Another 7800N VPN question....

Post Reply
pawhe955
Posts: 10
Joined: Thu Sep 29, 2011 12:51 pm

Another 7800N VPN question....

Post by pawhe955 » Tue Nov 01, 2011 2:04 pm

Hi all,

Trying to use the VPN facility on my 7800N, but have hit a brick wall.... hoping someone might have seen something similar and have an answer.... thanks in advance....

I've enabled a "Remote Access" (i.e. *not* LAN-to-LAN) PPTP VPN server on my home 7800N; I've ensured that the IP address that the VPN client gets issued when it connects, is outside of any DHCP server managed range....

At the (Windows XP) client end: I've ensure that the client (native IP address) has no restrictions with regards to outgoing connections through our 'corporate' Firewall; I've ensured that the client PC firewall is OFF (for testing purposes); the "use default gateway on remote network" is checked (although initially I just want to be able to connect to home IP's - later might want to try and connect to public IPs via the VPN); I've successfully defined a VPN connection to my 7800N external/public IP address, and in fact it appears that I can successfully connect to my home LAN, as after connecting, an "ipconfig /all" on my client PC shows that my "PPP adapter" has the IP address I defined in the 7800N VPN server - albeit with the subnet mask of 255.255.255.255, rather than the 255.255.255.0 that is used on my home LAN <As an aside, is this subnet mask normal for a VPN/PPTP connection? How does the client PC therefore know to send traffic for the other IPs in the home LAN subnet, out via the VPN, if it doesn't know the size of the subnet... or is connectivity to the other IPs on the home subnet covered by the "use default gateway on remote network" option??>.

Also at the client side, I am testing either with command line (e.g. telnet, ping), or an instance of Firefox that is configured to *not* use any proxies, so all routing of IP packets should be direct - e.g. over the PPTP connection if to my home LAN IP range (and in theory, as a default gateway) with all local 'corporate' Network traffic staying local....

I can successfully ping my home LAN internal router interface (.1); I can successfully ping my home LAN networked printer IP (.200); I can successfully ping my home LAN Network Camera IP (.207); but....

I cannot ping the home LAN IP address of a PC that I left on, for testing purposes - in this case I get a "Destination host unreachable." reply from the internal IP address (.1) of my 7800N.

And although I can *ping* it, I cannot *telnet* to the internal IP of my home router (.1), which I *can* do from *any* local home PC; I also cannot use FF to http connect to the home LAN IP of the router (.1), nor to the printer's web admin interface (.200); nor to the web server that runs on the network camera (.207). All sessions just time out.

I do not believe that I have anything but default Firewall rules on the 7800N, in case that could be an issue.

Am I missing something obvious?

Thanks in advance for any assistance....

P.

billion_fan
Posts: 5294
Joined: Tue Jul 19, 2011 4:30 pm

Re: Another 7800N VPN question....

Post by billion_fan » Tue Nov 01, 2011 3:33 pm

Make sure the remote end and local end are on different subnets eg 192.168.1.x (local) 212.168.1.x (remote)

While playing around I would suggest enabling 'Remote Access' on the router so once you dial in you can check the status of PPTP connection via the external IP address (to check if the billion is seeing the PPTP tunnel as up, normally found under Advacned >> Status >> PPTP Status) also check the system log to see if it logs the incoming PPTP connection.

I hope this helps.

pawhe955
Posts: 10
Joined: Thu Sep 29, 2011 12:51 pm

Re: Another 7800N VPN question....

Post by pawhe955 » Wed Nov 02, 2011 2:12 pm

Thanks for the reply.... however....

I just found my issue - although I had tried to ensure that there was nothing to get in the way of (i.e. block or divert, etc.) the VPN traffic by 1/ adding rules to the "LAN/WAN Firewall" to allow my test client PC to have unrestricted outgoing access to the Internet; and 2/ by disabling the Firewall on my client PC, I forgot that the 'corporate' implementation here included an additional Firewall Client Application installed on the client PC, that interacts directly with the LAN/WAN Firewall..... :oops:

Logging back onto the client PC with admin rights on the client PC allowed me to disable the Firewall Client App., and then everything worked as I expected - I was able to telnet to my router's home LAN IP, use FF to http to it, and http to the home LAN IP of my Network Camera. I am assuming (and some Wireshark traces seem to support) that the Firewall client app. was indeed diverting application (e.g. telnet, http) data - but not pings, weirdly. And still can't work out why I can't get to the PC on the Home LAN - but that might be an issue with that PC's software firewall.....

Anyway, first impressions of setting up and using the 7800N VPN (server) functionality are really positive....

Thanks,

P.

Ayelen
Posts: 1
Joined: Mon Dec 05, 2011 5:12 am

Re: Another 7800N VPN question....

Post by Ayelen » Tue Dec 06, 2011 4:22 pm

:|
Last edited by Ayelen on Fri Oct 26, 2012 4:32 pm, edited 1 time in total.

Post Reply