Dream Weaver

I now have my network setup and working (mostly) for main PC, Xbox and PS2. But...i'm still having the following problems:

1. If I leave the router switched on, then turn my PC on in the morning I cant connect. Ipconfig shows the LAN connection, but I cant get anywhere. I have to switch the router off, wait 10 secs, then switch it back on - everything is fine then but its annoying!!

2. I have a VPN connection to Titan for my website databases (MySQL) When I double click the connection, it comes up with "connecting to vpn", authenticates and registers then the connection is there (i.e. with the little icon in the sys tray).

Ipconfig shows the connection, and I can ping the IP address it has given me, but I cant ping any of the servers on the network that I need to get to.

So anyone got any ideas on this? Its well annoying me now

I can post net diagnostics if required?

ozzy

ping only tells you if the device responds or not (no more). Try doing a tracert to the IP address you are given as well as the servers you want to connect to over the VPN. e.g tracert 158.152.1.58

Is your VPN setup between your individual PC and your ISP? you're not using your router to do a LAN - LAN VPN connection?

How is the router connected to your PC? RJ45 LAN or did you use the USB connection?

Stefan

Dream Weaver

Router is to PC via RJ45 ethernet cable.

VPN is setup at ISP level with username and password.

Fig

Check the metric value for the connections, as the VPN is probably taking priority over LAN connections and blocking the internal connections.

Dream Weaver

How do i do that?

ozzy

I think he means metric value of the routes.

Do a ROUTE PRINT at a command prompt.

Any joy with the tracert?

How did you connect via VPN before. Was the cable modem and (more importantly) the ISP IP address bound directly to your PC's LAN (or USB) port?

I assume you're now using NAT behind the firewall, so perhaps the VPN client has a problem routing requests on your NAT'ed network. What software is establishing the VPN connection?

Stefan

ScoobyDoo555

DW, I've been asking my IT dept at work, and to access VPN, the router needs a protocol enabled (protocol 49?) - effectively your VPN is a tunnel to and from your workplace. My (limited) understanding is that your home pc is seen as an extension to the work's network. You need to set up the router to allow your PC to be seen through this tunnel. However, the router may not be VPN compatible (can't check mine at work).

One way around it in the meantime is to reconnect your old ADSL modem when you want to use VPN.....

Hope this helps.....

Dan

ScoobyDoo555

DW - I've just found this on the ADSLTech website - it might help

http://adsltech.com/portal/forum/for...?TID=11&KW=VPN

Dan

Updated for a direct link to the post

http://adsltech.com/forum/forum_posts.asp?TID=202&PN=1

Dream Weaver

Right here goes:

Tried tracert and it worked fine on all IP addresses, except the ones I want to get to. It timed out on those, though I did notice it initially connected to a third mystery IP address in the same VPN range.

Just done route print, but have no idea what i'm looking at. Metrics of 1, 20 and 50 are showing, with various Ip addresses.

Before I set the network up I just connected via USB modem and all was well. BUT now here's the odd bit. Last week I ripped the router back out, as well as all network stuff and re-installed my USB modem, so I was back to my original connection mode, and I could no longer connect, so theres obviously been a system change somewhere.

Re NAT's and software, I am using Mysql-front to connect, but it comes up with a 2003 error. However that doesnt really matter as I cant even Ping the IP range in the first place once I have connected the VPN.

Not sure if this means anything, but the network diagnostics comes up with 1 FAIL error:

[00458755] WAN Miniport (IP) (FAILED)
- DNSServerSearchOrder (FAILED)
- 192.168.2.10 (FAILED)
Pinging 192.168.2.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.2.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

- 192.168.2.11 (FAILED)
Pinging 192.168.2.11 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.2.11:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Dont actually know what that IP address is though

Bloody nightmare this.

Also just tried to set the PS2 up with its own IP address rather than using the DMZ, and that dont work now either.

Computers - dont you love em

ozzy

Not now I don't. That was one reason why I joined the RMR and try to get back some sanity.

AFAIK, My-SQL isn't a VPN client. There must be something at a lower level establishing the VPN. I would suspect the M$ VPN client is used and My-SQL is just piggy-backing on top.

With a VPN you need to specify both end-points directly, so getting it to work behind a NAT'ed router can be a PITA. That's why I suspect it would work OK with the ADSL modem connected directly to a LAN or USB port - as the end-point is direct on the PC and not behind another router.

Stefan

Dream Weaver

I dont have a VPN client. The connection is just put in as a normal WAN connection - this may explain it better to you:

http://help.titanhosts.net/index.htm?i/vpn/intro.htm

Its the setup info for the vpn from Titan.

ozzy

You DO have a VPN client - it's the built-in M$ one. It just sits on top of the normal dial-up connection and uses a different protocol to establish the sessions and encapsulate the traffic.

Stefan

ozzy

I'm pretty sure the M$ client logs VPN session info, just need to figure out where it is. Only really used Linux and NetScreen VPN clients myself.

Would be interesting to know what is hosting the VPN session at your ISP. Firewall appliance, Windows server, etc..

Stefan

Dream Weaver

Sorted!!

It was the Sygate firewall - I had tried disabling it but still no joy, so I just uninstalled it completely, and the VPN connection is now fine

Going to do a system restart now and see if it also cures the "reseting" issue as well.

Fingers crossed!!

ozzy

DW, you muppet. Now you tell me there's another firewall on top of your router. sheesh, you sound like one of our users here

ozzy

If you'd have used ZoneAlarm it would have popped up prompting you that something was getting blocked or requesting access

Dream Weaver

And sure enough no reset required

Bloody firewalls, more hassle than they are worth. I dd have ZA but it knacked my system and slowed everything down.

So ZA, and Sygate dont work for me, what next? Just rely on the Dynamic NAPT of the router?

Thanks for everyones help with this, especially ozzy

Just wish I had uninstalled the bloody thing last week now.

ozzy

Depends on the firewall. It should block attacks, but the handy thing with one of the personal firewalls is it can allow and restrict applications and show if anything is getting through or more importantly rogue adware that's installed itself on your local PC.

Use something like grc.com to test your public IP address.

Stefan

Dream Weaver

I may reinstall sygate then and set it up properly - a bit loathe to now that everythings working though

First thing I did was the GRC shields up and all ports are stealthed - the only fail was that they could ping my machine, but not sure where to block that with the XP firewall.

ozzy

XP firewall? the public IP should be on your router. It's only that that they should be able to PING. They shouldn't be able to ping directly to your PC's card (on the NAT'ed, private IP addressing - 192.168.... etc).

You should be able to block ICMP pings on the router to mask that.

Dream Weaver

Is there a specific port for ICMP? I have virtual servers setup on the router to block most things - 21, 22, 23, 255 etc etc

Dream Weaver

Just GRC'd it again with the following results, dont think I need to worry too much:

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

ScoobyDoo555

ahh. another firewall

Glad it's sorted though

Dan - see you on XBox Connect for PGR2

Chris L

So will Sygate if you have the option enabled! Ozzy - off topic, how do you find the Netscreen VPN client?

Chris

ozzy

Chris,

It's the older NetScreen 7 client we use @ work. It's OK and pretty straightforward to setup. Can be a bit temperamental on XP if you add/remove network cards, but other than that it's decent enough.

I'd like to see the newest version though and compare it with some others. It's certainly better that the M$ one.

Stefan

Dream Weaver

Dont think I will be using XB Connect. Tried it the other night and it was a mare. PC is upstairs, Xbox downstairs, so I had to click on join game, then leg it downstairs and click on search for games on the Xbox, but it kept dropping the connection.

I would prefer to connect as a stand alone without the PC running, so will be investing in the live starter kit this week.

ozzy

LOL, it'll keep you fit Dan

Live is the way to go

Stefan