On 01/23/2013 10:38 PM, Jinyan Huang wrote:
Kevin,
When I connect to the VPN from work, I can still connect computer in my office.
Thank you for your explain. But it seems it is not reasonable. My home
and office is in CityA, the VPN server is in CityB. When I am in home
or at work, it should be in the same side.
On Wed, Jan 23, 2013 at 10:16 PM, Kevin VPN <[email protected]> wrote:
On 12/20/2012 06:16 PM, Jinyan Huang wrote:
The NAT-T is disable default. I used all default setting. I have tried
to decrease the MTU to a lower value 900. I does not help.
I think there is the internet environment problem. But I do not know
where it is. Because I used the same computer, at home I can ssh, in
office, VPN Tunnel connection can be Established, but cannot ssh.
The IT group told me that all out ports have been open. They also do
not have any idea how to fix it, because they do not know shrew
software.
On 12/19/2012 11:30 AM, Jinyan Huang wrote:> Kevin,
It seems I cannot access the DNS server at 10.10.2.16.
ping 10.10.2.16
PING 10.10.2.16 (10.10.2.16): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Hi Jinyan,
When you connect to the VPN from work, can you connect to ANY computer at
all?
My guess is that the problem is that the VPN configuration is designed only
for connections from external (the Internet), not from internally (in other
words, not on the internal network 10.10.x.x/16). Many VPNs only allow
access "across" the firewall - you can connect to the VPN from the Internet
side of the VPN gateway/firewall and access resources on the protected side,
but it does not like it when you connect to the VPN from the protected side
and try to access resources on the protected side. You also see this often
when people connect to the VPN from the Internet and then complain that the
VPN won't let them send traffic to the Internet.
I expect that at home, you're connecting to the Internet side of the
firewall/VPN, but at work, you're connecting to the protected side. The VPN
for some reason lets you connect at work, but when you actually try to send
traffic, the firewall drops it because it's exiting the firewall through the
same interface it came in on.
To be honest, if all you're trying to do is SSH, you probably don't need the
VPN when you're at work, since SSH traffic is already encrypted.
Hi Jinyan, thanks for the clarification. You are correct that in this
case, both home and work will come into the VPN gateway from the same side.
Can you try the following: connect to the VPN from work using a Windows
client. Start a ping to a machine on the far end of the VPN or try to
SSH. Launch the VPN Trace Utility and look at the Security Associations
tab. There should be at least two entries. Make note of the "State"
and "Transfered" columns.
In the State column, the entries should be either LARVAL, MATURE, or
DYING. A LARVAL state should quickly move to MATURE state. If it
doesn't, a failure to negotiate Security Associations is occurring.
Once the Security Associations have the state MATURE or DYING, look at
the Transfered column. Both columns should have increasing values of
bytes transferred. If they don't, there is a problem somewhere at work,
possibly that the firewall do not allow IP Protocol 50 (ESP) traffic to
pass through.
_______________________________________________
vpn-help mailing list
[email protected]
https://lists.shrew.net/mailman/listinfo/vpn-help
