1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems with VPN and Internet access

Discussion in 'Networks' started by Bluerinse, Oct 19, 2005.

  1. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I have a customer that runs a virtual office. They have three machines running XP Pro SP2, using XP's built in firewall and running Norton AV on a couple and AVG on the others. They all access the Internet wirelessley through a D-Link wireless access point using WPA-PSK > D-Link DL704P router/print server > D-Link DSL502T ADSL modem/router > Internet.

    This all worked perfectly until yesterday, let me explain. There is also another company in the office complex that employs one guy and he accesses the Internet through my customers LAN. Basically there is a cable patched through from his office that plugs directly into my customers ADSL 4 port router. I got a call from his IT manager saying that they are trying to set up a VPN so that this guy can access his company's Intranet but although the VPN was connecting okay they could not establish any proper connectivity. After chatting with his IT guy for a little while, we came to the conclusion that both networks, i.e. my one and the remote one in South Australia were on the same network ID. I agreed to change the subnet mask structure on my LAN. By default it was set to 10.1.1.0 - 255..0.0.0 to 255.255.255.0.

    After I made the changes, I tested connectivity and all worked perfectly fine for my customer. I then informed the guy that I had made the changes and suggested he tried the VPN to his H/O again. It worked perfectly and he could now work via his Intranet.

    All seemed to be fine, so I left. Later I got a call from the guy and he explained that whilst he was connected with the VPN, he was not able to browse and he asked me if this was normal. Well I have to admit that although I have studied the Microsoft's VPNs I have never actually implemented one before :oops: I said that it didn't surprise me and I would speak to his IT guy that has set up lots of these VPNs before and get back to him. I then got a call from my customer and here is the BIG issue. It seems that when this guy is connected (VPN), no other machine can access the Internet. They told me that they could check emails but I am not convinced this is correct. It was late and I thought it could be a red herring and possibly the ISP had problems, so I asked them to try again this morning. Well, they rang me and told me that they couldn't access the Internet or emails now? They use POP3/SMTP btw. The guy from the other office was not in yet and so I told them to just unplug the cable that feeds their office. Hey presto they were back on line again!

    Now this is odd. I asked them to find out if this guy shut his PC down last night and lo and behold he had :eek: It would appear that it was somehow preventing Internet access for the other machines on the same LAN even though it was off.

    I have to fix this so that this guy can use the VPN and all the other can surf/email at the same time.

    Any ideas guys????????

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  2. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Some of the cheap routers, i.e. dsl and cable routers do not allow any traffic other than the vpn traffic when there is a vpn connection. Take a look at the documentation on your router.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Thanks Freddy I will, although the D-Link documentation is dreadful IMHO. Have you experienced this or read it somewhere? If so, do you remember where?

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I have read it somewhere. I read a whole bunch of documentation on different routers when I was researching which one to buy and I think I read it then, but that was more than a year ago and I haven't a clue as to where.

    I'll do a little research and see if I can't find something.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  5. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Bluerinse,

    Read this thread. It explains the behavior you are experiencing.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  6. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Another link for you.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  7. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Cheers Freddy but I am still pulling my hair out over this. The links you kindly provided did shed some light on the subject but they relate to being able to connect to the Internet from the client that has established the VPN. You can get round this by either using split tunneling, which basically means don't use the default gateway of the far VPN end point. Not an option as it is a security no no.

    I have even spoken with D-Links support and the guy there was equally perplexed, though he is going to escalate the problem and get someone to call me back later today.

    Nowhere can I find info on why the other clients on the LAN can't access the net and I have searched and read an awful lot of threads on that excellent Whirlpool forum you linked to.

    Just wanted to keep this thread alive until the problem is sorted.

    Thanks,

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I thought the that peer-to-peer thing would probably be the answer. I can see how it would cause the router to drop all other connections.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  9. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Thanks again!

    I am going in there tomorrow morning to see what is happening for myself. I will go armed with a switch and do a process of elimination, so that at least I know which router is doing this. This network was already set up by someone else, personally I wouldn't use two cheap routers in conjunction providing Internet access to five PCs, I think that could be an issue.

    I will let you know more details after I have been there. I can't cause too much disruption to the work/network of my customer. This is the real world where you can't be a pest whilst trying to diagnose a difficult problem, I have to be virtually invisible 8)
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  10. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I went there today, tested network with VPN disconnected all okay on local LAN. Plugged VPN machine in, went to his office and did an IPconfig /renew, so that his machine would pick up it's IP configuration from my customers DHCP server. He could surf the net too, no issues thus far.

    Before connecting his VPN, I went into the VPN properties and unticked *use remote gateway* (this is not recommended as it opens up a security issue known as split tunnelling, however it does fix some VPN issues). Then connected to his head office (VPN) and he could log into his Intranet. However, as I expected, without using his remote gateway, he could not access *all* of the resources over the connection, the ones on other subnets but he could surf and so could my customer on all their PCs. I closed the VPN connection and re-set his connection properties back to how they were i.e. using the remote locations gateway.

    He then connected again and could access the Intranet and all resources on the remote network. Walked the seven steps back to My customers office whilst he was still using the VPN and they could surf and check emails too!!!

    So, although I didn't really do anything, the VPN issue seems to have sorted itself out. I haven't really got a clue as to why but there it is. I even tried re-booting the VPN PC and re-connecting, disconnecting etc but try as I may, I could not make the thing play up.

    Oh well, using the olde adage "if it aint broke don't fix it".

    Thanks for your help Freddy, it sure had me going there for a while :eek:
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...