Problem with VPN over Wireless - Help please!

Discussion in 'Wireless Networking' started by Tom, Apr 22, 2005.

  1. Tom

    Tom Guest

    Hi

    I have had a consultant in at work today setting up our network so that
    staff can connect to our network from their home PCs. Our office network is
    linked to an ADSL BT line through a SonicWall TZ170 firewall and an Alcatel
    router. We installed SonicWall VPN client on my laptop and I managed to
    connect OK from my laptop using a modem dialup (having disconnected all
    network cables first). I got on to the network with no problems.
    Unfortunately, I could not test this my home wireless connection until I got
    home.

    Guess what: it doesn't work on my wireless connection.

    At home, using the same laptop, I tried connecting through my Belkin
    wireless ADSL router. It seems to connect to our network OK, as I get
    prompted for a login and password and it tells me it is connected. It then
    tries to allocate me an IP address but times out. When I looked in the
    laptop's SonicWall VPN client log, the last entry there is "Failed to renew
    the IP address for the virtual interface. The semaphore timeout period has
    expired".

    I guess from this that it is trying to allocate me an IP address but my
    Belkin unit is blocking it. Could this be the firewall in the Belkin? I
    could be wrong as I am new at this VPN and wireless stuff.

    Can anyone advise me what to try?

    Regards

    Tom
     
    Tom, Apr 22, 2005
    #1
    1. Advertising

  2. Tom

    Tom Guest

    Just to add to the message below, I have just looked in the Belkin firewall
    security log and it tells me that when I tried to connect to the VPN at
    work, it generated the message

    "**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"

    Regards

    Tom

    "Tom" <> wrote in message
    news:...
    > Hi
    >
    > I have had a consultant in at work today setting up our network so that
    > staff can connect to our network from their home PCs. Our office network
    > is linked to an ADSL BT line through a SonicWall TZ170 firewall and an
    > Alcatel router. We installed SonicWall VPN client on my laptop and I
    > managed to connect OK from my laptop using a modem dialup (having
    > disconnected all network cables first). I got on to the network with no
    > problems. Unfortunately, I could not test this my home wireless connection
    > until I got home.
    >
    > Guess what: it doesn't work on my wireless connection.
    >
    > At home, using the same laptop, I tried connecting through my Belkin
    > wireless ADSL router. It seems to connect to our network OK, as I get
    > prompted for a login and password and it tells me it is connected. It then
    > tries to allocate me an IP address but times out. When I looked in the
    > laptop's SonicWall VPN client log, the last entry there is "Failed to
    > renew the IP address for the virtual interface. The semaphore timeout
    > period has expired".
    >
    > I guess from this that it is trying to allocate me an IP address but my
    > Belkin unit is blocking it. Could this be the firewall in the Belkin? I
    > could be wrong as I am new at this VPN and wireless stuff.
    >
    > Can anyone advise me what to try?
    >
    > Regards
    >
    > Tom
    >
     
    Tom, Apr 22, 2005
    #2
    1. Advertising

  3. "Tom" <> wrote in message
    news:...
    > Just to add to the message below, I have just looked in the Belkin
    > firewall security log and it tells me that when I tried to connect to the
    > VPN at work, it generated the message
    >
    > "**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"
    >
    > Regards
    >
    > Tom
    >
    > "Tom" <> wrote in message
    > news:...
    >> Hi
    >>
    >> I have had a consultant in at work today setting up our network so that
    >> staff can connect to our network from their home PCs. Our office network
    >> is linked to an ADSL BT line through a SonicWall TZ170 firewall and an
    >> Alcatel router. We installed SonicWall VPN client on my laptop and I
    >> managed to connect OK from my laptop using a modem dialup (having
    >> disconnected all network cables first). I got on to the network with no
    >> problems. Unfortunately, I could not test this my home wireless
    >> connection until I got home.
    >>
    >> Guess what: it doesn't work on my wireless connection.
    >>
    >> At home, using the same laptop, I tried connecting through my Belkin
    >> wireless ADSL router. It seems to connect to our network OK, as I get
    >> prompted for a login and password and it tells me it is connected. It
    >> then tries to allocate me an IP address but times out. When I looked in
    >> the laptop's SonicWall VPN client log, the last entry there is "Failed to
    >> renew the IP address for the virtual interface. The semaphore timeout
    >> period has expired".
    >>
    >> I guess from this that it is trying to allocate me an IP address but my
    >> Belkin unit is blocking it. Could this be the firewall in the Belkin? I
    >> could be wrong as I am new at this VPN and wireless stuff.
    >>
    >> Can anyone advise me what to try?
    >>
    >> Regards
    >>
    >> Tom
    >>

    >



    You might try disabling the firewall in the Belkin and see what happens.

    JS
    --
    www.parallaxconcepts.org
     
    Joseph Stewart, Apr 23, 2005
    #3
  4. Tom

    Guest

    In alt.internet.wireless Joseph Stewart <> wrote:
    > "Tom" <> wrote in message
    > news:...
    >> Just to add to the message below, I have just looked in the Belkin
    >> firewall security log and it tells me that when I tried to connect to the
    >> VPN at work, it generated the message
    >>
    >> "**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"
    >>



    > You might try disabling the firewall in the Belkin and see what happens.



    Smurf detection is broken in a lot of cheap firewalls (and on IBM mainframe
    "NETSTAT DOS").

    I had to turn it off in my SMC router. It might be called Denial of
    Service attack, or broadcast, or something like that.

    --
    ---
    Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5
     
    , Apr 23, 2005
    #4
  5. On Fri, 22 Apr 2005 22:38:01 +0100, "Tom" <>
    wrote:

    >I have had a consultant in at work today setting up our network so that
    >staff can connect to our network from their home PCs. Our office network is
    >linked to an ADSL BT line through a SonicWall TZ170 firewall and an Alcatel
    >router. We installed SonicWall VPN client on my laptop and I managed to
    >connect OK from my laptop using a modem dialup (having disconnected all
    >network cables first). I got on to the network with no problems.
    >Unfortunately, I could not test this my home wireless connection until I got
    >home.
    >
    >Guess what: it doesn't work on my wireless connection.


    Does it work when you used a wired CAT5 connection to your Belkin
    router instead of wireless?

    The Safenet client that Sonicwall supplies includes some rather
    verbose logging and diagnostic info. I don't have it loaded on this
    machine so I can't point to the exact location to check, but I think
    they were called "log viewer" and "connection monitor". They will
    tell you at what point your connection is failing.

    My guess(tm) is that the consultant wisely limited the IP addresses
    that are allowed to connect. Is your ISP's IP address in the
    "allowed" IP address pool on the Sonicwall.

    The Sonicwall VPN config includes IP address blocks for the remote VPN
    and for your local LAN. The LAN side can be a wild card and accept
    any IP address block. However, both ends cannot be the same class C
    IP block. For example, you cannot use 192.168.1.xxx for the office,
    and the same 192.168.1.xxx for your home network. Pick something else
    like 192.168.111.xxx.

    The Safenet client configuration may be "locked" by the administrator.
    if this was done, you cannot change any of your settings. If this is
    the case, it's your consultants job to implement any config changes.

    The purpose of a VPN is to assign an IP address to your machine that
    appears through a tunnel on the same class C IP address block as the
    office LAN. When you tested it in the office, there was no need to
    assign an address through a tunnel because you were already on the
    office LAN. However, when you tried it at home, you now have a tunnel
    and a different IP address. Testing it in the office is not even
    close to a proper test as the tunnel wasn't tested. I usually hang a
    temporary NAT router on the office LAN and assign the LAN side to
    something off the wall like 10.0.0.xxx. If the office LAN is running
    on 192.168.1.xxx, and if the configuration can give me an IP address
    in the 192.168.1.xxx block, then it's working. You can check your
    assigned IP addresses with:
    Start -> Run -> cmd <enter>
    ipconfig
    You should have TWO IP addresses. One is the normal NAT IP address
    assigned by your Belkin router. The other is the one that is coming
    from the VPN. 169.254.xxx.xxx means DHCP has failed.

    Anyway, inspect the logging and diagnostics. It should give you a
    clue where it's failing. A one line excert doesn't tell me where it
    failed.

    >At home, using the same laptop, I tried connecting through my Belkin
    >wireless ADSL router. It seems to connect to our network OK, as I get
    >prompted for a login and password and it tells me it is connected. It then
    >tries to allocate me an IP address but times out.


    >When I looked in the
    >laptop's SonicWall VPN client log, the last entry there is "Failed to renew
    >the IP address for the virtual interface. The semaphore timeout period has
    >expired".


    Well, it might be that the DHCP server on whichever box is playing
    DHCP server in the office has found some reason to NOT assign an IP
    address to your client. It might be out of IP's, it might have a
    restricted IP address pool, it might be failing authentication, etc.
    Which box is playing DHCP server?

    Incidentally, if you have a very long DHCP lease time, it's possible
    that the laptop still thinks it owns the IP address that was assigned
    in the office. If it tried to renew it when it connected to the VPN,
    it might be expected to fail if the server assigned the IP address to
    another client. Try the usual:
    ipconfig /release
    (wait about 10 seconds)
    ipconfig /renew

    >I guess from this that it is trying to allocate me an IP address but my
    >Belkin unit is blocking it. Could this be the firewall in the Belkin? I
    >could be wrong as I am new at this VPN and wireless stuff.


    Well, take the wireless out of the picture and try a direct LAN
    connection to your Belkin. I don't think it's the Belkin. You can
    verify it if you bypass the Belkin and connect your laptop directly to
    your DSL or cable modem. However, please be sure that you have a
    functional firewall on your laptop before trying this.

    >Can anyone advise me what to try?
    >
    >Regards
    >
    >Tom
    >


    --
    Jeff Liebermann -cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
     
    Jeff Liebermann, Apr 23, 2005
    #5
  6. Tom

    Guest

    Tom wrote:
    > Hi
    > We installed SonicWall VPN client on my laptop and I managed to
    > connect OK from my laptop using a modem dialup (having disconnected

    all
    > network cables first). I got on to the network with no problems.
    > Unfortunately, I could not test this my home wireless connection

    until I got
    > home.
    >
    > Guess what: it doesn't work on my wireless connection.
    >
    > At home, using the same laptop, I tried connecting through my Belkin
    > wireless ADSL router. It seems to connect to our network OK, as I get


    > prompted for a login and password and it tells me it is connected. It

    then
    > tries to allocate me an IP address but times out. When I looked in

    the
    > laptop's SonicWall VPN client log, the last entry there is "Failed to

    renew
    > the IP address for the virtual interface. The semaphore timeout

    period has
    > expired".
    >


    Tom,

    I have a Sonicwall 3060 and use the VPN client.

    In the Sonicwall client you need to set NAT Traversal to disabled. If
    you have a Belkin 7632 you may also need to disable the firewall
    because the 7632 crashes with VPN clients. The 7633 works fine (I have
    both).

    Make sure that you aren't using the same range of IP addresses on your
    home LAN as your work LAN. They MUST be different, i.e. if your work
    LAN is 192.168.1.x with a mask of 255.255.255.0 then set your home LAN
    to something different, like 192.168.20.x/255.255.255.0

    Hope that helps.

    Ed.
     
    , May 6, 2005
    #6
  7. Tom

    Guest

    In alt.internet.wireless Jeff Liebermann <-cruz.ca.us> wrote:

    Hmmm... no response from the original poster in two weeks...

    >>Guess what: it doesn't work on my wireless connection.


    Did you install the VPN client _after_ the wireless connection? It is
    supposed to bind to new network devices, but I found that the Sonicwall
    client needed to be reinstalled after I added a new wireless card. My
    connection at the time was an SMC wired router, using a Linksys BEFW11S4
    only as a WAP.

    > The Sonicwall VPN config includes IP address blocks for the remote VPN
    > and for your local LAN. The LAN side can be a wild card and accept
    > any IP address block. However, both ends cannot be the same class C
    > IP block. For example, you cannot use 192.168.1.xxx for the office,
    > and the same 192.168.1.xxx for your home network. Pick something else
    > like 192.168.111.xxx.


    That was a problem for us as well. Our office network was 192.168.0, so
    the home network had to be something else. That caught several people who
    left their home systems at the default.

    > When you tested it in the office, there was no need to assign an address
    > through a tunnel because you were already on the office LAN. However,
    > when you tried it at home, you now have a tunnel and a different IP
    > address. Testing it in the office is not even close to a proper test as
    > the tunnel wasn't tested.


    I don't agree with that. The VPN client will pick up a new address, and
    you will not be able to communicate on the old address, even though an
    ipconfig will show both.

    I currently connect to a Nortel VPN. I can connect inside the office or
    outside. The VPN does work inside, and that is a standard test when
    setting up new laptops. You can tell that you are on a VPN and not the
    local network because of different security settings.

    --
    ---
    Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5
     
    , May 6, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tpg comcntr

    HELP! HELP! PLEASE, PLEASE, PLEASE

    tpg comcntr, Feb 14, 2004, in forum: Computer Support
    Replies:
    11
    Views:
    950
    michael turner
    Feb 15, 2004
  2. pasatealinux
    Replies:
    1
    Views:
    2,125
    pasatealinux
    Dec 17, 2007
  3. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    1,086
    Theo Markettos
    Feb 14, 2008
  4. ensnare
    Replies:
    0
    Views:
    1,679
    ensnare
    Jan 24, 2009
  5. Al

    NetBios over VPN - help please

    Al, Oct 6, 2009, in forum: Computer Support
    Replies:
    11
    Views:
    2,478
    Leythos
    Oct 8, 2009
Loading...

Share This Page