wireless connection problem

Archived from groups: alt.internet.wireless (More info?)

I am trying to connect (wireless) to my office network with my laptop. I
have a Toshiba Satellite notebook; it says that I am connected to the
network, but I am not sending nor receiving packets (while everything works
fine if I am not wireless connected). I tried to ping between computers, but
there is no answer. I checked the ip settings and they are fine. If I do an
ipconfig /all command I get the right ip address, subnet mask and gateway.

I think this might have occured after I installed SSH sentinel for the VPN
connection while it was working well before I installed this software.

Please help.

Thank you.

Netadict
11 answers Last reply
More about wireless connection problem
  1. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 26 Aug 2005 15:09:06 GMT, "Netadict" <netadictnospam@alice.it>
    wrote:

    >I am trying to connect (wireless) to my office network with my laptop. I
    >have a Toshiba Satellite notebook; it says that I am connected to the
    >network, but I am not sending nor receiving packets (while everything works
    >fine if I am not wireless connected). I tried to ping between computers, but
    >there is no answer. I checked the ip settings and they are fine. If I do an
    >ipconfig /all command I get the right ip address, subnet mask and gateway.
    >
    >I think this might have occured after I installed SSH sentinel for the VPN
    >connection while it was working well before I installed this software.

    Yeah, that's highly probable. VPN clients and shims take over the IP
    stack. If you want to do an unencrypted session directly to the
    internet through your own router, you have to either disable the shim,
    or setup a profile that has no VPN encryption in the tunnel with the
    correct gateway. That's the way my SafeNet VPN shim works. There's a
    good reason for this as a VPN should not allow traffic from your LAN
    or through your router to get into the corporate LAN at the other end
    of the VPN tunnel. That's an instant security nightmare. So, with
    the VPN running and connected, you don't get to connect directly to
    the internet. This smells like a corporate setup so I suggest you
    call your corporate IT people and ask for help.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    AE6KS 831-336-2558
  2. Archived from groups: alt.internet.wireless (More info?)

    > I think this might have occured after I installed SSH sentinel for the VPN
    > connection while it was working well before I installed this software.

    Obvious question then is does it work again when you uninstall that
    software?

    David.
  3. Archived from groups: alt.internet.wireless (More info?)

    Thank you for your help.

    One more question, why the wireless connection does not work if I disable
    the SSH network?

    Thank you.

    Regards,
    Netadict


    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> ha scritto nel messaggio
    news:t2iug1d3kqra8chu0bfdsrni2agluuu669@4ax.com...
    | On Fri, 26 Aug 2005 15:09:06 GMT, "Netadict" <netadictnospam@alice.it>
    | wrote:
    | Yeah, that's highly probable. VPN clients and shims take over the IP
    | stack. If you want to do an unencrypted session directly to the
    | internet through your own router, you have to either disable the shim,
    | or setup a profile that has no VPN encryption in the tunnel with the
    | correct gateway. That's the way my SafeNet VPN shim works. There's a
    | good reason for this as a VPN should not allow traffic from your LAN
    | or through your router to get into the corporate LAN at the other end
    | of the VPN tunnel. That's an instant security nightmare. So, with
    | the VPN running and connected, you don't get to connect directly to
    | the internet. This smells like a corporate setup so I suggest you
    | call your corporate IT people and ask for help.
    | --
    | Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    | 150 Felker St #D http://www.LearnByDestroying.com
    | Santa Cruz CA 95060 http://802.11junk.com
    | AE6KS 831-336-2558
  4. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 26 Aug 2005 17:42:23 GMT, "Netadict \(home\)"
    <lorenzo@nospamlunet.it> wrote:

    >One more question, why the wireless connection does not work if I disable
    >the SSH network?

    I don't know. If you disable the VPN or SSH shim, or set it to pass
    through, it should allow connections to the internet. Maybe it would
    be helpful if you would disclose the vendor, product name, and
    version?

    Try this simple experiment.
    start -> run -> cmd <enter>
    tracert www.yahoo.com

    Try the above with the VPN running and without the VPN running. Where
    do the packets try to go? If they're going to the corporate LAN, then
    there's probably another layer of security inside the corporate LAN
    that needs to be dealt with before you can go out to the internet. If
    the packet try to go via the corporate LAN through the VPN, even with
    the VPN disabled, then you have *NOT* disabled the VPN or SSH client.

    You can also get a clue where packets are going by dumping the route
    table.
    route -print | more
    However, you might have some difficulties interpreting the numbers.
    If the routeing table does NOT change when you are disabling the VPN
    or SSH client, then you're doing something wrong.

    Also, when you connect via the VPN, you will be assigned a new IP
    address that is routed to the corporate LAN. Run:
    ipconfig
    and see where it's going. Note the default route value. If the
    default route points to the corporate LAN, that's where you're going
    to get your internet access. If it points to your router, then you
    should be able to browse the internet normally.


    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831.336.2558 voice http://www.LearnByDestroying.com
    # http://802.11junk.com
    # jeffl@comix.santa-cruz.ca.us
    # jeffl@cruzio.com AE6KS
  5. Archived from groups: alt.internet.wireless (More info?)

    Thank you.

    I tried tracert www.yahoo.com with the VPN Policy Manager running and not
    running but it does not change. I can always surf the internet, my major
    problem is the wireless connection that it is not working since I installed
    SSH sentinel (TM) version 1.4 (build 137).

    I presume that I have no choice then unistall the SSH sentinel SW.

    Thanks for your help.

    Ciao,
    Netadict

    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> ha scritto nel messaggio
    news:593vg1hrier0d714kr8e87hdpnepn9uv12@4ax.com...
    | On Fri, 26 Aug 2005 17:42:23 GMT, "Netadict \(home\)"
    | <lorenzo@nospamlunet.it> wrote:
    |
    | >One more question, why the wireless connection does not work if I disable
    | >the SSH network?
    |
    | I don't know. If you disable the VPN or SSH shim, or set it to pass
    | through, it should allow connections to the internet. Maybe it would
    | be helpful if you would disclose the vendor, product name, and
    | version?
    |
    | Try this simple experiment.
    | start -> run -> cmd <enter>
    | tracert www.yahoo.com
    |
    | Try the above with the VPN running and without the VPN running. Where
    | do the packets try to go? If they're going to the corporate LAN, then
    | there's probably another layer of security inside the corporate LAN
    | that needs to be dealt with before you can go out to the internet. If
    | the packet try to go via the corporate LAN through the VPN, even with
    | the VPN disabled, then you have *NOT* disabled the VPN or SSH client.
    |
    | You can also get a clue where packets are going by dumping the route
    | table.
    | route -print | more
    | However, you might have some difficulties interpreting the numbers.
    | If the routeing table does NOT change when you are disabling the VPN
    | or SSH client, then you're doing something wrong.
    |
    | Also, when you connect via the VPN, you will be assigned a new IP
    | address that is routed to the corporate LAN. Run:
    | ipconfig
    | and see where it's going. Note the default route value. If the
    | default route points to the corporate LAN, that's where you're going
    | to get your internet access. If it points to your router, then you
    | should be able to browse the internet normally.
    |
    |
    |
    | --
    | # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    | # 831.336.2558 voice http://www.LearnByDestroying.com
    | # http://802.11junk.com
    | # jeffl@comix.santa-cruz.ca.us
    | # jeffl@cruzio.com AE6KS
  6. Archived from groups: alt.internet.wireless (More info?)

    On Sat, 27 Aug 2005 06:17:03 GMT, "Netadict \(home\)"
    <lorenzo@nospamlunet.it> wrote:

    >I tried tracert www.yahoo.com with the VPN Policy Manager running and not
    >running but it does not change. I can always surf the internet, my major
    >problem is the wireless connection that it is not working since I installed
    >SSH sentinel (TM) version 1.4 (build 137).
    >
    >I presume that I have no choice then unistall the SSH sentinel SW.

    Sorry. I didn't quite understand your description. When you say "I
    can always suft the internet" I presume that means you can surf the
    internet through a wired connection at both the office and the house.
    My guess is that you cannot connect using a wireless connection at the
    office. Is this correct?

    You state that IPCONFIG /ALL shows the "correct" IP addreses. It's
    possible that you're looking at the addresses delivered by the
    previous lease or from your home system. Try:
    start -> run -> cmd <enter>
    ipconfig /release
    (wait about 5 seconds)
    ipconfig /renew
    ipconfig
    and see if it returns the same IP addresses. If not, then you were
    not getting a DHCP assigned IP address which usually means an bad WEP
    key.

    Sorry, I can't guess any more details from what you've supplied.

    --
    # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    # 831.336.2558 voice http://www.LearnByDestroying.com
    # http://802.11junk.com
    # jeffl@comix.santa-cruz.ca.us
    # jeffl@cruzio.com AE6KS
  7. Archived from groups: alt.internet.wireless (More info?)

    Thanks for your help.

    I unistalled SSH sentinel and everything is working fine again.

    Now I need to set a VPN between office and home.

    Thank you.

    Ciao,
    netadict

    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> ha scritto nel messaggio
    news:0lu1h11fshuu0v9o7s1ncihh78m28i1ptn@4ax.com...
    > On Sat, 27 Aug 2005 06:17:03 GMT, "Netadict \(home\)"
    > <lorenzo@nospamlunet.it> wrote:
    >
    >>I tried tracert www.yahoo.com with the VPN Policy Manager running and not
    >>running but it does not change. I can always surf the internet, my major
    >>problem is the wireless connection that it is not working since I
    >>installed
    >>SSH sentinel (TM) version 1.4 (build 137).
    >>
    >>I presume that I have no choice then unistall the SSH sentinel SW.
    >
    > Sorry. I didn't quite understand your description. When you say "I
    > can always suft the internet" I presume that means you can surf the
    > internet through a wired connection at both the office and the house.
    > My guess is that you cannot connect using a wireless connection at the
    > office. Is this correct?
    >
    > You state that IPCONFIG /ALL shows the "correct" IP addreses. It's
    > possible that you're looking at the addresses delivered by the
    > previous lease or from your home system. Try:
    > start -> run -> cmd <enter>
    > ipconfig /release
    > (wait about 5 seconds)
    > ipconfig /renew
    > ipconfig
    > and see if it returns the same IP addresses. If not, then you were
    > not getting a DHCP assigned IP address which usually means an bad WEP
    > key.
    >
    > Sorry, I can't guess any more details from what you've supplied.
    >
    > --
    > # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
    > # 831.336.2558 voice http://www.LearnByDestroying.com
    > # http://802.11junk.com
    > # jeffl@comix.santa-cruz.ca.us
    > # jeffl@cruzio.com AE6KS
  8. Archived from groups: alt.internet.wireless (More info?)

    On Sun, 28 Aug 2005 08:15:37 GMT, "Netadict" <netadictnospam@alice.it>
    wrote:

    >Thanks for your help.
    >I unistalled SSH sentinel and everything is working fine again.
    >Now I need to set a VPN between office and home.

    Well, I use the SafeNet VPN client on my laptops to connect to my home
    and office networks. It's very similar to your SSH Sentinel. In
    fact, SafeNet bought the SSH Sentinel product last year.
    > http://www.ssh.com/company/newsroom/article/484/
    There's no reason that the ethernet should work while the wireless not
    work. That has to be a VPN configuration problem. However, setting
    up a VPN is not a trivial exercise. I think you need some local
    hands-on help.

    However, if all you want is a single VPN tunned between your home and
    office, I suggest you NOT install software on the clients and use a
    hardware solution at both ends. Replace your routers with VPN routers
    that are designed for the purpose. You can still connect when
    portable using VPN client software on laptops, but the basic
    connection between home and office is via dedicated routers.

    I've been using various Sonicwall VPN routers for the purpose but they
    tend to rather expensive. I have one customer with 4 locations in 3
    states using Sonicwall TELE connected via a hardware VPN. Click
    "network neighborhood" and you see every machine at all the locations.
    I've also used Netscreen (now Jupiter) Linux based routers for VPN.
    They're nice because they support both IPSec and PPTP VPN's. The PPTP
    is useful as it comes with all Windoze versions.

    I've been looking at the line of Netgear VPN routers:
    > http://www.netgear.com/products/business/prod_vpnrouter_wired_security_sb.php
    which are MUCH cheaper than Sonicwall. However, I don't have any
    current experience with these. I have used Linksys BEFVP41 routers
    but was not thrilled with the performance limits.

    Incidentally, the Netgear software VPN client:
    > http://www.netgear.com/products/details/VPN01L_VPN05L.php
    appears to be the SafeNet OEM VPN client.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    AE6KS 831-336-2558
  9. Archived from groups: alt.internet.wireless (More info?)

    Thanks for your suggestion.

    One more question, as far as you know is it possible to make a VPN between a
    static IP address (office) and a dynamic IP address (home)?

    Thank you for your help.

    Ciao,
    Netadict


    "Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> ha scritto nel messaggio
    news:soj3h11kst9dsm56k72j7eq9hvthpu5dop@4ax.com...
    > On Sun, 28 Aug 2005 08:15:37 GMT, "Netadict" <netadictnospam@alice.it>
    > wrote:
    >
    >>Thanks for your help.
    >>I unistalled SSH sentinel and everything is working fine again.
    >>Now I need to set a VPN between office and home.
    >
    > Well, I use the SafeNet VPN client on my laptops to connect to my home
    > and office networks. It's very similar to your SSH Sentinel. In
    > fact, SafeNet bought the SSH Sentinel product last year.
    >> http://www.ssh.com/company/newsroom/article/484/
    > There's no reason that the ethernet should work while the wireless not
    > work. That has to be a VPN configuration problem. However, setting
    > up a VPN is not a trivial exercise. I think you need some local
    > hands-on help.
    >
    > However, if all you want is a single VPN tunned between your home and
    > office, I suggest you NOT install software on the clients and use a
    > hardware solution at both ends. Replace your routers with VPN routers
    > that are designed for the purpose. You can still connect when
    > portable using VPN client software on laptops, but the basic
    > connection between home and office is via dedicated routers.
    >
    > I've been using various Sonicwall VPN routers for the purpose but they
    > tend to rather expensive. I have one customer with 4 locations in 3
    > states using Sonicwall TELE connected via a hardware VPN. Click
    > "network neighborhood" and you see every machine at all the locations.
    > I've also used Netscreen (now Jupiter) Linux based routers for VPN.
    > They're nice because they support both IPSec and PPTP VPN's. The PPTP
    > is useful as it comes with all Windoze versions.
    >
    > I've been looking at the line of Netgear VPN routers:
    >>
    >> http://www.netgear.com/products/business/prod_vpnrouter_wired_security_sb.php
    > which are MUCH cheaper than Sonicwall. However, I don't have any
    > current experience with these. I have used Linksys BEFVP41 routers
    > but was not thrilled with the performance limits.
    >
    > Incidentally, the Netgear software VPN client:
    >> http://www.netgear.com/products/details/VPN01L_VPN05L.php
    > appears to be the SafeNet OEM VPN client.
    >
    >
    > --
    > Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    > 150 Felker St #D http://www.LearnByDestroying.com
    > Santa Cruz CA 95060 http://802.11junk.com
    > AE6KS 831-336-2558
  10. Archived from groups: alt.internet.wireless (More info?)

    On Sun, 28 Aug 2005 16:41:28 GMT, "Netadict" <netadictnospam@alice.it>
    wrote:

    >One more question, as far as you know is it possible to make a VPN between a
    >static IP address (office) and a dynamic IP address (home)?

    Yes. You need to subscribe to a dynamic DNS service (DDNS) such as
    No-ip.com or dyndns.com. Dyndns is supported in firmware by most
    routers so methinks this is the best choice. I have a paid account
    with them and use it to point to customers, weather stations, and
    internet connected devices. If the router does not support DDNS in
    firmware, then you can add their software to one of the office client
    computers.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    AE6KS 831-336-2558
  11. Archived from groups: alt.internet.wireless (More info?)

    > One more question, as far as you know is it possible to make a VPN between a
    > static IP address (office) and a dynamic IP address (home)?

    Yes but you have to either know the IP address or be able to resolve it
    by using something like dyndns.org which some routers support or use a
    tool like dns2go from www.deerfield.com to register the current address
    in a dns service.

    David.
Ask a new question

Read More

Wireless Connection Wireless Networking