Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Basic VPN so close but so far
  •  
Dabunt

Messages: 4
Karma: 0
Send a private message to this user
I am giving VPN a go as I would like to access the office network from home.

The office has an adsl internet connection (usb) which looks like a dial-up modem to winroute.

I have VPN installed and the client connects without any problems.

I get assigned an ip address - 10.1.1.2 and can ping the server ip address on 10.1.1.1

However I cannot access or ping any other machine on the office network. The office network uses range 192.168.0.x 255.255.255.0 all on fixed ip addresses.

I have rules as follows :
1)ICMP S:Firewall D:Any S:Ping A:OK T:NONE
2)NAT S:LAN D:Dial-Up S:Any A:OK T:NAT (Default outgoing interface)
3)Local Traffic S:LAN,FIREWALL,VPN CLIENTS D:LAN,FIREWALL,VPN CLIENTS S:ANY A:OK T:NONE
4)Firewall Traffic S:Firewall D:Dial-UP S:Any A:OK T:NONE
5) HTTPS S:Dial-Up D:Firewall S:HTTPS A:OK T:NONE
6) Service Kerio VPN S:Dial-Up D:Firewall S:Kerio VPN A:OK T:NONE

That is all the rules.

I dont understand how a ping from my home pc is going to know to go over the kerio VPN virtual adapter and not over my internet connection?
I also dont see how, if a packet did arrive at the server from 10.1.1.2 (my home pc) how it would get to 192.168.0.65 (a pc on the office network.

Anyone spot the simple error I am making?

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Dabunt wrote on Wed, 24 August 2005 19:04


I get assigned an ip address - 10.1.1.2 and can ping the server ip address on 10.1.1.1

However I cannot access or ping any other machine on the office network. The office network uses range 192.168.0.x 255.255.255.0 all on fixed ip addresses.

I dont understand how a ping from my home pc is going to know to go over the kerio VPN virtual adapter and not over my internet connection?
I also dont see how, if a packet did arrive at the server from 10.1.1.2 (my home pc) how it would get to 192.168.0.65 (a pc on the office network.



To have access to internal LAN you have to got route to 192.168.0.0/24 in your routing table on VPN client machine. KVPN sets routing table for you properly if some conditions are met. KWF sends to client only routes pointing to interfaces without set default gateway.

Do you have default gateway on your KWF LAN interface ?

Petr Dobry
Product Development Manager | Kerio
  •  
Dabunt

Messages: 4
Karma: 0
Send a private message to this user
Petr Dobry wrote on Wed, 24 August 2005 08:10


To have access to internal LAN you have to got route to 192.168.0.0/24 in your routing table on VPN client machine. KVPN sets routing table for you properly if some conditions are met. KWF sends to client only routes pointing to interfaces without set default gateway.

Do you have default gateway on your KWF LAN interface ?


So on the client machine I would have to something like :
ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.1.1.2
To force a ping request to 192.168.0.20 via the VPN connection?

On the KWF machine ipconfig show no gateways set for VPN or local area connection:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

PPP adapter DEMON ADSL 512K:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 80.177.29.117
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 80.177.29.117

Ethernet adapter Kerio VPN:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 169.254.22.113
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

With a route add I still dont get a reply from the server <_at_> 192.168.0.20 from my home machine
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Dabunt wrote on Wed, 24 August 2005 21:11


ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.1.1.2



Route should be
ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.1.1.1

To see what's happening you can enable logging of various VPN parts in debug log. There you can see if this route is exchanged with VPN client or not.

Petr Dobry
Product Development Manager | Kerio
  •  
Dabunt

Messages: 4
Karma: 0
Send a private message to this user
Petr Dobry wrote on Wed, 24 August 2005 10:30


Route should be
ROUTE ADD 192.168.0.0 MASK 255.255.255.0 10.1.1.1




Excellent!

I can now ping any machine on the network and connect to shares using the ip address.

The rule I use on the KWF is
S:VPN Clients D:LAN S:ANY A:PERMIT T:NONE

My next question is would it be possible to make a connection to an SQL server. I can use Windows Authentication or SQL Server Authentication which I guess will be eaiser.

Has anyone made an SQL connection over Kerio VPN before?
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Dabunt wrote on Wed, 24 August 2005 23:24


My next question is would it be possible to make a connection to an SQL server. I can use Windows Authentication or SQL Server Authentication which I guess will be eaiser.

Has anyone made an SQL connection over Kerio VPN before?



Since you have established VPN tunnel once, you can make any TCP/IP connection to or from LAN. Connection to SQL server is normal TCP connection.

Petr Dobry
Product Development Manager | Kerio
  •  
Dabunt

Messages: 4
Karma: 0
Send a private message to this user
Petr Dobry wrote on Wed, 24 August 2005 12:42

Dabunt wrote on Wed, 24 August 2005 23:24


My next question is would it be possible to make a connection to an SQL server. I can use Windows Authentication or SQL Server Authentication which I guess will be eaiser.

Has anyone made an SQL connection over Kerio VPN before?



Since you have established VPN tunnel once, you can make any TCP/IP connection to or from LAN. Connection to SQL server is normal TCP connection.

I have modified my VB code to connect with ip address and authentication on the SQL server instead of using windows authentication and everything is fine.

I cant browse the network using names only ips but this is a problem many people seem to have and I dont really care too much about. I have my remote SQL connection and I am happy.

Thx for your help
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I believe you can only browse by name (on other IP subnets then your own), if the DNS server you use gets updates from the DHCP server. This would be the case if the KWF is both your DHCP and DNS server (if you turn on the DNS option to look in the DHCP lease table). Another option is using a specific WINS resolution server. Or something, I do not know too much about Windows networking.
Previous Topic: ISS orange filter..
Next Topic: LAN & VPN network browsing
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 20:20:24 CET 2017

Total time taken to generate the page: 0.00449 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.