this the case?
0
 

Author Comment

by:tvacc
ID: 24323299
Yes it is. Only the external address is statically configured in this mode. My clients are all set up as 192.168.4.X, 192.168.5.X, 192.168.6.X, etc The main office is set up as 192.168.3.X

I set the Untangle ip for the external interface to be 192.168.3.159/16. Still nothing. Clients at branch offices can ping the SBS 2003 server by ip address, but not by hostname.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 24324998
One issue: Every site must use a different subnet (network ID). With a subnet mask of /16 (255.255.0.0) all sites are on the same subnet, it will not work. Try changing to /24 (255.255.255.0). I appreciate this may not be an easy change, but it is a basic routing requirement.
0
 

Author Comment

by:tvacc
ID: 24327415
Each site has their own subnet /24. Someone at Untangle suggested that I make the external interface of the Untangle be /16. That's the only IP that is /16.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24327770
You will need to change that one as well. All network segments between client and server must use a different network ID (Subnet) or routing cannot take place.

However, is routing the main issue? Can users ping all resources? It is very possible they will not be able to resolve names without some tweaks. See my Blog regarding VPN client name resolution:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 

Accepted Solution

by:
tvacc earned 0 total points
ID: 24670428
I am resolving this with the Untangle people. This can be closed.
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question