Solved

Connected to VPN but no internet?

Posted on 2010-11-10
12
589 Views
Last Modified: 2012-05-10
a friend of mine is trying to connect to our home computer (XP PRO) over VPN.   The VPN is setup correctly (I use a linksys VPN router, PPTP) and works from other locations.

She can successfully connect via VPN.
She can successfully PING my XP PRO box
But she cannot browse the internet,
and she cannot browse my XP box Website

Her norton is disabled.  her firewall is disabled.
I cannot ping her IP from my XP Box, even though she CAN ping my XP box.
Her VPN shows connected on my Linksys router, and pinging me from her machine works, but pinging her from my machine doesn't.

The goal is for her to browse my XP Website from her machine, and both IE and Firefox just display a "waiting for connection" message and hang, not even resulting in an error.  (she also cannot browse any internet website)

 
I tried everything and am out of ideas.  Anyone have an idea?
0
Comment
Question by:arthurh88
  • 6
  • 4
  • 2
12 Comments
 
LVL 3

Expert Comment

by:arzka
ID: 34104964
Have you verified the machine receives proper DNS and Default gateway information when connecting to the VPN? In many Windows VPN cases the system routes ALL traffic through the VPN so the machine is no longer able to access the local default gateway or the DNS servers to resolve names.

First you might want to check what settings you have - IPCONFIG /ALL
Then you might want to check whether your DNS resolves anything: NSLOOKUP YAHOO.COM
Third, check your routing tables - NETSTAT -NR
Fourth, use traceroute to see where your traffic is going: TRACERT -D YAHOO.COM

All of the commands are supposed to be used in the command prompt, and all are in upper case to make it easier to see them. EVERYTHING in them should be in lower case when you do type them, especially the command line switches.

I would assume you either:

a) are unable to resolve any names because the end point gives you new (faulty) DNS information and the client connecting is no longer able to resolve names properly - nslookup would just fail. Nslookup also shows you which DNS server the machine is trying to use. Running the command both with the VPN  enabled and disabled allows you to easily see what's going on

or

b) the VPN connection gives your machine a new default gateway but screws up something else in the configuration, making your other machine effectively unable to connect to the internet.

On Win7 you can define whether to use the remote default gateway or not - the settings can be found from the VPN connection properties -> Networking -> IPV4 -> Advanced -> there's a check box on the IP Settings page ("Use default gateway on remote network") - disabling that would allow a Win7 machine to access internet, too. I'm not sure if WinXP had the same checkbox.

Hope some of this helps. It would've been useful if you had posted some information about your level of knowledge about LANs, IP traffic and such. Now I'm just forced to assume you know next to nothing, which would allow you to configure the VPN but not really use it for anything else. If I'm wrong, please let me know how far I am from the target, and we'll get it set up. I've got some XP machines too, they're just at a different location I can reach only tomorrow to check.
0
 

Author Comment

by:arthurh88
ID: 34105143
hi thanks for your reply.  

She can ping:  192.168.2.100
But cannot browse:  http://192.168.2.100


Her PPTP IP is 192.168.2.202

She can ping:   192.168.2.100

But I cannot ping:  192.168.2.202


Im using straight IP addresses, so DNS and name resolution shouldn't have anything to do with it right?   or am I wrong?
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34105175
Can she ping your xp by name? Then DNS working fine.

If not check your firewall both native one and the one the anti-virus allow port 80 to pass through to allow http traffic
0
 

Author Comment

by:arthurh88
ID: 34105494
the goal is not for DNS to work.  The goal is simply to browse http://192.168.2.100
I shouldn't need DNS for that.
0
 

Author Comment

by:arthurh88
ID: 34105517
what i dont understand is how the following can occur (her IP is 192.168.2.202)

1.  She can ping 192.168.2.100
2.  She cannot browse 192.168.2.100 (on both IE and firefox)
3.  I cannot ping 192.168.2.202


how can all this happen?  I'm stumped.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34105708
Hi

if she can ping and get the reply then communication can take place in both ways can you turn off the firewall and check? try turning it off at your end both built in and if any third-party ones are on that as well. if it doesnt work ask her to try on her side.

I would suggest if you have another machine on your network try accessing it on that to rule out any problems on your side
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:arthurh88
ID: 34106491
i know its not on my end, because 2 other computers successfully VPN daily to our machine, and can browse http://192.168.2.100 no problem!
0
 
LVL 3

Expert Comment

by:arzka
ID: 34112310
Ahh, my mistake. I thought you actually wanted to be able to browse the internet through the VPN too.

So, in the light of the new information, the current situation is:

You have a server machine, it has a HTTP server installed, and the port 80 on that machine is not protected by a firewall, at least from the 192.168.2.x network. There are more than one users using the VPN, and at least two of those are able to do exactly what you want without any changes to the configuration. Am I right at this point?

I also assume you can see the ping traffic from her computer to your box in your VPN appliance?

The only things that I can think of at this point - and with this information - is to make sure the local network at her end doesn't conflict with yours. Another might be to try to just telnet to the HTTP port and see if you get any response assuming the person has the required skills. It's not really that hard..
- command prompt
- "telnet 192.168.2.100 80"
- if it manages to connect, you know you get at least some information
- type "GET / HTTP/1.1" and hit enter twice
- enjoy the HTML code of the startup page

Then again, the last probably doesn't make any difference - I'd assume you get a connection timed out.
0
 

Author Comment

by:arthurh88
ID: 34128906
i will try that.  i'm beginning to wonder if she has an unknown firewall on her machine.  i am driving out to her house in a few days and will try your suggestions.  your summary was completely correct.

1.  I have http on port 80 open to everyone on network 192.168.2.x
2. I have a linksys VPN router that has a PPTP server with 10 users maximum on my home network
3.  2 people VPN into the linksys, and can browse no problem on 192.168.2.100
4.  The third person can VPN successfully. The third person can PING 192.168.2.100 and get a reply
5.  The third person cannot browse 192.168.2.100
6.  While the third person is on a VPN, even though she gets a reply when SHE initiates the Ping, if I try to ping her anywhere on the 192.168.2.x network, there is no reply from her.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34129206
VPN to windows xp maximum 3 connections if it helps
0
 

Author Comment

by:arthurh88
ID: 34129243
its not a VPN to XP, it is a VPN into a linksys VPN router that allows up to 10.
0
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 500 total points
ID: 34130510
Configure another computer to get
Her PPTP IP 192.168.2.202 if it can connect its not anything from your side. (i mean the firewall blocking that ip). If this trial is successful definitely it has to do something with her firewall.

goodluck
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Monitor bandwidth 3 45
VMware ESXi 5.5 - Remote Latency via VPN 2 36
Network Connection 5 35
RDP Sonicwall 8 32
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now