Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Bino Gopal 

Err, honestly you are explaining it rather poorly! (Now, not to pick a fight, 
but just to clarify any confusion for folks who aren't clear trying to follow 
the discussion):

 

Earlier you said: "Hell, there is nothing keeping them from being routed across 
the internet as a whole. Road Runner has a 10.x network for all of their 
devices. Cable boxes, cable modems, etc."

 

But what you said above is just plain wrong, and that's what people are taking 
issue with and spawned all the responses.  Road Runner/TW/Cox/AT&T/Verizon 
whomever routing RFC1918 addresses across their network, even if it spans THE 
WORLD, is not the same as "routed across the internet as a whole."

 

That implies those addresses/routes being accepted by other providers as valid 
routes and propagated across BORDER routers into other networks and public IP 
addresses spaces, and that just doesn't happen (or if it does, it's a mistake, 
and it's fixed).

 

So if what you're trying to say is what you wrote below, that's fine (but it 
doesn't mean much), but this all started when you made the comment above, and 
that's what people are having issue with b/c it's just plain wrong.  Agree or 
disagree? ;)

 

BINO
 

> Date: Tue, 27 Apr 2010 16:54:34 -0400
> From: chr...@mhonline.net
> To: hardware@hardwaregroup.com
> Subject: Re: [H] VPN connection seals computer off from LAN




 

> The short of it is: As long as the 1918 space isn't routed outside of 
> Road Runner's network they can use as much of the space as they want and 
> run it into your house, etc without any issues.
> 
> Christopher Fisk

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Christopher Fisk 

On Tue, 27 Apr 2010, Brian Weeden wrote:

Right, but those addresses still only work on RoadRunner's private network, 
not the public Internet.


Road Runner's "private" network is a part of my public internet.  It goes 
over the same wires.



At some point your private address need to get translated to a public one, 
unless the only destinations you communicate with are within the private 
network.


And I for one really dislike it when ISPs issue private addreses.  That 
removes a huge security benefit that otherwise would be provided by your NAT 
router.


Do they automatically block dangerous things like file and printer sharing 
within their private network?  Or are users up to their own devices on that?


I have a public IP address.  it is right along side the private IP address 
road runner uses to manage my cable card and my cable modem.


I can't access the private network because I don't have the IP information 
and my cable modem is setup to not allow it past.



Road Runner using 10.x for managing customer devices effectively across 
the internet (since their copper/fiber is a part of the internet from my 
POV) doesn't cause any issues because they have proper routing and logical 
separation.  I can't access their 10.x network because their routers don't 
route the public IP addresses to them.


It's all on the same wire though.  I have to be explaining this poorly.

The short of it is:  As long as the 1918 space isn't routed outside of 
Road Runner's network they can use as much of the space as they want and 
run it into your house, etc without any issues.



Christopher Fisk

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Bino Gopal 

Err lol, I guess you forgot the actual MAIN use case of a VPN which is as a 
virtual PRIVATE network to connect your private home network to another one, 
like work-which is exactly what all the VPNs we use at work for do! :P

In which case it is most explicitly to route RFC1918 addresses over the VPN!  
Though on the VPN profile, since we're all mostly network folks ourselves, we 
let the users select which routes to route over the VPN (configurable on the 
client side), and we also can enable or disable local LAN access with a switch 
for printing and file sharing while connected (security vs ease-of-use), and we 
also control whether you have split DNS (let DNS requests go to both the local 
and VPN vservers).
 
In any case, I'm sure you've realized this all by now, and this is more 
informational for anyone else wondering...HTH!
 
BINO

 
> From: brian.wee...@gmail.com
> Date: Tue, 27 Apr 2010 11:55:41 -0400
> To: hardware@hardwaregroup.com
> Subject: Re: [H] VPN connection seals computer off from LAN
> 
> That doesn't make any sense - 10. addresses cannot be routed via VPN, same
> as 192. Both of those address ranges are explicitly defined as private and
> cannot be routed on the Internet. The minute any packet with a 10. or 192.
> or any other private range hits an internet router it gets dropped.
> 
> I think on my end the issue was with the public vs private network
> designations in Windows 7. I had the VPN connection defined as public which
> means it is untrusted and Windows won't allow network discovery or file
> sharing. I think somehow Windows got confused with the machine being on a
> private (trusted) LAN and public (untrusted) WAN at the same time. Not sure
> tho.
> 
> ---
> Brian Weeden
> Technical Advisor
> Secure World Foundation <http://www.secureworldfoundation.org>
> +1 (514) 466-2756 Canada
> +1 (202) 683-8534 US
> 
> 
> On Tue, Apr 27, 2010 at 11:12 AM, Hunter, Gary
> wrote:
> 
> > I had the same issue it was down to all 10. Addresses being routed down the
> > VPN. I changed my home network to 192.168.. and now everything works fine,
> >
> >
> >
> > Gary Hunter
> > Consulting Engineer
> > Travelport GDS
> > T: (+1) 303 - 397 - 5035
> > M:(+1) 720 - 231 - 0965
> > E: gary.hun...@travelport.com
> > SITA: HDQOK1G
> > Travelport Product Development Center
> > 6901 S Havana St
> > Centennial, CO 80112
> >
> > -----Original Message-
> > From: hardware-boun...@hardwaregroup.com [mailto:
> > hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> > Sent: Sunday, April 25, 2010 10:45 AM
> > To: hwg
> > Subject: [H] VPN connection seals computer off from LAN
> >
> > This is very weird. I have a VPN setup and it's been acting weird - when I
> > connect to it using one of the machines on my LAN, that machines
> > effectively
> > drops off the network. It can browse the internet just fine, but none of
> > the other machines on the LAN can connect to it. Interestingly, although
> > it
> > says its LAN IP is still 10.0.1.2, I can't ping it with that IP. I have
> > been using this VPN on this particular machine for months with no problems
> > until recently.
> >
> > However, using the same VPN setup on another machine on the same LAN, it
> > will connect to the VPN and still be visible on the LAN and can still
> > connect to other clients on the LAN. I've double checked the VPN settings
> > are they are exactly the same on both machines.
> >
> > Any ideas?
> >
> > ---
> > Brian Weeden
> > Technical Advisor
> > Secure World Foundation <http://www.secureworldfoundation.org>
> > +1 (514) 466-2756 Canada
> > +1 (202) 683-8534 US
> > If you are not the intended recipient of this e-mail message, please notify
> > the sender
> > and delete all copies immediately. The sender believes this message and any
> > attachments
> > were sent free of any virus, worm, Trojan horse, and other forms of
> > malicious code.
> > This message and its attachments could have been infected during
> > transmission. The
> > recipient opens any attachments at the recipient's own risk, and in so
> > doing, the
> > recipient accepts full responsibility for such actions and agrees to take
> > protective
> > and remedial action relating to any malicious code. Travelport is not
> > liable for any
> > loss or damage arising from this message or its attachments.
> >
> >
> >

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Brian Weeden 
Right, but those addresses still only work on RoadRunner's private  
network, not the public Internet.


At some point your private address need to get translated to a public  
one, unless the only destinations you communicate with are within the  
private network.


And I for one really dislike it when ISPs issue private addreses.   
That removes a huge security benefit that otherwise would be provided  
by your NAT router.


Do they automatically block dangerous things like file and printer  
sharing within their private network?  Or are users up to their own  
devices on that?


---
Brian

Sent from my iPhone

On 2010-04-27, at 4:37 PM, Christopher Fisk  wrote:


On Tue, 27 Apr 2010, Brian Weeden wrote:

That's not the same.  Your router us doing NAT and translating your  
private IP address to a public one.


Not really.

It doesn't break RFC because road runner doesn't route any of those  
IP's outside their network, it is all internal for their management.


It's an easy way to give them IP management of your cable box, cable  
modem, etc without using publicly routable IP addresses.


At the crux of it the network Time warner runs is owned and  
controlled by them.  They aren't breaking any RFC rules by routing  
1918 space on their "private" network.



Christopher Fisk

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Christopher Fisk 

On Tue, 27 Apr 2010, Brian Weeden wrote:

That's not the same.  Your router us doing NAT and translating your private IP 
address to a public one.


Not really.

It doesn't break RFC because road runner doesn't route any of those IP's 
outside their network, it is all internal for their management.


It's an easy way to give them IP management of your cable box, cable 
modem, etc without using publicly routable IP addresses.


At the crux of it the network Time warner runs is owned and controlled by 
them.  They aren't breaking any RFC rules by routing 1918 space on their 
"private" network.



Christopher Fisk

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Greg Sevart 
Yes, many providers--large and small-- will use RFC1918 addresses on
devices, including routers, within their network. You'll never see them
leave the provider's network unless something is very badly misconfigured.

> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> boun...@hardwaregroup.com] On Behalf Of Christopher Fisk
> Sent: Tuesday, April 27, 2010 3:16 PM
> To: hardware@hardwaregroup.com
> Subject: Re: [H] VPN connection seals computer off from LAN
> 
> On Tue, 27 Apr 2010, Greg Sevart wrote:
> 
> > They (RC1918 addresses) absolutely can be routed over a VPN. The whole
> > idea is to encapsulate and encrypt packets--the "internet routers"
> > never see the
> > RFC1918 addresses.
> 
> Hell, there is nothing keeping them from being routed across the internet
as
> a whole.  Road Runner has a 10.x network for all of their devices.
> Cable boxes, cable modems, etc.
> 
> 
> 
> Christopher Fisk
> --
> BOFH Excuse #108:
> The air conditioning water supply pipe ruptured over the machine room

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Brian Weeden 
That's not the same.  Your router us doing NAT and translating your  
private IP address to a public one.


---
Brian

Sent from my iPhone

On 2010-04-27, at 4:16 PM, Christopher Fisk  wrote:


On Tue, 27 Apr 2010, Greg Sevart wrote:

They (RC1918 addresses) absolutely can be routed over a VPN. The  
whole idea
is to encapsulate and encrypt packets--the "internet routers" never  
see the

RFC1918 addresses.


Hell, there is nothing keeping them from being routed across the  
internet as a whole.  Road Runner has a 10.x network for all of  
their devices. Cable boxes, cable modems, etc.




Christopher Fisk
--
BOFH Excuse #108:
The air conditioning water supply pipe ruptured over the machine room

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Christopher Fisk 

On Tue, 27 Apr 2010, Greg Sevart wrote:


They (RC1918 addresses) absolutely can be routed over a VPN. The whole idea
is to encapsulate and encrypt packets--the "internet routers" never see the
RFC1918 addresses.


Hell, there is nothing keeping them from being routed across the internet 
as a whole.  Road Runner has a 10.x network for all of their devices. 
Cable boxes, cable modems, etc.




Christopher Fisk
--
BOFH Excuse #108:
The air conditioning water supply pipe ruptured over the machine room

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Bryan Seitz 
LOL @ epic fail.  A VPN *CAN* use those ranges AND it depends on the 
configuration
of each router whether or not it will route the RFC1918 space.  Some do :)

> > -Original Message-
> > From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> > boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> > Sent: Tuesday, April 27, 2010 10:56 AM
> > To: hardware@hardwaregroup.com
> > Subject: Re: [H] VPN connection seals computer off from LAN
> > 
> > That doesn't make any sense - 10. addresses cannot be routed via VPN,
> > same as 192.  Both of those address ranges are explicitly defined as
> private
> > and cannot be routed on the Internet.  The minute any packet with a 10. or
> > 192.
> > or any other private range hits an internet router it gets dropped.
> > 
> > I think on my end the issue was with the public vs private network
> > designations in Windows 7.  I had the VPN connection defined as public
> > which means it is untrusted and Windows won't allow network discovery or
> > file sharing.  I think somehow Windows got confused with the machine
> > being on a private (trusted) LAN and public (untrusted) WAN at the same
> > time.  Not sure tho.

-- 
 
Bryan G. Seitz

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Brian Weeden 
Sorry, you're right.  I use this VPN for my WAN traffic so that's what I was
thinking of, but of course you can also use a VPN to connect two LANs as
well.

---
Brian Weeden
Technical Advisor
Secure World Foundation <http://www.secureworldfoundation.org>
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US


On Tue, Apr 27, 2010 at 12:16 PM, Greg Sevart  wrote:

> They (RC1918 addresses) absolutely can be routed over a VPN. The whole idea
> is to encapsulate and encrypt packets--the "internet routers" never see the
> RFC1918 addresses.
>
> > -Original Message-
> > From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> > boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> > Sent: Tuesday, April 27, 2010 10:56 AM
> > To: hardware@hardwaregroup.com
> > Subject: Re: [H] VPN connection seals computer off from LAN
> >
> > That doesn't make any sense - 10. addresses cannot be routed via VPN,
> > same as 192.  Both of those address ranges are explicitly defined as
> private
> > and cannot be routed on the Internet.  The minute any packet with a 10.
> or
> > 192.
> > or any other private range hits an internet router it gets dropped.
> >
> > I think on my end the issue was with the public vs private network
> > designations in Windows 7.  I had the VPN connection defined as public
> > which means it is untrusted and Windows won't allow network discovery or
> > file sharing.  I think somehow Windows got confused with the machine
> > being on a private (trusted) LAN and public (untrusted) WAN at the same
> > time.  Not sure tho.
> >
> > ---
> > Brian Weeden
> > Technical Advisor
> > Secure World Foundation <http://www.secureworldfoundation.org>
> > +1 (514) 466-2756 Canada
> > +1 (202) 683-8534 US
> >
> >
> > On Tue, Apr 27, 2010 at 11:12 AM, Hunter, Gary
> > wrote:
> >
> > > I had the same issue it was down to all 10. Addresses being routed
> > > down the VPN. I changed my home network to 192.168.. and now
> > > everything works fine,
> > >
> > >
> > >
> > > Gary Hunter
> > > Consulting Engineer
> > > Travelport GDS
> > > T: (+1) 303 - 397 - 5035
> > > M:(+1) 720 - 231 - 0965
> > > E: gary.hun...@travelport.com
> > > SITA: HDQOK1G
> > > Travelport Product Development Center
> > > 6901 S Havana St
> > > Centennial, CO  80112
> > >
> > > -Original Message-
> > > From: hardware-boun...@hardwaregroup.com [mailto:
> > > hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> > > Sent: Sunday, April 25, 2010 10:45 AM
> > > To: hwg
> > > Subject: [H] VPN connection seals computer off from LAN
> > >
> > > This is very weird.  I have a VPN setup and it's been acting weird -
> > > when I connect to it using one of the machines on my LAN, that
> > > machines effectively drops off the network.  It can browse the
> > > internet just fine, but none of the other machines on the LAN can
> > > connect to it.  Interestingly, although it says its LAN IP is still
> > > 10.0.1.2, I can't ping it with that IP.  I have been using this VPN on
> > > this particular machine for months with no problems until recently.
> > >
> > > However, using the same VPN setup on another machine on the same
> > LAN,
> > > it will connect to the VPN and still be visible on the LAN and can
> > > still connect to other clients on the LAN.  I've double checked the
> > > VPN settings are they are exactly the same on both machines.
> > >
> > > Any ideas?
> > >
> > > ---
> > > Brian Weeden
> > > Technical Advisor
> > > Secure World Foundation <http://www.secureworldfoundation.org>
> > > +1 (514) 466-2756 Canada
> > > +1 (202) 683-8534 US
> > > If you are not the intended recipient of this e-mail message, please
> > > notify the sender and delete all copies immediately. The sender
> > > believes this message and any attachments were sent free of any virus,
> > > worm, Trojan horse, and other forms of malicious code.
> > > This message and its attachments could have been infected during
> > > transmission. The recipient opens any attachments at the recipient's
> > > own risk, and in so doing, the recipient accepts full responsibility
> > > for such actions and agrees to take protective and remedial action
> > > relating to any malicious code. Travelport is not liable for any loss
> > > or damage arising from this message or its attachments.
> > >
> > >
> > >
>
>
>

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Greg Sevart 
They (RC1918 addresses) absolutely can be routed over a VPN. The whole idea
is to encapsulate and encrypt packets--the "internet routers" never see the
RFC1918 addresses.

> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:hardware-
> boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> Sent: Tuesday, April 27, 2010 10:56 AM
> To: hardware@hardwaregroup.com
> Subject: Re: [H] VPN connection seals computer off from LAN
> 
> That doesn't make any sense - 10. addresses cannot be routed via VPN,
> same as 192.  Both of those address ranges are explicitly defined as
private
> and cannot be routed on the Internet.  The minute any packet with a 10. or
> 192.
> or any other private range hits an internet router it gets dropped.
> 
> I think on my end the issue was with the public vs private network
> designations in Windows 7.  I had the VPN connection defined as public
> which means it is untrusted and Windows won't allow network discovery or
> file sharing.  I think somehow Windows got confused with the machine
> being on a private (trusted) LAN and public (untrusted) WAN at the same
> time.  Not sure tho.
> 
> ---
> Brian Weeden
> Technical Advisor
> Secure World Foundation <http://www.secureworldfoundation.org>
> +1 (514) 466-2756 Canada
> +1 (202) 683-8534 US
> 
> 
> On Tue, Apr 27, 2010 at 11:12 AM, Hunter, Gary
> wrote:
> 
> > I had the same issue it was down to all 10. Addresses being routed
> > down the VPN. I changed my home network to 192.168.. and now
> > everything works fine,
> >
> >
> >
> > Gary Hunter
> > Consulting Engineer
> > Travelport GDS
> > T: (+1) 303 - 397 - 5035
> > M:(+1) 720 - 231 - 0965
> > E: gary.hun...@travelport.com
> > SITA: HDQOK1G
> > Travelport Product Development Center
> > 6901 S Havana St
> > Centennial, CO  80112
> >
> > -Original Message-----
> > From: hardware-boun...@hardwaregroup.com [mailto:
> > hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> > Sent: Sunday, April 25, 2010 10:45 AM
> > To: hwg
> > Subject: [H] VPN connection seals computer off from LAN
> >
> > This is very weird.  I have a VPN setup and it's been acting weird -
> > when I connect to it using one of the machines on my LAN, that
> > machines effectively drops off the network.  It can browse the
> > internet just fine, but none of the other machines on the LAN can
> > connect to it.  Interestingly, although it says its LAN IP is still
> > 10.0.1.2, I can't ping it with that IP.  I have been using this VPN on
> > this particular machine for months with no problems until recently.
> >
> > However, using the same VPN setup on another machine on the same
> LAN,
> > it will connect to the VPN and still be visible on the LAN and can
> > still connect to other clients on the LAN.  I've double checked the
> > VPN settings are they are exactly the same on both machines.
> >
> > Any ideas?
> >
> > ---
> > Brian Weeden
> > Technical Advisor
> > Secure World Foundation <http://www.secureworldfoundation.org>
> > +1 (514) 466-2756 Canada
> > +1 (202) 683-8534 US
> > If you are not the intended recipient of this e-mail message, please
> > notify the sender and delete all copies immediately. The sender
> > believes this message and any attachments were sent free of any virus,
> > worm, Trojan horse, and other forms of malicious code.
> > This message and its attachments could have been infected during
> > transmission. The recipient opens any attachments at the recipient's
> > own risk, and in so doing, the recipient accepts full responsibility
> > for such actions and agrees to take protective and remedial action
> > relating to any malicious code. Travelport is not liable for any loss
> > or damage arising from this message or its attachments.
> >
> >
> >

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Brian Weeden 
That doesn't make any sense - 10. addresses cannot be routed via VPN, same
as 192.  Both of those address ranges are explicitly defined as private and
cannot be routed on the Internet.  The minute any packet with a 10. or 192.
or any other private range hits an internet router it gets dropped.

I think on my end the issue was with the public vs private network
designations in Windows 7.  I had the VPN connection defined as public which
means it is untrusted and Windows won't allow network discovery or file
sharing.  I think somehow Windows got confused with the machine being on a
private (trusted) LAN and public (untrusted) WAN at the same time.  Not sure
tho.

---
Brian Weeden
Technical Advisor
Secure World Foundation <http://www.secureworldfoundation.org>
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US


On Tue, Apr 27, 2010 at 11:12 AM, Hunter, Gary
wrote:

> I had the same issue it was down to all 10. Addresses being routed down the
> VPN. I changed my home network to 192.168.. and now everything works fine,
>
>
>
> Gary Hunter
> Consulting Engineer
> Travelport GDS
> T: (+1) 303 - 397 - 5035
> M:(+1) 720 - 231 - 0965
> E: gary.hun...@travelport.com
> SITA: HDQOK1G
> Travelport Product Development Center
> 6901 S Havana St
> Centennial, CO  80112
>
> -Original Message-
> From: hardware-boun...@hardwaregroup.com [mailto:
> hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
> Sent: Sunday, April 25, 2010 10:45 AM
> To: hwg
> Subject: [H] VPN connection seals computer off from LAN
>
> This is very weird.  I have a VPN setup and it's been acting weird - when I
> connect to it using one of the machines on my LAN, that machines
> effectively
> drops off the network.  It can browse the internet just fine, but none of
> the other machines on the LAN can connect to it.  Interestingly, although
> it
> says its LAN IP is still 10.0.1.2, I can't ping it with that IP.  I have
> been using this VPN on this particular machine for months with no problems
> until recently.
>
> However, using the same VPN setup on another machine on the same LAN, it
> will connect to the VPN and still be visible on the LAN and can still
> connect to other clients on the LAN.  I've double checked the VPN settings
> are they are exactly the same on both machines.
>
> Any ideas?
>
> ---
> Brian Weeden
> Technical Advisor
> Secure World Foundation <http://www.secureworldfoundation.org>
> +1 (514) 466-2756 Canada
> +1 (202) 683-8534 US
> If you are not the intended recipient of this e-mail message, please notify
> the sender
> and delete all copies immediately. The sender believes this message and any
> attachments
> were sent free of any virus, worm, Trojan horse, and other forms of
> malicious code.
> This message and its attachments could have been infected during
> transmission. The
> recipient opens any attachments at the recipient's own risk, and in so
> doing, the
> recipient accepts full responsibility for such actions and agrees to take
> protective
> and remedial action relating to any malicious code. Travelport is not
> liable for any
> loss or damage arising from this message or its attachments.
>
>
>

Re: [H] VPN connection seals computer off from LAN

2010-04-27 Thread Hunter, Gary 
I had the same issue it was down to all 10. Addresses being routed down the 
VPN. I changed my home network to 192.168.. and now everything works fine,



Gary Hunter 
Consulting Engineer
Travelport GDS
T: (+1) 303 - 397 - 5035 
M:(+1) 720 - 231 - 0965 
E: gary.hun...@travelport.com
SITA: HDQOK1G
Travelport Product Development Center
6901 S Havana St
Centennial, CO  80112

-Original Message-
From: hardware-boun...@hardwaregroup.com 
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Brian Weeden
Sent: Sunday, April 25, 2010 10:45 AM
To: hwg
Subject: [H] VPN connection seals computer off from LAN

This is very weird.  I have a VPN setup and it's been acting weird - when I
connect to it using one of the machines on my LAN, that machines effectively
drops off the network.  It can browse the internet just fine, but none of
the other machines on the LAN can connect to it.  Interestingly, although it
says its LAN IP is still 10.0.1.2, I can't ping it with that IP.  I have
been using this VPN on this particular machine for months with no problems
until recently.

However, using the same VPN setup on another machine on the same LAN, it
will connect to the VPN and still be visible on the LAN and can still
connect to other clients on the LAN.  I've double checked the VPN settings
are they are exactly the same on both machines.

Any ideas?

---
Brian Weeden
Technical Advisor
Secure World Foundation <http://www.secureworldfoundation.org>
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US
If you are not the intended recipient of this e-mail message, please notify the 
sender 
and delete all copies immediately. The sender believes this message and any 
attachments 
were sent free of any virus, worm, Trojan horse, and other forms of malicious 
code. 
This message and its attachments could have been infected during transmission. 
The 
recipient opens any attachments at the recipient's own risk, and in so doing, 
the 
recipient accepts full responsibility for such actions and agrees to take 
protective 
and remedial action relating to any malicious code. Travelport is not liable 
for any 
loss or damage arising from this message or its attachments.

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread Gaffer 
On Monday 26 April 2010 15:14:56 Brian Weeden wrote:
> I even deleted and re-created
> the VPN connection using the same settings on both machines.
>
> This just got even weirder - I rebooted the machine, and now it works
> fine.
>
> I guess we just chalk this up to a Windows "feature".
>
> ---
> Brian Weeden
> Technical Advisor
> Secure World Foundation 
> +1 (514) 466-2756 Canada
> +1 (202) 683-8534 US

Something changed settings and waited for a restart !

-- 
Best Regards:
 Derrick.
 Running Open SuSE 11.1 KDE 3.5.10 Desktop.
 Pontefract Linux Users Group.
 plug @ play-net.co.uk

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread Brian Weeden 
No client - just a straight VPN setup through Windows to a commercial
service.  And  yes, same login info.  I even deleted and re-created the VPN
connection using the same settings on both machines.

This just got even weirder - I rebooted the machine, and now it works fine.

I guess we just chalk this up to a Windows "feature".

---
Brian Weeden
Technical Advisor
Secure World Foundation 
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US


On Mon, Apr 26, 2010 at 5:00 AM, Christopher Fisk wrote:

> On Mon, 26 Apr 2010, Brian Weeden wrote:
>
>  It seems very unlikely to be a server thing to me.  If I connect to the
>> VPN
>> on my main computer, it works just fine and everything on the LAN still
>> works.  It's only my other computer that disappears from the LAN when it
>> connects to the VPN.  So I've gotta figure that it is a local windows
>> config.
>>
>> Both computers are running Windows 7.
>>
>
> Same VPN client login and certificates?
>
> What VPN Client are you using?
>
>
> Christopher Fisk
> --
> BOFH Excuse #329:
> Server depressed, needs Prozac
>

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread Christopher Fisk 

On Mon, 26 Apr 2010, Brian Weeden wrote:


It seems very unlikely to be a server thing to me.  If I connect to the VPN
on my main computer, it works just fine and everything on the LAN still
works.  It's only my other computer that disappears from the LAN when it
connects to the VPN.  So I've gotta figure that it is a local windows
config.

Both computers are running Windows 7.


Same VPN client login and certificates?

What VPN Client are you using?


Christopher Fisk
--
BOFH Excuse #329:
Server depressed, needs Prozac

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread Brian Weeden 
It seems very unlikely to be a server thing to me.  If I connect to the VPN
on my main computer, it works just fine and everything on the LAN still
works.  It's only my other computer that disappears from the LAN when it
connects to the VPN.  So I've gotta figure that it is a local windows
config.

Both computers are running Windows 7.

---
Brian Weeden
Technical Advisor
Secure World Foundation 
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US


On Mon, Apr 26, 2010 at 4:53 AM, Christopher Fisk wrote:

> On Mon, 26 Apr 2010, maccrawj wrote:
>
>  Would issuing a "route print" on the affected machine reveal the result of
>> this? I'm assuming the 0.0.0.0 is catch-all route for non-VPN traffic.
>>
>
> Not conclusively.  VPN software generally hooks into the TCP stack and
> depending on the setup may or may not adjust your routing table (The good
> stuff does routing properly with a virtual adaptor, the hard to troubleshoot
> stuff just does stack manipulation without a virtual adaptor.
>
>
> Disabling split tunneling is very common, and would be the first thing I
> look into.  Look for the client configuration for it, if it doesn't exist
> look for the server config.  Often it can be set per user or per certificate
> depending on the client you are using.  It is possible it has been disabled
> at the server as previously said.
>
>
> Christopher Fisk
> --
> When it comes to compliments, women are ravenous, bloodsucking monsters,
> always wanting more, more, more!  And if you give it to 'em, you'll get back
> plenty in return.
>-- Homer Simpson, Lisa the Beauty Queen
>

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread Christopher Fisk 

On Mon, 26 Apr 2010, maccrawj wrote:

Would issuing a "route print" on the affected machine reveal the result of 
this? I'm assuming the 0.0.0.0 is catch-all route for non-VPN traffic.


Not conclusively.  VPN software generally hooks into the TCP stack and 
depending on the setup may or may not adjust your routing table (The good 
stuff does routing properly with a virtual adaptor, the hard to 
troubleshoot stuff just does stack manipulation without a virtual adaptor.



Disabling split tunneling is very common, and would be the first thing I 
look into.  Look for the client configuration for it, if it doesn't exist 
look for the server config.  Often it can be set per user or per 
certificate depending on the client you are using.  It is possible it has 
been disabled at the server as previously said.



Christopher Fisk
--
When it comes to compliments, women are ravenous, bloodsucking monsters, 
always wanting more, more, more!  And if you give it to 'em, you'll get 
back plenty in return.

-- Homer Simpson, Lisa the Beauty Queen

Re: [H] VPN connection seals computer off from LAN

2010-04-26 Thread maccrawj 
Would issuing a "route print" on the affected machine reveal the result of this? I'm 
assuming the 0.0.0.0 is catch-all route for non-VPN traffic.



On 4/25/2010 1:14 PM, Bino Gopal wrote:


Sounds like split tunneling being disabled on the one computer...could that 
somehow be set on the VPN server if it's not showing on the client?

Re: [H] VPN connection seals computer off from LAN

2010-04-25 Thread Bino Gopal 

Sounds like split tunneling being disabled on the one computer...could that 
somehow be set on the VPN server if it's not showing on the client?

 

BINO

 
> From: brian.wee...@gmail.com
> Date: Sun, 25 Apr 2010 12:45:01 -0400
> To: hardware@hardwaregroup.com
> Subject: [H] VPN connection seals computer off from LAN
> 
> This is very weird. I have a VPN setup and it's been acting weird - when I
> connect to it using one of the machines on my LAN, that machines effectively
> drops off the network. It can browse the internet just fine, but none of
> the other machines on the LAN can connect to it. Interestingly, although it
> says its LAN IP is still 10.0.1.2, I can't ping it with that IP. I have
> been using this VPN on this particular machine for months with no problems
> until recently.
> 
> However, using the same VPN setup on another machine on the same LAN, it
> will connect to the VPN and still be visible on the LAN and can still
> connect to other clients on the LAN. I've double checked the VPN settings
> are they are exactly the same on both machines.
> 
> Any ideas?
> 
> ---
> Brian Weeden
> Technical Advisor
> Secure World Foundation <http://www.secureworldfoundation.org>
> +1 (514) 466-2756 Canada
> +1 (202) 683-8534 US

[H] VPN connection seals computer off from LAN

2010-04-25 Thread Brian Weeden 
This is very weird.  I have a VPN setup and it's been acting weird - when I
connect to it using one of the machines on my LAN, that machines effectively
drops off the network.  It can browse the internet just fine, but none of
the other machines on the LAN can connect to it.  Interestingly, although it
says its LAN IP is still 10.0.1.2, I can't ping it with that IP.  I have
been using this VPN on this particular machine for months with no problems
until recently.

However, using the same VPN setup on another machine on the same LAN, it
will connect to the VPN and still be visible on the LAN and can still
connect to other clients on the LAN.  I've double checked the VPN settings
are they are exactly the same on both machines.

Any ideas?

---
Brian Weeden
Technical Advisor
Secure World Foundation 
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US