Solved

VPN Connect but No Network Resources OSX 10.6 and iVPN

Posted on 2010-11-21
20
1,077 Views
Last Modified: 2012-05-10
Hi All,

I've searched asked questions but can't find anyone with exactly this problem.

I have setup VPN to my home network via iVPN.  All computers are Mac running OSX Snow Leopard.  I am able to connect to the network via the VPN no problem but I am not seeing any of the resources on my home network.  I have checked the iVPN basic troubleshooting and made sure the VPN service is first in my list. I'm using the iVpn DHCP range 192.168.56.100 - 105 on a network with a range of 192.168.56.1 - 50.

When connected via the VPN I can successfully ping all the devices on my network but I'm not seeing them for file sharing access. Sharing is turned on.

When multiple computers are comnected to the VPN, I CAN share between them but not between the Home network resources. It seems I need a "bridge" or NAT between the iVPN DHCP and the home network?? (Just guessing)

By the way, when I connect the laptop to my home network directly (not via VPN) I can see all network resources normally.

I'm guessing this is an IP issue, but I'm lost as to what I need to change.  Can anyone help please?
0
Comment
Question by:Firebladeboy1993
  • 12
  • 8
20 Comments
 

Author Comment

by:Firebladeboy1993
ID: 34189774
Really? No-one?  How about if I increase the points to 500? :-)
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34189875
Are you using Bonjour to discover the Home network systems or are you connecting directly via IP?  

How are you trying to 'view' the systems.?
0
 

Author Comment

by:Firebladeboy1993
ID: 34189885
Hi Mike. Directly Via IP address.  On the Mac, available network resources appear automatically in the Finder.
0
 

Author Comment

by:Firebladeboy1993
ID: 34189928
To clarify. When I say directly, I mean via the VPN, which is configured to access the IP address.  So I connect to the VPN successfully. At that point my Network resources should appear in the finder.....at least they normally do.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190012
In Finder, can you GO -> CONNECT TO SERVER -> and enter the other PC IP address here.   What are those results?  

I know you are looking for the auto-propagating list, but lets just get basic connectivity first.

0
 

Author Comment

by:Firebladeboy1993
ID: 34190018
Ah, this is interesting;  If I use the Connect to Server finder option and specify the individual IP addresses as SMB xx.xx.xx.xx, I CAN connect and access them.  But why is this stage necessary? Which part of the config do I need to change to make OSX identify and connect to the resources directly, as it does when I join the network locally (not via the VPN)?
0
 

Author Comment

by:Firebladeboy1993
ID: 34190022
Ha! Our emails crossed! So yes. I CAN connect that way...see my above post.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190043
OSX will use Bonjour to discover network resources.   So any network device on your same broadcast subnet would be 'discovered' automatically.  

Bonjour does not work across routed subnets (without a whole lot of effort).  

So, what is the subnet of your home network?  
What is the subnet of your VPN IP scope?  

Are they in the same network?  

0
 

Author Comment

by:Firebladeboy1993
ID: 34190115
Ah, so it's Bonjour that's doing the donkey work for finder.  Now, Subnets....Ummmm.. I get a but vague about IP at this point, so forgive me! On the home network the Subnet mask is 255.255.255.0 for an IP address range of 192.168.56.1 - 50.   There's nowhere to specify a subnet mast on the iVPN configuration but I'm using range 192.168.56.100 - 110. I've also tried the latter with 10.0.1.10 - 20 too.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190179
192.168.56.1-255 would be covered under 255.255.255.0.    So I'm just a little confused over why you mention the range is 1-50.   Where is this range specified?   Is it on a device on on a config somewhere?  

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Firebladeboy1993
ID: 34190199
I specify it as the DHCP range on the Router (Apple Time Capsule) on the home network.  Now there's also a DHCP specified on the iVPN and that's where I specify the second range.  I didn't think they should overlap....
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190225
On the time capsule, can you specify the entire subnet 1-254 and then add an exclusion for the vpn range of 100-110?   Then let the iVPN range use 100-110?  
0
 

Author Comment

by:Firebladeboy1993
ID: 34190291
Ummm...tricky.  To "Reserve" IP addresses on the DHCP on the Time capsule, you have to have to provide a MAC ID or DHCP Client ID.  I don't want to specify the MAC ID's of all the likely devices that will connect to the VPN and I don't see anywhere to specify a DHCP Client ID....
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190426
A Reserve is different from an Exclusion.  

An exclusion tells the DHCP server not to hand out a certain range of IPs.  

I don't have a time capsule to test with....   But as a test, set your dhcp range to be 1-200.  Then let the iVPN use 100-110.  Make sure both have 192.168.56.0 /255.255.255.0 as the subnet id and mask.   Then test it out.  

Let's see how that works.

Bonjour is basically a broadcast protocol.   The devices must be in the same broadcast domain for it to find other hosts.    I think there may be something happening with NAT or something that uses 2 separate subnets so that the broadcast traffic isn't working.    

Also, When you VPN into the network, Does your system get a different ip that is somehow NAT'd into the home network?    From Terminal, run IFCONFIG and see what IPs your system has assigned to it before and during the VPN session.  

0
 

Author Comment

by:Firebladeboy1993
ID: 34190508
Ah, well, in that case I don't see anywhere to specify any Exclusions.
 
Should I try your suggestion without the exclusions?  The reason I ask is that the iVPN instructions specifically tell you not to do that when troubleshooting exactly this problem "Make sure you do not have the same IP address range on the server's network as the client's network."

Should I give it a shot anyway?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 34190875
Usually you don't want that because it avoids duplicate IPs being assigned, etc...    but I'm curious to see what you get.       What did you see from ifconfig?


0
 

Author Comment

by:Firebladeboy1993
ID: 34190979
IFCONFIG Before VPN Connect on Host network is as follows:



lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
      inet6 ::1 prefixlen 128
      inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
      inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1e:c2:00:19:e8
      inet6 fe80::21e:c2ff:fe00:19e8%en0 prefixlen 64 scopeid 0x4
      inet 192.168.56.2 netmask 0xffffff00 broadcast 192.168.56.255
      media: autoselect (1000baseT <full-duplex,flow-control>)
      status: active
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 0b:0b:0b:0b:0b:0b
      inet6 fe80::21e:c2ff:fe00:19e8%en7 prefixlen 64 scopeid 0x5
      inet 169.254.20.88 netmask 0xffff0000 broadcast 169.254.255.255
      media: autoselect (10baseT/UTP <full-duplex>)
      status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
      lladdr 00:1e:52:ff:fe:46:37:5c
      media: autoselect <full-duplex>
      status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1e:52:73:8f:f8
      media: <unknown subtype> (<unknown type>)
      status: inactive
en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1d:4f:8e:8b:90
      media: autoselect
      status: inactive
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:50:56:c0:00:01
      inet 172.16.209.1 netmask 0xffffff00 broadcast 172.16.209.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:50:56:c0:00:08
      inet 192.168.103.1 netmask 0xffffff00 broadcast 192.168.103.255


With VPN Connected, it looks like this:


lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
      inet6 ::1 prefixlen 128
      inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
      inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1e:c2:00:19:e8
      inet6 fe80::21e:c2ff:fe00:19e8%en0 prefixlen 64 scopeid 0x4
      inet 192.168.56.2 netmask 0xffffff00 broadcast 192.168.56.255
      media: autoselect (1000baseT <full-duplex,flow-control>)
      status: active
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 0b:0b:0b:0b:0b:0b
      inet6 fe80::21e:c2ff:fe00:19e8%en7 prefixlen 64 scopeid 0x5
      inet 169.254.20.88 netmask 0xffff0000 broadcast 169.254.255.255
      media: autoselect (10baseT/UTP <full-duplex>)
      status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
      lladdr 00:1e:52:ff:fe:46:37:5c
      media: autoselect <full-duplex>
      status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1e:52:73:8f:f8
      media: <unknown subtype> (<unknown type>)
      status: inactive
en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:1d:4f:8e:8b:90
      media: autoselect
      status: inactive
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:50:56:c0:00:01
      inet 172.16.209.1 netmask 0xffffff00 broadcast 172.16.209.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:50:56:c0:00:08
      inet 192.168.103.1 netmask 0xffffff00 broadcast 192.168.103.255
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
      inet 192.168.56.2 --> 192.168.56.101 netmask 0xffffff00


You can see the PPP VPN connection at the end.  What's up with the Netmask!? Is that normal?

Same result by the way, sucessful connection but no automatic detection of resources.
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 34191926
It looks like you are trying to VPN in from the same subnet.   Are you testing from outside the home network?     If yes, then it seems you have a little conflict Where the local lan is 192.168.56.0 and the PPP lan is also 192.168.56.0

BTW, netmask is fine ffffff00 = 255.255.255.0

0
 

Author Comment

by:Firebladeboy1993
ID: 34196424
Hi Mark,

I've been doing some research and iit seems geting Bonjour to run across a VPN is almost impossible.  It can only really be done by using specific VPN's such as Hamachi or OpenVPN which would be a total pain for me and not worth the effort.  Google running Bonjoiur over VPN to see what I mean.

In the meantime I'll close this and award the points anyway for your help.

Thanks,

Ken
0
 

Author Closing Comment

by:Firebladeboy1993
ID: 34196436
It was an incomplete Solution eventually but Mark was a lot of help in getting to that poiint.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now