Netgear Client to Site VPN with Windows 8.1 Clients

I'm supporting a small office with a few road warriors who VPN back to the home office file storage computer.
This has all been working fine for months on end with both Windows 7 and Windows 8/8.1 clients.
We are using the Windows firewall throughout the clients.
We are using the Netgear Prosafe VPN Client Professional (which appears to be GreenBow based).
The clients are all terminated on a Netgear FVS336GV2 Router.

Suddenly there are problems.
A remote client can connect the tunnel but can't see the files in the office.
No pings work between the clients and the (whether they did before or not?).

Unfortunately, I don't recall all of the settings that were used but I'm fairly confident that nothing has changed.
So, some of the below is for information and *not* the most likely cause:

The office local LAN subnet is 192.168.234.0/24
The apparent VPN subnet (at least by convention in the clients) appears to be 192.168.2.0/24
(I wonder why it's not 192.168.234.0/24 to match the LAN - but the client software warns if it's set this way).
So, I rather suspect that this is OK and that I just didn't remember this detail and the router

The VPN network connection on the client is showing as a Public Network.
This doesn't seem right to me.
I don't know how to change it to Private... even though I've gone through the typical "howto" steps.  I don't know how the VPN client interacts
The original setup has the Private File and Printer sharing items on the clients set to include the LAN subnet in their scopes.

We suspect that there's something about Windows 8.1, perhaps an update, that's changed the good performance.  But, we don't know what that might be.

Some users report that rebooting their client computer fixes it for a time.  But, I've not been able to confirm this hands-on.
VPN-Router-Connections.jpg
VPN-Client.jpg
VPN-Client-Network-Connections.jpg
VPN-Client-Firewall-Typical...jpg
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
This has all been working fine for months on end with both Windows 7 and Windows 8/8.1 clients.

I wonder if this is because of recent security updates in Windows 8.1. I use NCP Secure Entry as a client (www.ncp-e.com) and there was a new complete upgrade at the introduction of Windows 8.1. Ask Netgear for a client update.

A remote client can connect the tunnel but can't see the files in the office

What happens if you try to map a drive as Z: \\192.168.234.x\folder ?  Do you get an error?  DNS could have changed.
0
 
Fred MarshallPrincipalAuthor Commented:
John:  thanks..

This was working fine post-8.1.
The Netgear client version appears to be the same today as it was a few months ago.

I think I got it fixed but the "fix" doesn't make sense to me.

On the workstation that is the "file server" at 192.168.234.10, I added a route:
route add -p 192.168.2.0 mask 255.255.255.0 192.168.234.1 metric 3.

That seems silly because 192.168.234.1 is the gateway and default route.
It implies that packets destined for 192.168.2.0 would either:
- not depart the file-serving workstation
- not get into the tunnel at the router.

The router has been up for 29 days and I wonder if a reboot might not be the "real" fix.
Yet, the fix appears to have been at the server...... (Also Windows 8.1).
0
 
JohnBusiness Consultant (Owner)Commented:
I am not precisely sure, but the route changes tie a bit into my comment about mapping by IP address.

I would still ask Netgear about a new client just to be sure.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Fred MarshallPrincipalAuthor Commented:
Oh.  Well the thing about IP addresses vs. names is already part of the formula - so I hadn't responded about that.
But, it's darned good advice!

The client is freely downloadable and has the same version number as the ones that are installed.
I ran wireshark at each end and found that it was the server not getting back to the client.  So I think the client is working OK.
0
 
JohnBusiness Consultant (Owner)Commented:
The IP address part is just a test to help narrow down issues.

I ran wireshark at each end and found that it was the server not getting back to the client

Thanks. The Netgear box may need a firmware update.
0
 
Fred MarshallPrincipalAuthor Commented:
Thanks for the advice.
0
 
JohnBusiness Consultant (Owner)Commented:
@fmarshall  - You are very welcome and I was happy to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.