dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1057
share rss forum feed


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1

VPN

If I connect to my network over VPN, should my device behave as if I am actually part of that network? e.g. If I go to 192.168.0.1 should I see the admin page of my Zywall?

Or do I need to do some fashion of port forwarding on top of the VPN? Just wondering if a VPN basically removes you from the local network and puts you into the remote one?

Thanks.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16

JPedroT

join:2005-02-18
kudos:2
Depends on what ZyWALL you have and how you have setup the VPN, great answer right?
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
I know for access from a mobile device an extra routing had to be put in place.

PS Burke should have played a few minute in the second part of the first half.......... coaching error. Somebody should have grabbed hancocks cock real hard........


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
For sure Albrecht got worn out.

I have the USG20. I didn't know you could set it up multiple ways. So in what way would I set it up so that it acts just as if I am on my home network?

I am using an android. wanted to check the zywall from work and some other things over the VPN. Honestly, I guess I haven't tested at all since I have only made the connection but I haven't done anything over that connection...
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Well I have set it up and was only friggin around for streaming.
I use file xplorers to access the NAS boxes on my network no problem but have not tried yet to access router. Using L2TP vpn by the way.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
I'm using L2TP over IPSec. My android filemanager is finding servers in my local network and not in the network I am VPNed to.

Confused


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Thats because you did something wrong LOL.

What zone do you have indentified in your VPN Connection. (I use tunnel).

What does your routing policy look like.
user: any
schedule: none
incoming: Any(excluding zywall)
source: L2TP lan subnet (my LAN1)
destination: L2TP Pool (identified as an object diff from any other subnet - ie. 192.168.100.10-15)
service: any
source port: any
next hop: L2TP Remote (vpn connection name)
SNAT: None

I interpret this as saying, any incoming traffic from the L2TP Pool that hits my LAN, will receive traffic returns because Im telling the router any traffic associated with the POOL that is being returned from the LAN has to go to the VPN connection.

So not sure how the traffic is reaching a source not identified in your routing........... or more accurately how the return traffic is included when its clearly not supposed to be able to according to the routing rule.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


superataru

join:2004-12-07
Kearny, NJ
reply to Anav
said by Anav:

Well I have set it up and was only friggin around for streaming.
I use file xplorers to access the NAS boxes on my network no problem but have not tried yet to access router. Using L2TP vpn by the way.

Dunno if really reaches the remote. In all cases could be useful to have a check on zone | address-from .... allowed to management
Configuration -> System -> WWW -> Admin Service Control
and Firewall's settings "Zone X to ZyWALL"

Hope it could help.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to Anav
My source address is set to 'any'.
Next hop is set to 'VPN_Tunnel' and the VPN_Tunnel is set to L2TP_IPSEC_DYN_VPN.

my pool is different. its 192.168.250.0/24. its set as an address and not an address group. That's correct?
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Well there you go, you said your source address to ANY. I have mine set to LAN1 subnet. So dont complain LOL.

I set my l2tp pool to be a range. I set it at five, the max number of users I envisage using it at one time.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
but I have more than one subnet. Ill need a rule for each of my LAN subnets instead of using any?

As it is, to reach the L2TP pool address you will have to go over the tunnel. Does not matter where you are from.

I did change it though it made no difference.

--
dnoyeB

"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard. " Ecclesiastes
9:16


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Yes If you need access to different subnet, I would use different routing rules and diff user names etc..........

There is something wrong if your android is accessing a LAN2 if your LAN1 is identified in the routing rule. (do you have a firewall rule allowing full traffic between lan1 and lan2 - grasping at straws.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
Doing this from my job LAN. I am getting a NAT address here. The address that is showing up in the Zywall's logs is of course the NAT address and not the actual address of my device.

in the log I see a
'user dnoyeb from l2tp has logged in ZyWall' with source=192.168.250.1 which is my L2TP_Pool range.

The next line is
'user dnoyeb has been granted an L2TP over IPSec session'
source = ZywallWANIP, destination=WORKIP

If I still had my tmobile data plan I'd try it without the NAT, but I don't...
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to Anav
said by Anav:

There is something wrong if your android is accessing a LAN2 if your LAN1 is identified in the routing rule.

the servers being found are the ones at work not on my home network.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to dnoyeB
Sorry Im confused.
I thought you were using your smart phone while out, to get to home servers.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
I know, I confuse everybody having a smart phone without a data plan

I'm connected to the network at my job over WiFi using a Nexus 7 and/or a Galaxy Nexus.

I am attempting to connect to the servers at my house.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
argggg now im pulling my hair out LOL. That doesnt clear it up.
Go to tim hortons and use their wifi to connect to home for gods sake.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
getting an error
IPSEC SPI:0x0 SEQ:0x0 No Rule found, Dropping packet

I believe this happens after I try to connect with the file manager. Any ideas?


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
how will the android know to send the 192.168.0.2 through the 192.168.250.1 connection instead of to the local address of 10.x.x.x?

when I do some function its hitting the local network and not going through the VPN. Somehow the client needs to know to use the VPN and not the local stuff. Unless the VPN overrides any local, but clearly it does not because I am still seeing local servers even with an 'active' VPN connection.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
without diagrams im lost.


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to dnoyeB
Well I ran a test from Windows 7. Having the same problem there. I found that I am able to ping the servers inside my network. But http does not come through neither does SMB/NMB file sharing stuff.
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16