Accessing servers on a VPN...

M

McDeth

Limp Gawd
Joined
Sep 26, 2002
Messages
414
For those of you who want to know what I'm doing, I work for a small buisness that reviews the pre-emplyment physicals for counties and cities, as well as some major corporations, around the U.S. We have employee's that are out on the road doing job site analysis from remote locations that need to have access to internal files, as well as medical information and Job site info. This information is available via a central server we have, but when I just tried to connect to the server via the computer that was on the remote connection side of the VPN, I wasn't able to see it.

I may as well add that this we're using software for Macintoshes, since the router I am using, a Linksys BEFVP41, doesn't support Linksys's QuickVPN software, or the built in VPN software on Mac OSX. Right now I need to be able to connect to a central server on the remote VPN while I am at a remote site, and I cannot remember if you have to have a different subnet or the same, or even the same mask. Is there a guide out there that will point me in the right direction?

Thanks for any help you guys can provide.
 
Did you try to connect to the server by host name or by IP address? I'm willing to bet it was by host name. If it was by IP, and you couldn't access/ping it, then you do not have your VPN setup correctly.

If the VPN is configured correctly, then you should be able to access the "Central Server" via IP address. Associating the Host Name with the IP Address is the next hurdle. Do Mac's have an equivalent to a Hosts File? If so your easiest solution is make and entry in that associating the IP with the Host name, and you're done (as long as the "Central Server"s IP won't change)
 
Actually, I connected by inputting the static IP address of the office. The connection I tried the VPN from was a comcast connection with a Lan ip of 192.168.1.0, while the office has a range of 192.168.2.0. Could this be affecting my attemps? Also, both the office and the home connection have the same subnet mask, and I can't remember if this is bad or good.

edit: el oh el at this Microsoft support response for VPN support. Actually reading ftl apparently...

Pawan_MSFT (Expert):
Q: We are a 15 user satellite office with a high speed business modem connected to a Cisco 3020 VNP, which routes one IP address to main network through the firewall. We get constant disconnects of the VPN. Modem is no problem. Advice with tracing packets?
A: Satellite connections usually have high latency and can cause possible time outs of VPN protocols causing disconnections.
 
Those 192.168 addres blocks are the internal non-internet-routable addresses dished out by each networks own internal DHCP configurations. If you are aiming your VPN software at a target / remote addy of 192.168.x.x it cannot work at all.
What is the public IP of your host system / host system's VPN connection? That's where you should be aiming.

Or have I completely misread what you are saying?
 
The local LAN and the Remote LAN need to be separate subnets to facilitate routing. SO that should be correct.

You said you connected by IP. Was that attempt actually sucessful? If not, Can you ping the IP? I'm going to guess that your software SAYS your connected, but you aren't passing any packets through the tunnel.

Pardon, my Mac ignorance, but Mac's a have a built-in PPTP client, right? If it's easier than dicking with this, I'd pickup a Linksys RV082 router (bullet-proof reliability compared to standard SOHO Linksys Crap) Great IPSEC (and QuickVPN Client) and PPTP support.

~$275 or so. Easy solution that WILL work.
 
sounds like you have no idea what you're doing. hire somebody or talk to your companies tech dept. if you are the tech dept, I'm sorry for your company
 
jvlazzar said:
sounds like you have no idea what you're doing. hire somebody or talk to your companies tech dept. if you are the tech dept, I'm sorry for your company
Click to expand...

Come on now. No reason for this kind of talk. The guy has questions, and we have answers.
 
jvlazzar said:
sounds like you have no idea what you're doing. hire somebody or talk to your companies tech dept. if you are the tech dept, I'm sorry for your company
Click to expand...
Hey, thanks for this insightful reply, maybe you can grace us with your godlike knowledge of configuring clients to use VPN's instead of being a dick?



Anyways, for those of you that are actually helping, I seriously have no idea what the hell is wrong. I just hooked up another BEFVP41 router, the same type at my office, to my home connection. I enabled remote admin on the router at work, and pretty much line for line copied the VPN settings for both ends.

For my home network I used the IP range of;
Router IP - 192.168.1.1
Subnet -255.255.255.0
IP Range - 192.168.1.2-254

For my work I used;
Router IP - 192.168.2.1
Subnet - 255.255.255.128
IP Range - 192.168.2.2-249

Both routers have exactly the same VPN settings, and both were able to establish a VPN connection. Now, this is where it gets weird. I had both a PC and a Mac connected to the VPN, and on the Macintosh I was able to ping the ip address of the file server and every other computer on the office side of the VPN, and I was also able to ping every IP from the PC as well. When I went to use the IP address of the file server and tried to MSTSC into it using its OFFICE IP (192.168.2.250) I got to the login screen and was able to get in, but when I go to connect to the server with the Macintosh, it cannot connect to it. My question is, do I need to use an ENTIRELY DIFFERENT IP range and subnet to get this to work the way I want it to? I.e.-
Router IP - 66.176.22.1
Subnet - Well fuck I can't change this more then I already have
IP Range - 66.176.22.2-249

What I want to be able to do is Go into Network neighborhood---->Entire Network--->Workgroup--->Dell Server and access the files I need right from the drive. Is this even possible for a VPN to do?
 
As far as Accessing it via "Network Neighborhood", that's not going to happen. That functions by Netbios broadcast, and traditionally those don't travel over VPN ( I'm well aware that the BEFVP41 has a setting to forward those packets, but believe me, it's flaky at best, NOT reliable like it has to be for a corporate environment)

As long as you CAN acces it via IP, then I refer to my first reply:

Nate7311 said:
If the VPN is configured correctly, then you should be able to access the "Central Server" via IP address. Associating the Host Name with the IP Address is the next hurdle. Do Mac's have an equivalent to a Hosts File? If so your easiest solution is make and entry in that associating the IP with the Host name, and you're done (as long as the "Central Server"s IP won't change)
Click to expand...
 
Well, I'm more of a PC person myself, so I don't know if it does have an equivalent file, but I do know that if you press apple-k, it will bring up a window that will connect to a specific computer via ip address. When I use this method, it does not work. I haven't tried to connect to the file server with my pc yet, so I'll give it a shot.
 
Oh, I thought I had said that I could ping the server from my end of the VPN, using its local IP. (192.168.2.14)

I had both a PC and a Mac connected to the VPN, and on the Macintosh I was able to ping the ip address of the file server and every other computer on the office side of the VPN, and I was also able to ping every IP from the PC as well. When I went to use the IP address of the file server and tried to MSTSC into it using its OFFICE IP (192.168.2.250) I got to the login screen and was able to get in, but when I go to connect to the server with the Macintosh, it cannot connect to it
Click to expand...

:p

That last part could have been better written though. :(
 
Ok, since I can do everything I want via a PC but not the MAC, maybe a better question would be; Is there a Mac forum somewhere where I can ask if I'm doing something wrong with the Macintosh?
 
By connect, do you mean make a file server connection, or use the MS RDP client to connect to the server?

If it is a file server connection, is the server running Windows 2003 Server and its a DC? If yes, you have to reduce the security on SMB connections on your server to allowed unencrypted authentication sessions for SMB connections. The SMB client on OX X does not support encrypted SMB connections.

http://www.macosxhints.com/article.php?story=20030922153448490

A better solution is to enable Macintosh file sharing on the server and use the latest Microsoft UAM on the OS X box. Lets you keep all of you access traffic encrypted.

http://support.microsoft.com/kb/838331/en-us
 
You must log in or register to reply here.
Back
Top