| Author |
Contivity VPN Client and home network
|
|
|
| Hi,
I hope someone could help because my networking knowledge is not that great.
I have a home network at home behind a Linksys router with IP addresses
starting from 192.168.1.100. I also use Contivity VPN Client to connect to
my employer's network using a smart card. The problem is that when the
Contivity VPN Client is connected I cannot access any of my home computers.
For example, I cannot map to shared drives neither by name nor by TCP/IP
address, neither I can browse web pages in any of my home web sites, e.g.
http://mypc/<mywebsite>/.
My explanation is that the reason for this is that all home LAN requests are
re-routed through Contivity VPN Client. When I stop Contivity VPN Client
everything is OK. In Contivity VPN Client Name Server Options both DNS and
WINS properties are blank.
Why is this happening and what I can do to connect to my LAN computers?
| |
| Not-My-Real-Name 2004-09-15, 8:47 pm |
| Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
(and rightly so).
Which basically puts blinders on your PC so that it can ONLY "talk"
to devices on the other side of the VPN, your local stuff is blocked.
Work arounds.
A) Use a secondary protocol on your network (like IPX or NETBEUI) for
sharing.
Bind file and printer sharing to just that protocol for your network (not
TCP/IP).
The Contivity software only works with TCP/IP, it can't and won't filter
other protocols.
B) Put a second NIC in your home machine and don't "bind" the Contivity VPN
client too it.
I haven't tried this yet, it may be that you need to install the NIC after
your Contivity software is installed.
This may not even work.
C) Ask your "Security Guy" to make an exception for your network.
| |
|
| Thank you for the prompt reply.
No much luck with A). This is what I tried. I have Windows XP Pro.
1. Open Networks Connections Pannel.
2. Right-click on Local Area Connection and choose properties.
3. Install Microsoft IPX/SPX protocol.
4. Then when to advanced settings on Network Connections menu.
5. On the Adapters and Bindings tab selected Local Area Connection, then
File and Print Sharing and unchecked TCP/IP (only NWLink IPX/SPX selected).
6. Rebooted
Still cannot map to shares when Contivity is on. Am I missing something.
Want to confirm before mocking up my laptop really good :-(
"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
> (and rightly so).
>
> Which basically puts blinders on your PC so that it can ONLY "talk"
> to devices on the other side of the VPN, your local stuff is blocked.
>
> Work arounds.
>
> A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> sharing.
> Bind file and printer sharing to just that protocol for your network (not
> TCP/IP).
> The Contivity software only works with TCP/IP, it can't and won't filter
> other protocols.
>
> B) Put a second NIC in your home machine and don't "bind" the Contivity
VPN
> client too it.
> I haven't tried this yet, it may be that you need to install the NIC after
> your Contivity software is installed.
> This may not even work.
>
> C) Ask your "Security Guy" to make an exception for your network.
>
>
| |
| Not-My-Real-Name 2004-09-15, 8:47 pm |
| Make sure ALL your PCs on your home LAN are setup to bind
"File and Printer sharing" to IPX only. Not TCP/IP
Also, all the PCs need to use the same Frame type (under advanced settings
for IPX).
They don't automagically find each other otherwise.
You can also use NETBEUI, it's on the XP CD, however it's not supported by
M$.
"Shrek" <anonymous@matrix.com> wrote in message
news:RmnVc.23077$Fg5.3874@attbi_s53...
> Thank you for the prompt reply.
>
> No much luck with A). This is what I tried. I have Windows XP Pro.
>
> 1. Open Networks Connections Pannel.
> 2. Right-click on Local Area Connection and choose properties.
> 3. Install Microsoft IPX/SPX protocol.
> 4. Then when to advanced settings on Network Connections menu.
> 5. On the Adapters and Bindings tab selected Local Area Connection, then
> File and Print Sharing and unchecked TCP/IP (only NWLink IPX/SPX
selected).
> 6. Rebooted
>
> Still cannot map to shares when Contivity is on. Am I missing something.
> Want to confirm before mocking up my laptop really good :-(
>
>
> "Not-My-Real-Name" <someone@micros0ft.com> wrote in message
> news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
gateway[vbcol=seagreen]
(not[vbcol=seagreen]
> VPN
after[vbcol=seagreen]
>
>
| |
|
| Duh, of course.
Let me ask you another question. I have also an option to connect to the
corporate office by VPN instead of through Contivity. I use VPN I don't have
issues with my home network. However, it looks like when I try to browse
Internet the whole traffic is tunneled through the VPN connection and
performance deteriorates. Is there any way to configure my VPN so it directs
ONLY the corporate traffic to itself but leaves anything else through my
Local Area Connection?
"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:PboVc.1494$KF.11668@tor-nn1.netcom.ca...
> Make sure ALL your PCs on your home LAN are setup to bind
> "File and Printer sharing" to IPX only. Not TCP/IP
>
> Also, all the PCs need to use the same Frame type (under advanced settings
> for IPX).
> They don't automagically find each other otherwise.
>
> You can also use NETBEUI, it's on the XP CD, however it's not supported by
> M$.
>
>
>
> "Shrek" <anonymous@matrix.com> wrote in message
> news:RmnVc.23077$Fg5.3874@attbi_s53...
then[vbcol=seagreen]
> selected).
> gateway
> (not
filter[vbcol=seagreen]
Contivity[vbcol=seagreen]
> after
>
>
| |
| Not-My-Real-Name 2004-09-15, 8:47 pm |
|
"Shrek" <anonymous@matrix.com> wrote in message
news:RGoVc.23362$Fg5.8957@attbi_s53...
> Duh, of course.
>
OK, no problem, glad to be of assistance. Have a nice day.
| |
| Sean Culhane 2004-09-15, 8:47 pm |
| I had the same problem ... home network behind a linksys router on a
192.168.1.x subnet, and when connected to employer via Contivity, my
home network wasn't reachable.
The cause was that my employer was also using the 192.168.1.x subnet.
Solution: change my home subnet (via the main linksys admin page) to
be in a non-conflicting range, such as 10.1.1.x
Works like a charm.
-- Sean.
"Shrek" <anonymous@matrix.com> wrote in message news:<mdmVc.52721$TI1.17570@attbi_s52>...
> Hi,
>
> I hope someone could help because my networking knowledge is not that great.
>
> I have a home network at home behind a Linksys router with IP addresses
> starting from 192.168.1.100. I also use Contivity VPN Client to connect to
> my employer's network using a smart card. The problem is that when the
> Contivity VPN Client is connected I cannot access any of my home computers.
> For example, I cannot map to shared drives neither by name nor by TCP/IP
> address, neither I can browse web pages in any of my home web sites, e.g.
> http://mypc/<mywebsite>/.
>
> My explanation is that the reason for this is that all home LAN requests are
> re-routed through Contivity VPN Client. When I stop Contivity VPN Client
> everything is OK. In Contivity VPN Client Name Server Options both DNS and
> WINS properties are blank.
>
> Why is this happening and what I can do to connect to my LAN computers?
| |
|
| I too am not sure the second NIC card would work as the contivity client
changes the routing table and any attempy to change after the contivity
client is started will drop the connection.
"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
> (and rightly so).
>
> Which basically puts blinders on your PC so that it can ONLY "talk"
> to devices on the other side of the VPN, your local stuff is blocked.
>
> Work arounds.
>
> A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> sharing.
> Bind file and printer sharing to just that protocol for your network (not
> TCP/IP).
> The Contivity software only works with TCP/IP, it can't and won't filter
> other protocols.
>
> B) Put a second NIC in your home machine and don't "bind" the Contivity
VPN
> client too it.
> I haven't tried this yet, it may be that you need to install the NIC after
> your Contivity software is installed.
> This may not even work.
>
> C) Ask your "Security Guy" to make an exception for your network.
>
>
| |
|
| Another good possibility is that Split Tunneling has been disabled.
With Split tunneling off, you can ONLY get data to the other end of the
VPN tunnel. All local networks are blocked. This settign is in the
Contivity concentrator, and is downloaded by the client at tunnel
initiliasation.
Mark
Sean Culhane wrote:[vbcol=seagreen]
> I had the same problem ... home network behind a linksys router on a
> 192.168.1.x subnet, and when connected to employer via Contivity, my
> home network wasn't reachable.
>
> The cause was that my employer was also using the 192.168.1.x subnet.
> Solution: change my home subnet (via the main linksys admin page) to
> be in a non-conflicting range, such as 10.1.1.x
>
> Works like a charm.
>
> -- Sean.
>
> "Shrek" <anonymous@matrix.com> wrote in message news:<mdmVc.52721$TI1.17570@attbi_s52>...
>
| |
| Not-My-Real-Name 2004-09-15, 8:47 pm |
| I was thinking that the 2nd card would installed and working in your home PC
BEFORE you started the VPN. You're correct that any
route add changes will cause the client to disconnect.
Anyhow the easiest workaround is the alternate protocol thing or ask
your security admin to make an exception for your network.
The Contivity driver/shim would need to be removed from
"MC" <mwclarke1@yahoo.com> wrote in message
news:maxVc.4454$%n4.2553@bignews6.bellsouth.net...
> I too am not sure the second NIC card would work as the contivity client
> changes the routing table and any attempy to change after the contivity
> client is started will drop the connection.
>
>
> "Not-My-Real-Name" <someone@micros0ft.com> wrote in message
> news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
gateway[vbcol=seagreen]
(not[vbcol=seagreen]
> VPN
after[vbcol=seagreen]
>
>
| |
|
| Any way I can hack and change this setting on my machine?
"Mark" <user@127.0.0.1> wrote in message
news:4126edd2$0$27218$61ce578d@news.syd.swiftdsl.com.au...[vbcol=seagreen]
> Another good possibility is that Split Tunneling has been disabled.
> With Split tunneling off, you can ONLY get data to the other end of the
> VPN tunnel. All local networks are blocked. This settign is in the
> Contivity concentrator, and is downloaded by the client at tunnel
> initiliasation.
>
> Mark
> Sean Culhane wrote:
news:<mdmVc.52721$TI1.17570@attbi_s52>...[vbcol=seagreen]
great.[vbcol=seagreen]
to[vbcol=seagreen]
computers.[vbcol=seagreen]
e.g.[vbcol=seagreen]
are[vbcol=seagreen]
and[vbcol=seagreen]
| |
| Not-My-Real-Name 2004-09-15, 8:47 pm |
| Not that I know if, it's controlled by the VPN gateway, not the client.
"Shrek" <anonymous@matrix.com> wrote in message
news:cHRWc.38854$9d6.25437@attbi_s54...
> Any way I can hack and change this setting on my machine?
>
| |
|
| No. This is a security type setting.
Mark
Shrek wrote:
> Any way I can hack and change this setting on my machine?
>
> "Mark" <user@127.0.0.1> wrote in message
> news:4126edd2$0$27218$61ce578d@news.syd.swiftdsl.com.au...
>
>
> news:<mdmVc.52721$TI1.17570@attbi_s52>...
>
>
> great.
>
>
> to
>
>
> computers.
>
>
> e.g.
>
>
> are
>
>
> and
>
>
>
>
|
|
|
|