Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN problem (VPN clients can connect to the firewall, but not with other hosts in the network)
  •  
greengy

Messages: 2
Karma: 0
Send a private message to this user
Dear,
I have problem to connect VPN clients with any host except firewall!!!

My Kerio Control work pefrect several years, but this problem is still there.
My firewall is connect through two ADSL line (one with static other with dinamic IP adress) in load balance mode.

Traffic policy have rule for local trafic:
Source Destination
Lan Lan
Trusted/local Trusted/local
VPN clients VPN clients
All VPN tunnels All VPN tunnels

I realy don't know what is problem????

Does anyone know how to fix that?
  •  
St3p7

Messages: 3
Karma: 0
Send a private message to this user
I have the same problem with kerio control Ver.8.0.0 build 551
I don't kwnow why in the ather firewall with the same Traffic Rules every things goes well!
The only diference is the version, the last kerio mount release 7.4.1 build 5051 and all it's ok!

Does any one about?!?!
  •  
St3p7

Messages: 3
Karma: 0
Send a private message to this user
Wow it was really very simple!
The firewall must have the same LAN Gateway!
very easy and stupid!
Sometimes we have a solution in mind and we complicate life!
  •  
blswjames

Messages: 77
Karma: 0
Send a private message to this user
Quote:
Wow it was really very simple!
The firewall must have the same LAN Gateway!


Um... I don't understand how this helped you.

I am having the same (seemingly exact) issue, but there is only one LAN Gateway to speak of.

I enabled both the "Kerio VPN" and the "IPSec VPN" services on the VPN Server Interface. Clients can connect to either just fine, but only the traditional "Kerio VPN" service can communicate with other hosts on the network. The IPSec connected clients can't seem to get past the firewall once connected.

Both VPN connection types share all of the same settings, as they are both part of the same "Interface".

Since there is nothing to distinguish between the two aside from editing the interface itself, I'm not sure why it doesn't just work as expected. Obviously it can't be traffic rules, otherwise both VPN connection types would have the same problem.

Anybody have this actually working? Care to share the secret with those of us who don't?

Thanks!
  •  
blswjames

Messages: 77
Karma: 0
Send a private message to this user
Cool

Ok. With a little help from Kerio Support, we were able to solve this issue.

The problem, we discovered, is that the L2TP/IPSec clients aren't automatically receiving any routing information for the network. All this time we thought Kerio Control was misbehaving, but it turns out that the real issue is in Apple's L2TP/IPSec client.

In order for L2TP/IPSec clients to route in to the network, they have to enable the "Send All Traffic" option. This basically forces the device to route ALL network traffic through the VPN connection, rather than just the traffic intended for that network.

Now this is somewhat undesirable, as that means that local resources may not be available until the VPN connection is terminated, but this seems to be the only way to make it work as there is no mechanism for setting static routes on an iOS device. (On a Mac, it can be added by modifying the ppp0 interface script to include the necessary route add commands, but at that point why wouldn't you just use the nifty Kerio Client that provides the intelligent routing to begin with?)

So unless there is a way for the Kerio Control VPN Server to "push" static routes to the VPN clients when they connect, I don't see any other solution at this time.

Thanks for all your help!
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Some L2TP IPsec clients don't have capability to update routing table. Built-in OS X is one of them - http://forums.kerio.com/mv/msg/24112/99912/#msg_99912

Petr Dobry
Product Development Manager | Kerio
  •  
tauseef-it

Messages: 18
Karma: 2
Send a private message to this user
this problem occures because of DNS, put your kerio vpn server local IP on your client gateway and in DNS. hope it helps
Previous Topic: how send all traffic through kerio vpn server?
Next Topic: Blocking Youtube.com HTTPS access
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Aug 17 11:33:02 CEST 2017

Total time taken to generate the page: 0.00549 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.