Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » cant get vpn to work
  •  
breps

Messages: 8
Karma: 0
Send a private message to this user
Hi,

I recently did the upgrade to 6 and everything went smooth.

I am now trying to get the new VPN to work. I have added the correct traffic rules as stated in the Kerio Manual.

I can get the client to connect and all addresses seem to register ok in WinRoute. After connecting I can only ping the "local" vpn address. Another words if im on the client I can only ping the client... If im on the server i can only ping the server.

There is no other communication between client - server. I have been through everything I could find w/ no luck.

Can anybody give me any suggestions?
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
i got the same problem,i cant get it to work either. I have also tried to use a permanent VPN tunnel between 2 servers without luck... exactly the same behavior as described above.
  •  
breps

Messages: 8
Karma: 0
Send a private message to this user
can anybody help in configuring the vpn? I can use MS Routing & Remote Access to do this... Why not w/ Kerio? Is MS VPN better than Kerio? so far it seems that way.....
  •  
NNiM

Messages: 4
Karma: 0
Send a private message to this user

I also have the same problem, I am not able to brows/ping the vpn.
  •  
zebe

Messages: 2
Karma: 0
Send a private message to this user
Did you add VPN Clients in local traffic rule ?
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
breps:

I have a Kerio VPN basically working (except for the caveat detailed below), as follows:

1. On the server, in Interfaces ensure the VPN server is enabled, and it has a subnet defined which is different to your local subnet. Make sure the VPN driver is loaded (if it fails to load, you will see an error message near the foot of the Interfaces page).

2. On the server, in Traffic Policy add the following two rules:

Name: Kerio VPN Service
Source: (your internet NIC)
Destination: Firewall
Service: Kerio VPN
Action: Permit
Translation: None

Name: Local Net Traffic
Source: Firewall, VPN Clients, ...
Destination: Firewall, VPN Clients, ...
Service: Any (or restrict to whatever services you want)
Action: Permit
Translation: None

3. On the server, in Users, add the user accounts you will allow to access the VPN.

4 Copy the HOSTS file from the VPN server to the client, ensuring there are host entries for each LAN server that the client will be able to connect to. Retain the same LAN IP addresses that are used on the server.

5. On the client, install the Kerio VPN Client and configure it for the server's IP address (or name), and a user/password allowed by the server.

6. On the client, connect to the internet and run the VPN client.

On successful connection, I am able to view shared folders by entering, say, \\server\share in the Windows Explorer address bar, and shared printers similarly by their share name.

*However* I am not able to browse the network from the client (that is, via the Network Neighborhood tree) - attempts to do this meet with an error message. I have been trying over the last 10 days or so to get assistance from Kerio with this, but so far without success.

Hope this helps.

[Updated on: Wed, 23 June 2004 16:24]


Regards,
Steve Moss,
CoCo Systems Ltd.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
coco wrote on Wed, 23 June 2004 03:06

breps:

4 Copy the HOSTS file from the VPN server to the client, ensuring there are host entries for each LAN server that the client will be able to connect to. Retain the same LAN IP addresses that are used on the server.
Hope this helps.


You don't need this. VPN client uses DNS forwarder in KWF as a DNS server so it is able to resolve all IP addresses of local servers from hosts file on Winroute's computer as well as other computer names from DHCP leases.
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
PavelDobry wrote on Wed, 23 June 2004 08:16

coco wrote on Wed, 23 June 2004 03:06

breps:

4 Copy the HOSTS file from the VPN server to the client, ensuring there are host entries for each LAN server that the client will be able to connect to. Retain the same LAN IP addresses that are used on the server.
Hope this helps.


You don't need this. VPN client uses DNS forwarder in KWF as a DNS server so it is able to resolve all IP addresses of local servers from hosts file on Winroute's computer as well as other computer names from DHCP leases.


Sorry, but that is wrong. It does need the HOSTS file. Without it, it is not possible to refer to shared resources by the UNC path names. Please refer to your own colleagues' advice (esp. that of Jeff Wadlow) in personal e-mails to me.

Now, I agree it *should* not be necessary to use a HOSTS file, but with the Kerio VPN client it does seem to be the case.

Regards,
Steve Moss,
CoCo Systems Ltd.
  •  
NNiM

Messages: 4
Karma: 0
Send a private message to this user
I can't get the vpn feature to work. After I connect to the remote Kerio FW (no error, seems to work), I can't ping any IP or Name inside the LAN (no PDC, no FW, nothing).

My Lan Subnet is 192.168.1.0 (255.255.255.0) and I defined the VPN Subnet 192.168.2.0 (255.255.255.0) ant the first vpn client get an ip like 192.168.2.2 - but no chance to ping/browse the LAN...
  •  
Gabriel Velasquez

Messages: 1
Karma: 0
Send a private message to this user
I had the same problem. I removed the gateway address from the internal NIC
and that seemed to fix the problem.


--
Gabriel Velasquez
Information Technology Dept.
WorldatWork, Inc.
14040 N Northsight Blvd.
Scottsdale, AZ 85260
Tel: (480) 348-7227
Fax: (480) 483-8352
Web: http://www.worldatwork.org


> From: NNiM <sunnyz<at>mail2me.com>
> Reply-To: kwf<at>forum.kerio.com
> Date: Fri, 25 Jun 2004 00:14:48 -0700
> To: kwf<at>forum.kerio.com
> Subject: [kwf] Re: cant get vpn to work
>
>
> I can't get the vpn feature to work. After I connect to the remote Kerio
> FW (no error, seems to work), I can't ping any IP or Name inside the LAN
> (no PDC, no FW, nothing).
>
> My Lan Subnet is 192.168.1.0 (255.255.255.0) and I defined the VPN
> Subnet 192.168.2.0 (255.255.255.0) ant the first vpn client get an ip
> like 192.168.2.2 - but no chance to ping/browse the LAN...
>
>



  •  
kjordan

Messages: 2
Karma: 0
Send a private message to this user
My understanding about browsing through a VPN connection is that it's not possible. This applies to all VPN clients that I'm aware off. The reason is the browsing is based on the NetBios protocol which is a non routable protocol.
  •  
mikeonline

Messages: 6
Karma: 0
Send a private message to this user
Just make my KWF6 VPN browse LAN behind firewall...

I've added GRE (Generic Routing Encapsulation) service into the standard rule for incoming VPN connection. So it looks like this for incoming traffic:
Source: Internet Connection
Destination: Firewall
Service: Kerio VPN; GRE
Action: Permit
Translation: none
For outbound traffic:
Source: Firewall
Destination: Internet Connection
Service: Any
Action: Permit
Translation: none

All other settings are as stated in Administrator's Guide for KWF6, except manually adding appropriate names for hosts in HOSTS file. But that is not necessary - LAN addresses can be entered manually and they work.
I have done some tests both for vpn-client connection and vpn-tunnel connection. It woks fine for me Smile

May be that info would be useful for somebody.
  •  
breps

Messages: 8
Karma: 0
Send a private message to this user
I finallly got vpn to work, sort of.....

I had trouble w/ multiple IP's... I had to make sure that the outgoing data from my firewall was translating to the correct IP my host was looking for.....


anyways i can now ping the vpn server. my next question is how do i get access to shared folders etc... i can ping each host but i cannot connect to any shares???? does anyone else have this problem?


im stumped...

  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
breps wrote on Tue, 29 June 2004 16:30

I finallly got vpn to work, sort of.....

I had trouble w/ multiple IP's... I had to make sure that the outgoing data from my firewall was translating to the correct IP my host was looking for.....


anyways i can now ping the vpn server. my next question is how do i get access to shared folders etc... i can ping each host but i cannot connect to any shares???? does anyone else have this problem?


im stumped...



First, make sure you have the correct permissions on the share (it should probably be available to Everyone for it to be accessible from VPN clients).

Then please see my post above re the need for a HOSTS file on the clients. It seems that some people (mikeonline, for instance) are not having this problem, but check this out:

If you have a share on your VPN server (at IP address 1.2.3.4, say, and called, say, folder, try typing this into the address bar of Windows Explorer on the client:

\\1.2.3.4\folder

Can you connect to the share?

If you can, try replacing the IP address with the server's name, say like this:

\\server\folder

If this fails, add an entry to the HOSTS file on the client which reads:

1.2.3.4 server

and save the HOSTS file. Can you connect to the share now?

Regards,
Steve Moss,
CoCo Systems Ltd.
davidtsn

Messages: 12
Karma: 0
Send a private message to this user
People, people...just switch to ISA 2000 or ISA 2004. Will solve all of your problems. Bottom line...home and very small business...go ahead and use Kerio. For bigger business and enterprise...go with ISA. Simple as that. You don't have a puppy guard your house..so why waste your time.
Previous Topic: new version coming up soon?
Next Topic: bandwidth control and control of access by MAC address
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 02:11:05 CET 2017

Total time taken to generate the page: 0.00498 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.