arthurh88
asked on
Connected to VPN but no internet?
a friend of mine is trying to connect to our home computer (XP PRO) over VPN. The VPN is setup correctly (I use a linksys VPN router, PPTP) and works from other locations.
She can successfully connect via VPN.
She can successfully PING my XP PRO box
But she cannot browse the internet,
and she cannot browse my XP box Website
Her norton is disabled. her firewall is disabled.
I cannot ping her IP from my XP Box, even though she CAN ping my XP box.
Her VPN shows connected on my Linksys router, and pinging me from her machine works, but pinging her from my machine doesn't.
The goal is for her to browse my XP Website from her machine, and both IE and Firefox just display a "waiting for connection" message and hang, not even resulting in an error. (she also cannot browse any internet website)
I tried everything and am out of ideas. Anyone have an idea?
She can successfully connect via VPN.
She can successfully PING my XP PRO box
But she cannot browse the internet,
and she cannot browse my XP box Website
Her norton is disabled. her firewall is disabled.
I cannot ping her IP from my XP Box, even though she CAN ping my XP box.
Her VPN shows connected on my Linksys router, and pinging me from her machine works, but pinging her from my machine doesn't.
The goal is for her to browse my XP Website from her machine, and both IE and Firefox just display a "waiting for connection" message and hang, not even resulting in an error. (she also cannot browse any internet website)
I tried everything and am out of ideas. Anyone have an idea?
ASKER
hi thanks for your reply.
She can ping: 192.168.2.100
But cannot browse: http://192.168.2.100
Her PPTP IP is 192.168.2.202
She can ping: 192.168.2.100
But I cannot ping: 192.168.2.202
Im using straight IP addresses, so DNS and name resolution shouldn't have anything to do with it right? or am I wrong?
She can ping: 192.168.2.100
But cannot browse: http://192.168.2.100
Her PPTP IP is 192.168.2.202
She can ping: 192.168.2.100
But I cannot ping: 192.168.2.202
Im using straight IP addresses, so DNS and name resolution shouldn't have anything to do with it right? or am I wrong?
Can she ping your xp by name? Then DNS working fine.
If not check your firewall both native one and the one the anti-virus allow port 80 to pass through to allow http traffic
If not check your firewall both native one and the one the anti-virus allow port 80 to pass through to allow http traffic
ASKER
the goal is not for DNS to work. The goal is simply to browse http://192.168.2.100
I shouldn't need DNS for that.
I shouldn't need DNS for that.
ASKER
what i dont understand is how the following can occur (her IP is 192.168.2.202)
1. She can ping 192.168.2.100
2. She cannot browse 192.168.2.100 (on both IE and firefox)
3. I cannot ping 192.168.2.202
how can all this happen? I'm stumped.
1. She can ping 192.168.2.100
2. She cannot browse 192.168.2.100 (on both IE and firefox)
3. I cannot ping 192.168.2.202
how can all this happen? I'm stumped.
Hi
if she can ping and get the reply then communication can take place in both ways can you turn off the firewall and check? try turning it off at your end both built in and if any third-party ones are on that as well. if it doesnt work ask her to try on her side.
I would suggest if you have another machine on your network try accessing it on that to rule out any problems on your side
if she can ping and get the reply then communication can take place in both ways can you turn off the firewall and check? try turning it off at your end both built in and if any third-party ones are on that as well. if it doesnt work ask her to try on her side.
I would suggest if you have another machine on your network try accessing it on that to rule out any problems on your side
ASKER
i know its not on my end, because 2 other computers successfully VPN daily to our machine, and can browse http://192.168.2.100 no problem!
Ahh, my mistake. I thought you actually wanted to be able to browse the internet through the VPN too.
So, in the light of the new information, the current situation is:
You have a server machine, it has a HTTP server installed, and the port 80 on that machine is not protected by a firewall, at least from the 192.168.2.x network. There are more than one users using the VPN, and at least two of those are able to do exactly what you want without any changes to the configuration. Am I right at this point?
I also assume you can see the ping traffic from her computer to your box in your VPN appliance?
The only things that I can think of at this point - and with this information - is to make sure the local network at her end doesn't conflict with yours. Another might be to try to just telnet to the HTTP port and see if you get any response assuming the person has the required skills. It's not really that hard..
- command prompt
- "telnet 192.168.2.100 80"
- if it manages to connect, you know you get at least some information
- type "GET / HTTP/1.1" and hit enter twice
- enjoy the HTML code of the startup page
Then again, the last probably doesn't make any difference - I'd assume you get a connection timed out.
So, in the light of the new information, the current situation is:
You have a server machine, it has a HTTP server installed, and the port 80 on that machine is not protected by a firewall, at least from the 192.168.2.x network. There are more than one users using the VPN, and at least two of those are able to do exactly what you want without any changes to the configuration. Am I right at this point?
I also assume you can see the ping traffic from her computer to your box in your VPN appliance?
The only things that I can think of at this point - and with this information - is to make sure the local network at her end doesn't conflict with yours. Another might be to try to just telnet to the HTTP port and see if you get any response assuming the person has the required skills. It's not really that hard..
- command prompt
- "telnet 192.168.2.100 80"
- if it manages to connect, you know you get at least some information
- type "GET / HTTP/1.1" and hit enter twice
- enjoy the HTML code of the startup page
Then again, the last probably doesn't make any difference - I'd assume you get a connection timed out.
ASKER
i will try that. i'm beginning to wonder if she has an unknown firewall on her machine. i am driving out to her house in a few days and will try your suggestions. your summary was completely correct.
1. I have http on port 80 open to everyone on network 192.168.2.x
2. I have a linksys VPN router that has a PPTP server with 10 users maximum on my home network
3. 2 people VPN into the linksys, and can browse no problem on 192.168.2.100
4. The third person can VPN successfully. The third person can PING 192.168.2.100 and get a reply
5. The third person cannot browse 192.168.2.100
6. While the third person is on a VPN, even though she gets a reply when SHE initiates the Ping, if I try to ping her anywhere on the 192.168.2.x network, there is no reply from her.
1. I have http on port 80 open to everyone on network 192.168.2.x
2. I have a linksys VPN router that has a PPTP server with 10 users maximum on my home network
3. 2 people VPN into the linksys, and can browse no problem on 192.168.2.100
4. The third person can VPN successfully. The third person can PING 192.168.2.100 and get a reply
5. The third person cannot browse 192.168.2.100
6. While the third person is on a VPN, even though she gets a reply when SHE initiates the Ping, if I try to ping her anywhere on the 192.168.2.x network, there is no reply from her.
VPN to windows xp maximum 3 connections if it helps
ASKER
its not a VPN to XP, it is a VPN into a linksys VPN router that allows up to 10.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First you might want to check what settings you have - IPCONFIG /ALL
Then you might want to check whether your DNS resolves anything: NSLOOKUP YAHOO.COM
Third, check your routing tables - NETSTAT -NR
Fourth, use traceroute to see where your traffic is going: TRACERT -D YAHOO.COM
All of the commands are supposed to be used in the command prompt, and all are in upper case to make it easier to see them. EVERYTHING in them should be in lower case when you do type them, especially the command line switches.
I would assume you either:
a) are unable to resolve any names because the end point gives you new (faulty) DNS information and the client connecting is no longer able to resolve names properly - nslookup would just fail. Nslookup also shows you which DNS server the machine is trying to use. Running the command both with the VPN enabled and disabled allows you to easily see what's going on
or
b) the VPN connection gives your machine a new default gateway but screws up something else in the configuration, making your other machine effectively unable to connect to the internet.
On Win7 you can define whether to use the remote default gateway or not - the settings can be found from the VPN connection properties -> Networking -> IPV4 -> Advanced -> there's a check box on the IP Settings page ("Use default gateway on remote network") - disabling that would allow a Win7 machine to access internet, too. I'm not sure if WinXP had the same checkbox.
Hope some of this helps. It would've been useful if you had posted some information about your level of knowledge about LANs, IP traffic and such. Now I'm just forced to assume you know next to nothing, which would allow you to configure the VPN but not really use it for anything else. If I'm wrong, please let me know how far I am from the target, and we'll get it set up. I've got some XP machines too, they're just at a different location I can reach only tomorrow to check.