Solved

Connected to VPN but no internet?

Posted on 2010-11-10
12
590 Views
Last Modified: 2012-05-10
a friend of mine is trying to connect to our home computer (XP PRO) over VPN.   The VPN is setup correctly (I use a linksys VPN router, PPTP) and works from other locations.

She can successfully connect via VPN.
She can successfully PING my XP PRO box
But she cannot browse the internet,
and she cannot browse my XP box Website

Her norton is disabled.  her firewall is disabled.
I cannot ping her IP from my XP Box, even though she CAN ping my XP box.
Her VPN shows connected on my Linksys router, and pinging me from her machine works, but pinging her from my machine doesn't.

The goal is for her to browse my XP Website from her machine, and both IE and Firefox just display a "waiting for connection" message and hang, not even resulting in an error.  (she also cannot browse any internet website)

 
I tried everything and am out of ideas.  Anyone have an idea?
0
Comment
Question by:arthurh88
  • 6
  • 4
  • 2
12 Comments
 
LVL 3

Expert Comment

by:arzka
ID: 34104964
Have you verified the machine receives proper DNS and Default gateway information when connecting to the VPN? In many Windows VPN cases the system routes ALL traffic through the VPN so the machine is no longer able to access the local default gateway or the DNS servers to resolve names.

First you might want to check what settings you have - IPCONFIG /ALL
Then you might want to check whether your DNS resolves anything: NSLOOKUP YAHOO.COM
Third, check your routing tables - NETSTAT -NR
Fourth, use traceroute to see where your traffic is going: TRACERT -D YAHOO.COM

All of the commands are supposed to be used in the command prompt, and all are in upper case to make it easier to see them. EVERYTHING in them should be in lower case when you do type them, especially the command line switches.

I would assume you either:

a) are unable to resolve any names because the end point gives you new (faulty) DNS information and the client connecting is no longer able to resolve names properly - nslookup would just fail. Nslookup also shows you which DNS server the machine is trying to use. Running the command both with the VPN  enabled and disabled allows you to easily see what's going on

or

b) the VPN connection gives your machine a new default gateway but screws up something else in the configuration, making your other machine effectively unable to connect to the internet.

On Win7 you can define whether to use the remote default gateway or not - the settings can be found from the VPN connection properties -> Networking -> IPV4 -> Advanced -> there's a check box on the IP Settings page ("Use default gateway on remote network") - disabling that would allow a Win7 machine to access internet, too. I'm not sure if WinXP had the same checkbox.

Hope some of this helps. It would've been useful if you had posted some information about your level of knowledge about LANs, IP traffic and such. Now I'm just forced to assume you know next to nothing, which would allow you to configure the VPN but not really use it for anything else. If I'm wrong, please let me know how far I am from the target, and we'll get it set up. I've got some XP machines too, they're just at a different location I can reach only tomorrow to check.
0
 

Author Comment

by:arthurh88
ID: 34105143
hi thanks for your reply.  

She can ping:  192.168.2.100
But cannot browse:  http://192.168.2.100


Her PPTP IP is 192.168.2.202

She can ping:   192.168.2.100

But I cannot ping:  192.168.2.202


Im using straight IP addresses, so DNS and name resolution shouldn't have anything to do with it right?   or am I wrong?
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34105175
Can she ping your xp by name? Then DNS working fine.

If not check your firewall both native one and the one the anti-virus allow port 80 to pass through to allow http traffic
0
 

Author Comment

by:arthurh88
ID: 34105494
the goal is not for DNS to work.  The goal is simply to browse http://192.168.2.100
I shouldn't need DNS for that.
0
 

Author Comment

by:arthurh88
ID: 34105517
what i dont understand is how the following can occur (her IP is 192.168.2.202)

1.  She can ping 192.168.2.100
2.  She cannot browse 192.168.2.100 (on both IE and firefox)
3.  I cannot ping 192.168.2.202


how can all this happen?  I'm stumped.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34105708
Hi

if she can ping and get the reply then communication can take place in both ways can you turn off the firewall and check? try turning it off at your end both built in and if any third-party ones are on that as well. if it doesnt work ask her to try on her side.

I would suggest if you have another machine on your network try accessing it on that to rule out any problems on your side
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:arthurh88
ID: 34106491
i know its not on my end, because 2 other computers successfully VPN daily to our machine, and can browse http://192.168.2.100 no problem!
0
 
LVL 3

Expert Comment

by:arzka
ID: 34112310
Ahh, my mistake. I thought you actually wanted to be able to browse the internet through the VPN too.

So, in the light of the new information, the current situation is:

You have a server machine, it has a HTTP server installed, and the port 80 on that machine is not protected by a firewall, at least from the 192.168.2.x network. There are more than one users using the VPN, and at least two of those are able to do exactly what you want without any changes to the configuration. Am I right at this point?

I also assume you can see the ping traffic from her computer to your box in your VPN appliance?

The only things that I can think of at this point - and with this information - is to make sure the local network at her end doesn't conflict with yours. Another might be to try to just telnet to the HTTP port and see if you get any response assuming the person has the required skills. It's not really that hard..
- command prompt
- "telnet 192.168.2.100 80"
- if it manages to connect, you know you get at least some information
- type "GET / HTTP/1.1" and hit enter twice
- enjoy the HTML code of the startup page

Then again, the last probably doesn't make any difference - I'd assume you get a connection timed out.
0
 

Author Comment

by:arthurh88
ID: 34128906
i will try that.  i'm beginning to wonder if she has an unknown firewall on her machine.  i am driving out to her house in a few days and will try your suggestions.  your summary was completely correct.

1.  I have http on port 80 open to everyone on network 192.168.2.x
2. I have a linksys VPN router that has a PPTP server with 10 users maximum on my home network
3.  2 people VPN into the linksys, and can browse no problem on 192.168.2.100
4.  The third person can VPN successfully. The third person can PING 192.168.2.100 and get a reply
5.  The third person cannot browse 192.168.2.100
6.  While the third person is on a VPN, even though she gets a reply when SHE initiates the Ping, if I try to ping her anywhere on the 192.168.2.x network, there is no reply from her.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34129206
VPN to windows xp maximum 3 connections if it helps
0
 

Author Comment

by:arthurh88
ID: 34129243
its not a VPN to XP, it is a VPN into a linksys VPN router that allows up to 10.
0
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 500 total points
ID: 34130510
Configure another computer to get
Her PPTP IP 192.168.2.202 if it can connect its not anything from your side. (i mean the firewall blocking that ip). If this trial is successful definitely it has to do something with her firewall.

goodluck
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now