Using VPN and internet browsing at the same time.

  • Thread starter Thread starter Tim
  • Start date Start date
T

Tim

I have a DSL connection which works fine for internet browsing or for a VPN
connection to my office, but the internet browsing doesn't work when the VPN
is connected.

I'm running Windows XP and my home machine is using 192.168.1.x and work is
192.168.0.x At home my DSL modem is the primary DNS. My VPN connection
uses DHCP. I have tried with and without the remote gateway option on the
VPN connection. The VPN server is a router while my work's DNS is on a
Windows server 2003 (Active Directory). At home I have a workgroup HOME and
work is a domain.

When I type a url into the browser while the VPN is connected I get page not
found. (Perhaps the DNS is not resolving?)

This seems like it shouldn't be that hard... Thanx for any help!
 
Not sure what you are using as the "router" at work, but this is probably
the preferred setup. This is an attempt to prevent the possibility of
someone accessing your computer via the Internet and using your open VPN
tunnel to access the corporate network.

I have purposely set my Cisco VPN users this way using the Cisco firewall to
centrally control this.

You might check with your work admin. He probably set it up like this on
purpose.

hth
DDS W 2k MVP MCSE
 
Tim said:
I have a DSL connection which works fine for internet browsing or for a VPN
connection to my office, but the internet browsing doesn't work when the
VPN is connected.

I'm running Windows XP and my home machine is using 192.168.1.x and work
is 192.168.0.x At home my DSL modem is the primary DNS. My VPN
connection uses DHCP. I have tried with and without the remote gateway
option on the VPN connection. The VPN server is a router while my work's
DNS is on a Windows server 2003 (Active Directory). At home I have a
workgroup HOME and work is a domain.

When I type a url into the browser while the VPN is connected I get page
not found. (Perhaps the DNS is not resolving?)

This seems like it shouldn't be that hard... Thanx for any help!
Click to expand...

Tim,

This "problem" is caused by the default gateway getting changed when you
create the VPN tunnel. When you're trying to get a website or something your
PC tries to get it over the vpn instead of your dsl. The solution is quite
simple, disable the option: "Use default gateway on remote network" in the
advanced tcp/ip properties from your vpn connection. This makes sure that
your local router will be used as gateway for addresses to unknown network.

Don't forget to change the router table for the subnets you should have
access to via the vpn tunnel.

Marcel
 
Ok I partially follow. I have turned off the use remote gateway option. it
still didn't work. What do you mean by "Don't forget to change the router
table for the subnets you should have access to via the vpn tunnel."? The
use remote gateway option doesn't seem to affect either the VPN or the
internet access. The VPN works fine either way and the internet access
doesn't.

Thanx!
 
Actually we are a small company and I am one of the two admins (we all wear
many hats.) We are using a netopia router and the VPN built into it along
with the MS VPN client. I have two new slaes people starting next week who
will need to access the VPN so I'm running out of time to figure this out.

Thanx!
 
With Cisco what you describe is called split tunneling. Disable split
tunneling on the Cisco firewall and my users can only use the VPN or the
Internet. Enable split tunneling and my users can use both. For security
purposes I keep it disabled.

You might check to see if Netopia has a similar setting.

hth
DDS W 2k MVP MCSE
 
Tim said:
Ok I partially follow. I have turned off the use remote gateway option.
it still didn't work. What do you mean by "Don't forget to change the
router table for the subnets you should have access to via the vpn
tunnel."? The use remote gateway option doesn't seem to affect either the
VPN or the internet access. The VPN works fine either way and the
internet access doesn't.

Thanx!
Click to expand...

If you don't change the router table and your company lan contains multiple
subnets, the clients can't access those subnets other than the one it's on.
(because of the default gateway). Is the IP address given to the vpn client
on the same subnet as you're internal lan or does it have a VPN subnet?

Marcel
 
The vpn client uses a different subnet than my home PC. My home subnet is
192.168.1.xx and work is 192.168.0.xx The work network is a single subnet.
My home PC is 192.168.1.2 and the vpn client is 192.168.0.153 assigned by
DHCP in the vpn server. So my routing table looks like this

With default gateway option
0.0.0.0 0.0.0.0 192.168.0.153
192.168.0.153 1
0.0.0.0 0.0.0.0 192.168.1.1
192.168.1.2 21
....
....
192.168.0.153 255.255.255.255 127.0.0.1 127.0.0.1
50
192.168.0.255 255.255.255.255 192.168.0.153 192.168.0.153
50
192.168.1.0 255.255.255.0 192.168.1.2
192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1
20
....
....

Default Gateway: 192.168.0.153

where 192.168.0.153 is the DHCP assigned address on the vpn adapter and
192.168.1.2 is the host PC at home.

Without the default gateway option

0.0.0.0 0.0.0.0 192.168.1.1
192.168.1.2 20
....
....
192.168.0.0 255.255.255.0 192.168.0.153 192.168.0.153
1
192.168.0.153 255.255.255.255 127.0.0.1 127.0.0.1
50
192.168.0.255 255.255.255.255 192.168.0.153 192.168.0.153
50
192.168.1.0 255.255.255.0 192.168.1.2
192.168.1.2 20
....
....

Default Gateway: 192.168.1.1

Thanx!
 
Tim said:
The vpn client uses a different subnet than my home PC. My home subnet is
192.168.1.xx and work is 192.168.0.xx The work network is a single
subnet. My home PC is 192.168.1.2 and the vpn client is 192.168.0.153
assigned by DHCP in the vpn server. So my routing table looks like this

With default gateway option
0.0.0.0 0.0.0.0 192.168.0.153 192.168.0.153
1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2
21
...
...
192.168.0.153 255.255.255.255 127.0.0.1 127.0.0.1
50
192.168.0.255 255.255.255.255 192.168.0.153 192.168.0.153
50
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2
20
192.168.1.2 255.255.255.255 127.0.0.1
127.0.0.1 20
...
...

Default Gateway: 192.168.0.153

where 192.168.0.153 is the DHCP assigned address on the vpn adapter and
192.168.1.2 is the host PC at home.

Without the default gateway option

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2
20
...
...
192.168.0.0 255.255.255.0 192.168.0.153 192.168.0.153
1
192.168.0.153 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.153 192.168.0.153
50
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2
20
...
...

Default Gateway: 192.168.1.1

Thanx!
Click to expand...

The work subnet is a single one, than you shouldn't need the default gateway
on the remote net. Try pinging to the outside world on IP, just to be sure
that there isn't any dns issue. It would even be better to use tracert to
see in what direction the packets are send.

Marcel
 
Back
Top