Sign in with
Sign up | Sign in
Your question

Problem with VPN over Wireless - Help please!

Last response: in Wireless Networking
Share
April 23, 2005 2:38:01 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

Hi

I have had a consultant in at work today setting up our network so that
staff can connect to our network from their home PCs. Our office network is
linked to an ADSL BT line through a SonicWall TZ170 firewall and an Alcatel
router. We installed SonicWall VPN client on my laptop and I managed to
connect OK from my laptop using a modem dialup (having disconnected all
network cables first). I got on to the network with no problems.
Unfortunately, I could not test this my home wireless connection until I got
home.

Guess what: it doesn't work on my wireless connection.

At home, using the same laptop, I tried connecting through my Belkin
wireless ADSL router. It seems to connect to our network OK, as I get
prompted for a login and password and it tells me it is connected. It then
tries to allocate me an IP address but times out. When I looked in the
laptop's SonicWall VPN client log, the last entry there is "Failed to renew
the IP address for the virtual interface. The semaphore timeout period has
expired".

I guess from this that it is trying to allocate me an IP address but my
Belkin unit is blocking it. Could this be the firewall in the Belkin? I
could be wrong as I am new at this VPN and wireless stuff.

Can anyone advise me what to try?

Regards

Tom

More about : problem vpn wireless

April 23, 2005 2:43:16 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

Just to add to the message below, I have just looked in the Belkin firewall
security log and it tells me that when I tried to connect to the VPN at
work, it generated the message

"**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"

Regards

Tom

"Tom" <tmillington@aavf.co.uk> wrote in message
news:vvOdnehWtO4l8_TfRVnyrA@eclipse.net.uk...
> Hi
>
> I have had a consultant in at work today setting up our network so that
> staff can connect to our network from their home PCs. Our office network
> is linked to an ADSL BT line through a SonicWall TZ170 firewall and an
> Alcatel router. We installed SonicWall VPN client on my laptop and I
> managed to connect OK from my laptop using a modem dialup (having
> disconnected all network cables first). I got on to the network with no
> problems. Unfortunately, I could not test this my home wireless connection
> until I got home.
>
> Guess what: it doesn't work on my wireless connection.
>
> At home, using the same laptop, I tried connecting through my Belkin
> wireless ADSL router. It seems to connect to our network OK, as I get
> prompted for a login and password and it tells me it is connected. It then
> tries to allocate me an IP address but times out. When I looked in the
> laptop's SonicWall VPN client log, the last entry there is "Failed to
> renew the IP address for the virtual interface. The semaphore timeout
> period has expired".
>
> I guess from this that it is trying to allocate me an IP address but my
> Belkin unit is blocking it. Could this be the firewall in the Belkin? I
> could be wrong as I am new at this VPN and wireless stuff.
>
> Can anyone advise me what to try?
>
> Regards
>
> Tom
>
Anonymous
a b F Wireless
April 23, 2005 2:43:17 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

"Tom" <tmillington@aavf.co.uk> wrote in message
news:L6OdnX8NeOZv8vTfRVnysg@eclipse.net.uk...
> Just to add to the message below, I have just looked in the Belkin
> firewall security log and it tells me that when I tried to connect to the
> VPN at work, it generated the message
>
> "**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"
>
> Regards
>
> Tom
>
> "Tom" <tmillington@aavf.co.uk> wrote in message
> news:vvOdnehWtO4l8_TfRVnyrA@eclipse.net.uk...
>> Hi
>>
>> I have had a consultant in at work today setting up our network so that
>> staff can connect to our network from their home PCs. Our office network
>> is linked to an ADSL BT line through a SonicWall TZ170 firewall and an
>> Alcatel router. We installed SonicWall VPN client on my laptop and I
>> managed to connect OK from my laptop using a modem dialup (having
>> disconnected all network cables first). I got on to the network with no
>> problems. Unfortunately, I could not test this my home wireless
>> connection until I got home.
>>
>> Guess what: it doesn't work on my wireless connection.
>>
>> At home, using the same laptop, I tried connecting through my Belkin
>> wireless ADSL router. It seems to connect to our network OK, as I get
>> prompted for a login and password and it tells me it is connected. It
>> then tries to allocate me an IP address but times out. When I looked in
>> the laptop's SonicWall VPN client log, the last entry there is "Failed to
>> renew the IP address for the virtual interface. The semaphore timeout
>> period has expired".
>>
>> I guess from this that it is trying to allocate me an IP address but my
>> Belkin unit is blocking it. Could this be the firewall in the Belkin? I
>> could be wrong as I am new at this VPN and wireless stuff.
>>
>> Can anyone advise me what to try?
>>
>> Regards
>>
>> Tom
>>
>


You might try disabling the firewall in the Belkin and see what happens.

JS
--
www.parallaxconcepts.org
Related resources
Anonymous
a b F Wireless
April 23, 2005 3:47:38 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

In alt.internet.wireless Joseph Stewart <jstewart_nyc@yahoo.com> wrote:
> "Tom" <tmillington@aavf.co.uk> wrote in message
> news:L6OdnX8NeOZv8vTfRVnysg@eclipse.net.uk...
>> Just to add to the message below, I have just looked in the Belkin
>> firewall security log and it tells me that when I tried to connect to the
>> VPN at work, it generated the message
>>
>> "**Smurf** 0.0.0.0->> 224.0.0.22,0 (from wireless inbound)"
>>


> You might try disabling the firewall in the Belkin and see what happens.


Smurf detection is broken in a lot of cheap firewalls (and on IBM mainframe
"NETSTAT DOS").

I had to turn it off in my SMC router. It might be called Denial of
Service attack, or broadcast, or something like that.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5
Anonymous
a b F Wireless
April 23, 2005 4:01:27 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

On Fri, 22 Apr 2005 22:38:01 +0100, "Tom" <tmillington@aavf.co.uk>
wrote:

>I have had a consultant in at work today setting up our network so that
>staff can connect to our network from their home PCs. Our office network is
>linked to an ADSL BT line through a SonicWall TZ170 firewall and an Alcatel
>router. We installed SonicWall VPN client on my laptop and I managed to
>connect OK from my laptop using a modem dialup (having disconnected all
>network cables first). I got on to the network with no problems.
>Unfortunately, I could not test this my home wireless connection until I got
>home.
>
>Guess what: it doesn't work on my wireless connection.

Does it work when you used a wired CAT5 connection to your Belkin
router instead of wireless?

The Safenet client that Sonicwall supplies includes some rather
verbose logging and diagnostic info. I don't have it loaded on this
machine so I can't point to the exact location to check, but I think
they were called "log viewer" and "connection monitor". They will
tell you at what point your connection is failing.

My guess(tm) is that the consultant wisely limited the IP addresses
that are allowed to connect. Is your ISP's IP address in the
"allowed" IP address pool on the Sonicwall.

The Sonicwall VPN config includes IP address blocks for the remote VPN
and for your local LAN. The LAN side can be a wild card and accept
any IP address block. However, both ends cannot be the same class C
IP block. For example, you cannot use 192.168.1.xxx for the office,
and the same 192.168.1.xxx for your home network. Pick something else
like 192.168.111.xxx.

The Safenet client configuration may be "locked" by the administrator.
if this was done, you cannot change any of your settings. If this is
the case, it's your consultants job to implement any config changes.

The purpose of a VPN is to assign an IP address to your machine that
appears through a tunnel on the same class C IP address block as the
office LAN. When you tested it in the office, there was no need to
assign an address through a tunnel because you were already on the
office LAN. However, when you tried it at home, you now have a tunnel
and a different IP address. Testing it in the office is not even
close to a proper test as the tunnel wasn't tested. I usually hang a
temporary NAT router on the office LAN and assign the LAN side to
something off the wall like 10.0.0.xxx. If the office LAN is running
on 192.168.1.xxx, and if the configuration can give me an IP address
in the 192.168.1.xxx block, then it's working. You can check your
assigned IP addresses with:
Start -> Run -> cmd <enter>
ipconfig
You should have TWO IP addresses. One is the normal NAT IP address
assigned by your Belkin router. The other is the one that is coming
from the VPN. 169.254.xxx.xxx means DHCP has failed.

Anyway, inspect the logging and diagnostics. It should give you a
clue where it's failing. A one line excert doesn't tell me where it
failed.

>At home, using the same laptop, I tried connecting through my Belkin
>wireless ADSL router. It seems to connect to our network OK, as I get
>prompted for a login and password and it tells me it is connected. It then
>tries to allocate me an IP address but times out.

>When I looked in the
>laptop's SonicWall VPN client log, the last entry there is "Failed to renew
>the IP address for the virtual interface. The semaphore timeout period has
>expired".

Well, it might be that the DHCP server on whichever box is playing
DHCP server in the office has found some reason to NOT assign an IP
address to your client. It might be out of IP's, it might have a
restricted IP address pool, it might be failing authentication, etc.
Which box is playing DHCP server?

Incidentally, if you have a very long DHCP lease time, it's possible
that the laptop still thinks it owns the IP address that was assigned
in the office. If it tried to renew it when it connected to the VPN,
it might be expected to fail if the server assigned the IP address to
another client. Try the usual:
ipconfig /release
(wait about 10 seconds)
ipconfig /renew

>I guess from this that it is trying to allocate me an IP address but my
>Belkin unit is blocking it. Could this be the firewall in the Belkin? I
>could be wrong as I am new at this VPN and wireless stuff.

Well, take the wireless out of the picture and try a direct LAN
connection to your Belkin. I don't think it's the Belkin. You can
verify it if you bypass the Belkin and connect your laptop directly to
your DSL or cable modem. However, please be sure that you have a
functional firewall on your laptop before trying this.

>Can anyone advise me what to try?
>
>Regards
>
>Tom
>

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
May 6, 2005 6:18:02 AM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

Tom wrote:
> Hi
> We installed SonicWall VPN client on my laptop and I managed to
> connect OK from my laptop using a modem dialup (having disconnected
all
> network cables first). I got on to the network with no problems.
> Unfortunately, I could not test this my home wireless connection
until I got
> home.
>
> Guess what: it doesn't work on my wireless connection.
>
> At home, using the same laptop, I tried connecting through my Belkin
> wireless ADSL router. It seems to connect to our network OK, as I get

> prompted for a login and password and it tells me it is connected. It
then
> tries to allocate me an IP address but times out. When I looked in
the
> laptop's SonicWall VPN client log, the last entry there is "Failed to
renew
> the IP address for the virtual interface. The semaphore timeout
period has
> expired".
>

Tom,

I have a Sonicwall 3060 and use the VPN client.

In the Sonicwall client you need to set NAT Traversal to disabled. If
you have a Belkin 7632 you may also need to disable the firewall
because the 7632 crashes with VPN clients. The 7633 works fine (I have
both).

Make sure that you aren't using the same range of IP addresses on your
home LAN as your work LAN. They MUST be different, i.e. if your work
LAN is 192.168.1.x with a mask of 255.255.255.0 then set your home LAN
to something different, like 192.168.20.x/255.255.255.0

Hope that helps.

Ed.
Anonymous
a b F Wireless
May 6, 2005 9:23:49 PM

Archived from groups: alt.internet.wireless,microsoft.public.windows.networking.wireless (More info?)

In alt.internet.wireless Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

Hmmm... no response from the original poster in two weeks...

>>Guess what: it doesn't work on my wireless connection.

Did you install the VPN client _after_ the wireless connection? It is
supposed to bind to new network devices, but I found that the Sonicwall
client needed to be reinstalled after I added a new wireless card. My
connection at the time was an SMC wired router, using a Linksys BEFW11S4
only as a WAP.

> The Sonicwall VPN config includes IP address blocks for the remote VPN
> and for your local LAN. The LAN side can be a wild card and accept
> any IP address block. However, both ends cannot be the same class C
> IP block. For example, you cannot use 192.168.1.xxx for the office,
> and the same 192.168.1.xxx for your home network. Pick something else
> like 192.168.111.xxx.

That was a problem for us as well. Our office network was 192.168.0, so
the home network had to be something else. That caught several people who
left their home systems at the default.

> When you tested it in the office, there was no need to assign an address
> through a tunnel because you were already on the office LAN. However,
> when you tried it at home, you now have a tunnel and a different IP
> address. Testing it in the office is not even close to a proper test as
> the tunnel wasn't tested.

I don't agree with that. The VPN client will pick up a new address, and
you will not be able to communicate on the old address, even though an
ipconfig will show both.

I currently connect to a Nortel VPN. I can connect inside the office or
outside. The VPN does work inside, and that is a standard test when
setting up new laptops. You can tell that you are on a VPN and not the
local network because of different security settings.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5
May 23, 2011 10:46:16 PM

We use TZ170. My computer is Windows 7 64-bit with Client 4.2.6.0305.
My VPN connection would work with the ethernet cable plugged in, but not over wifi. I found this forum, but nothing on it helped me to make it work.

I went to the network adapter settings, from the Network and sharing center, and found that I had two wireless adapters. One of them was connected to a wifi network, and the second one was disconnected. I have disabled this second one, and right away, the VPN client started to work.

Hope this can help you!

js
Anonymous
a b F Wireless
October 23, 2012 3:46:09 PM

jeebee said:
We use TZ170. My computer is Windows 7 64-bit with Client 4.2.6.0305.
My VPN connection would work with the ethernet cable plugged in, but not over wifi. I found this forum, but nothing on it helped me to make it work.

I went to the network adapter settings, from the Network and sharing center, and found that I had two wireless adapters. One of them was connected to a wifi network, and the second one was disconnected. I have disabled this second one, and right away, the VPN client started to work.

Hope this can help you!

js



Thank you !

yes Win 7 home Ed.
Control Panel\Network and Internet\Network Connections
I disabled the Microsoft virtual WiFi miniport and Sonicwall Globall vpn client worked as expected :) 

J
!