I finally got VPN working with my home network, however I now find that when logged in remotely I’m connected twice – locally and via VPN. This ends up confusing my IM clients because they go “Hey, you’re logged in via two different places, whattup widdat?!” Is there a simple solution to this?
Disconnect your local IM client before you VPN.
I don’t have to worry about it, because VPN’ing automatically places me behind a corporate firewall and all my local IM instances crap out.
What client are you using? Have you tried enabling split tunneling, or if ms pptp disabling “Use gateway on remote network”?
More VPN issues. This is pretty simple, but I can’t find a simple answer. When logged in with VPN I have two IP connections, usually something like Wireless and then PPP (VPN).
How does Windows choose which connection to “go through” for things like Web browsing, getting email, name lookups, etc.?
Each IP connection has its own address and subnet. (Example: 192.168.1.1 / 255.255.255.0).
If an IP address is on a local network (example: 192.168.1.10), it’ll just attempt to look for it on the local network (doing an ARP).
For systems outside the local subnetwork(s), Windows has to go look at the Gateway – which is the “tell me how to get to other networks” address.
So you see that should-be-disabled “use gateway on remote network” checkbox that forgeforsaken describes? That tells Windows to ignore the gateway on the VPN connection. So you can hit the network local to the VPN connection, but all connections outside of the local networks you’re connected to will NOT go through the VPN.
Now, that’s a pretty simplistic explanation of how routing works. If you type “route PRINT” at the Windows command prompt, Windows will tell you it’s current ways to get to other systems. It’s possible to manually add and change routes, but well, I’ve never had to do that.
Usually it will set up the routing table so that only destinations in the address range covered by the VPN will go through the VPN interface.
Do a ‘netstat -r’ to see the current routing table. Basically it looks for an entry where the destination IP address you’re trying to find matches a network destination (after being ANDed with the netmask), and then uses that interface.
DNS will probably still be done through whatever the original setup was though, which can be a pain in the ass. You might have to manually add the internal addresses of your VPN’s DNS servers to the list, but it depends on how they’re set up. At our office we gave up trying to get it to work and just distribute a big ‘hosts’ file with entries for the most commonly used servers.
The main reason I’m trying to use VPN is so that outgoing mail doesn’t inadvertently flagged as SPAM. Right now I’m logged in at a T-Mobile HotSpot, which traps all SMTP outgoing requests and routes it through its own server. The problem is that like 25% of the people out there flat our reject mail from T-Mobile.
So what I had hoped was to login via VPN and send mail out THAT way, using VPN’s gateway as the default gateway. When I did this at a friend’s house, it worked great. Here at Starbucks it’s not working at all. I can connect just fine and I get an internal IP address, e.g. 192.168.1.10, but simply pinging another system on the LAN doesn’t work (via IP not name). That should at least work.
What IP address did the Starbuck’s hotspot give you?
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : cust.hotspot.t-mobile.com
IP Address. . . . . . . . . . . . : 10.255.40.164
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 10.255.40.161
Well, that shouldn’t be a problem.
I have no idea. Sorry.
Can I post anything else that would help? Routing tables, IP addresses when logged in with VPN?
The ‘using the VPN gateway as the default gateway’ sounds suspicious to me. You should be able to leave the default gateway alone as the wireless gateway, otherwise it may never be able to find the wireless gateway because it keeps getting rerouted to the VPN’s gateway, which it doesn’t yet have a route to.
This is only after you get connected to VPN. If I uncheck that, then everything “works” but now all traffic, by default, goes out the wireless network instead of through the VPN, so I get right back to that mail problem I was having.
What does the routing table say in that case?
Try something like:
‘route add 192.0.0.0 mask 255.0.0.0 192.x.y.z’
after starting the VPN, where the 192.x.y.z is whatever the VPN gateway is.
Oh wait, is the mail server you’re trying to reach in the VPN range? If not, and you’re just trying to go through the VPN as an intermediary to some other destination outside the VPN, then that’s a more advanced tunnelling problem.
That’s probably beyond my abilities, but it might work if you add a routing rule for that specific destination address. I.e., ‘route add A.B.C.D mask 255.255.255.255 192.x.y.z’ where A.B.C.D is the mail server.
I don’t think delving deep into the world of routing is the solution here. The core problem is that he wants to redirect all traffic accross the tunnel in order to make sure that SMTP traffic goes through the tunnel. Which is fairly reasonable, as tunnels aren’t that hard to turn on/off.
The bigger question is why isn’t the tunnel working? I’d be more interested in if the VPN app had error messages or other complaints.
I don’t think so. Basically I have my laptop connected to T-Mobile, which provides access to most anything I want. But I want to use my ISP’s mail server, which I can only access if I’m on their net. So to do that I VPN to home to send mail – that way A.) T-Mobile isn’t intercepting my SMTP connection and B.) my ISP’s mail server allows me to send mail since it doesn’t think I’m relaying.
This is regular every day PPTP Windows VPN (XP Pro connecting to XP Pro). It’s worked in the past, so I’m guessing maybe there’s some T-Mobile issue. T-Mobile says I need to call them if I’m having issues, they don’t have a standard set of guidelines for resolving this.
Ah, whoops, now that I understand the problem…I have no idea what’s wrong.
I think this is the point at which you ssh/Remote Desktop into your home machine and do it from there. :)
Except my laptop is my home machine, it’s just not at home, it’s at Starbucks =/ So my email client is as well. Bah.