Network bridge crashes my computer, VPN saves the day.

  • Thread starter Thread starter kcirevam
  • Start date Start date
K

kcirevam

Purely for scientific purposes (in other words, something to do) I
pulled my old Pentium 200 MMX out of a box and set it underneath my
basement 1.5Gig Athlon. The Athlon runs WinXP SP2 Pro while the P200
runs Windows 2000 Server. The P200 has a D-Link DE-530+ Ethernet
Adapter as it's only network adapter. The Athlon has two adapters:
AIN AWU2000B USB Wireless and Linksys NC100 10/100 Ethernet. I
figured I could network the P200 by leeching off the Athlon's wireless
connection so I pulled out a crossover cable and directly connected
between the DE-530+ and NC100 nic cards.

Now for some LAN details. The connection is predominately wireless.
There are seven computers arranged in a worgroup. One is wired
directly to the Wireless router that is in turn connected to a DSL
modem. The other six are wireless with the P200 as the eighth
computer in the arrangement. The DSL modem has a LAN IP of
192.168.101.11. The Wireless router has a WAN IP 192.168.101.1,
Gateway 192.168.101.11 and LAN IP 192.168.102.11. That simply puts
the DSL modem and WAN side Wireless router port in the same subnet and
the LAN side Wireless router port in the subnet for local computers.

The local computers use the IP range 192.168.102.1 through 10 for
connections. The IP address for my Athlon computer's wireless adapter
is 192.168.102.7 and the gateway is set at 192.168.102.11. The IP
address for my Athlon's ethernet adapter is 192.168.103.1. The IP
address for my P200's etherenet adapter is 192.168.103.2. With this
information you can see the segregation of network segments that lie
in either 192.168.101, 192.168.102, or 192.168.103.

Computers in the network are powered on and off throughout the day but
not one stays on long enough to set up a network with a dedicated
server. As far as I'm concerned the wireless router is the server and
it uses a lot less power. At any rate, I mentioned that the P200 sits
under the desk that the Athlon sits atop. The Athlon has a monitor
while the P200 has none. I use remote desktop to operate the P200.
With this arrangement it is clear that the P200 will never be used
without the Athlon. As a result the Athlon can safely be used to
serve the Internet and LAN connection to the P200. Initial reading
led me to try and bridge the two network adapters in the Athlon.

After bridging the connections the bridge adapter's IP was set to
match the Athlon's original Wireless IP of 192.168.102.7. At this
point I set the P200's IP to 192.168.102.8 and I had me a fully
functional extended network. Unfortunately the situation did not last
for long. After having the Athlon's network adapters bridged for
awhile that computer spontaneously rebooted. Upon reboot, and right
at the point where the wireless adapter usually establishes a
connection, the computer rebooted again. Now I was stuck in a reboot
loop. I decided to load up the system restore point I created right
before enlisting on my project ;-). Back to square one.

After a short interlude, I set the P200's IP back to 192.168.103.2. I
now setup the Athlon computer to serve a VPN connection. The VPN IP's
were set at 192.168.102.8 and 192.168.102.9. Then I set the P200 to
VPN into IP 192.168.103.1 (the Athlon's ethernet adapter). At this
point the Athlon's VPN session was assigned IP 192.168.102.8 and the
P200's VPN session was assigned IP 192.168.102.9. What happened next
was a miracle, I was able to access the internet on the P200. I went
ahead and set the VPN connection as the P200's default internet
connection so it will establish whenever needed.

Does the P200 show up in the network neighborhood? Nope, I could fix
that if there's a way to set the Workgroup for the VPN connection -
still a little more research to do. Can I see the P200's shared files
from other computers on the network? Sure, just type in
\\192.168.122.29 in Windows Explorer's Address bar. Can I remote
desktop into the P200 from other computers on the network? Yep, again
use the P200's VPN IP of 192.168.122.29. Could I have used Microsoft
Internet Connection Sharing (ICS)? As far as I can tell, ICS requires
DHCP. I opted against ICS for that reason.

Now if this post in any way entertained you, feel free to leave some
coins in my cup, or words in the newsgroup as it were. If any of you
know why my network adapters won't bridge on the Athlon without
rebooting (suspected driver incompatibility but both devices have the
latest drivers) please let me know. The situation occurs whether or
not wireless compatibility mode is set (netsh bridge set a 1 e). If
anyone knows how to setup ICS with static IP's please tell the world
how. And finally if anyone knows how to set the Workgroup for a VPN
connection, please let me know.
 
Oddly, after that first VPN connection, I don't seem to have to VPN
anymore to get on the internet. The Athlon has yet to be powered down
so I expect there may be routing information in it that is allowing
the situation. Currently the P200 is using an IP of 192.168.103.2
with gateway set to 192.168.103.1.

The Athlon's ethernet NIC is set with only the IP of 192.168.103.1 and
no gateway. There is an Athlon 2.8Gig machine on this network with an
ethernet connection to the wireless router. It's adapter is set to
192.168.102.1 with gateway 192.168.102.11. To see that computer from
the P200 I use the command route -p add 192.168.102.1 192.168.103.1
and create an LMHOSTS file in %systemroot%\System32\Drivers\Etc with
an entry of: 192.168.102.1 Athlon28.

Broken down the route add command is simply saying "to get to
192.168.102.1, go through 192.168.103.1". The LMHOSTS file is saying
"if you are unable to locate Athlon28 by other means, he's at
192.168.102.1". And since I've created a route to 192.168.102.1 I can
now type in \\Athlon28 into Windows Explorer's address bar and see
that computer from the P200. It doesn't show up in Network
Neighborhood by default but who's complaining.

So with VPN to kickstart the internet routing, along with the use of
the route command and the LMHOSTS file I have a working network.
Don't forget about firewalls. Athlon28 is running Zone Alarm 5. I
had to add the IP range 192.168.103.1 through 192.168.103.2 as trusted
to the Network > Firewall section. The P200 can access the internet
and see other workgroup computers in what I imagine is a manual form
of ICS/Bridging.
 
I finally figured out that VPN is not required for the P200 to access
the internet. However, if I delete the VPN server in Windows XP (on
the Athlon) the P200 can't connect to the internet. When I re-enter
the VPN server in XP the P200 is back on. It seems to come down to
these registry keys.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters]
"EnableProxy"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
"Epoch"=dword:000003EC

The biggest thing is RemoteAccess which is part of the RRAS (Routing
and Remote Access) service. With no VPN server setup in Windows XP,
the RRAS service cannot be enabled. As soon as I create a VPN server,
RRAS automatically enables. Apparently the Routing portion allows the
P200's internet access requests to "bridge" from one network adapter
to another.

To reiterate, VPN is not required to access the internet but the RRAS
service must be enabled and the easiest way to do that is to create a
VPN server in XP. With RRAS enabled the Athlon can route internet
requests from one network adapter to the other, essentially creating a
network bridge.

WinXP does have an option to disable connections to the newly created
VPN server. It sounds like a strange option but in my case I just
need the VPN server to enable RRAS so I essentially created the
connnection in XP and then made it impossible to actually use it. The
P200 still accesses the internet with no problem.
 
And finally, care of Microsoft Knowledge Base article Q230082.

Enabling TCP/IP Forwarding
1. Use Registry Editor (Regedt32.exe) to view the following registry
key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
2. Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1
NOTE: A value of 1 enables TCP/IP forwarding for all network
connections installed and used by this computer.

With the routing enabled I no longer needed VPN. So the final fix was
to ditch bridging and embrace routing.
 
Back
Top