?
Solved

Netgear Client to Site VPN with Windows 8.1 Clients

Posted on 2015-01-07
7
Medium Priority
?
352 Views
Last Modified: 2015-01-11
I'm supporting a small office with a few road warriors who VPN back to the home office file storage computer.
This has all been working fine for months on end with both Windows 7 and Windows 8/8.1 clients.
We are using the Windows firewall throughout the clients.
We are using the Netgear Prosafe VPN Client Professional (which appears to be GreenBow based).
The clients are all terminated on a Netgear FVS336GV2 Router.

Suddenly there are problems.
A remote client can connect the tunnel but can't see the files in the office.
No pings work between the clients and the (whether they did before or not?).

Unfortunately, I don't recall all of the settings that were used but I'm fairly confident that nothing has changed.
So, some of the below is for information and *not* the most likely cause:

The office local LAN subnet is 192.168.234.0/24
The apparent VPN subnet (at least by convention in the clients) appears to be 192.168.2.0/24
(I wonder why it's not 192.168.234.0/24 to match the LAN - but the client software warns if it's set this way).
So, I rather suspect that this is OK and that I just didn't remember this detail and the router

The VPN network connection on the client is showing as a Public Network.
This doesn't seem right to me.
I don't know how to change it to Private... even though I've gone through the typical "howto" steps.  I don't know how the VPN client interacts
The original setup has the Private File and Printer sharing items on the clients set to include the LAN subnet in their scopes.

We suspect that there's something about Windows 8.1, perhaps an update, that's changed the good performance.  But, we don't know what that might be.

Some users report that rebooting their client computer fixes it for a time.  But, I've not been able to confirm this hands-on.
VPN-Router-Connections.jpg
VPN-Client.jpg
VPN-Client-Network-Connections.jpg
VPN-Client-Firewall-Typical...jpg
0
Comment
Question by:Fred Marshall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 97

Accepted Solution

by:
Experienced Member earned 2000 total points
ID: 40536836
This has all been working fine for months on end with both Windows 7 and Windows 8/8.1 clients.

I wonder if this is because of recent security updates in Windows 8.1. I use NCP Secure Entry as a client (www.ncp-e.com) and there was a new complete upgrade at the introduction of Windows 8.1. Ask Netgear for a client update.

A remote client can connect the tunnel but can't see the files in the office

What happens if you try to map a drive as Z: \\192.168.234.x\folder ?  Do you get an error?  DNS could have changed.
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 40536973
John:  thanks..

This was working fine post-8.1.
The Netgear client version appears to be the same today as it was a few months ago.

I think I got it fixed but the "fix" doesn't make sense to me.

On the workstation that is the "file server" at 192.168.234.10, I added a route:
route add -p 192.168.2.0 mask 255.255.255.0 192.168.234.1 metric 3.

That seems silly because 192.168.234.1 is the gateway and default route.
It implies that packets destined for 192.168.2.0 would either:
- not depart the file-serving workstation
- not get into the tunnel at the router.

The router has been up for 29 days and I wonder if a reboot might not be the "real" fix.
Yet, the fix appears to have been at the server...... (Also Windows 8.1).
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40536984
I am not precisely sure, but the route changes tie a bit into my comment about mapping by IP address.

I would still ask Netgear about a new client just to be sure.
0
Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

 
LVL 26

Author Comment

by:Fred Marshall
ID: 40537007
Oh.  Well the thing about IP addresses vs. names is already part of the formula - so I hadn't responded about that.
But, it's darned good advice!

The client is freely downloadable and has the same version number as the ones that are installed.
I ran wireshark at each end and found that it was the server not getting back to the client.  So I think the client is working OK.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40537011
The IP address part is just a test to help narrow down issues.

I ran wireshark at each end and found that it was the server not getting back to the client

Thanks. The Netgear box may need a firmware update.
0
 
LVL 26

Author Closing Comment

by:Fred Marshall
ID: 40543566
Thanks for the advice.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40543574
@fmarshall  - You are very welcome and I was happy to help.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question