Need help configuring VPN - problems accessing the networks

Hi everyone, hope someone can help me out here.
I'm administering the network for our small company. We basically have two sets of machines - public ones with fixed net addresses (mail, web, dns servers, etc), and private ones behind a wireless router/nat.
Our main need here is to be able to VPN in to the public side, in particular, the mailserver, so that we can get around all the stupid things that get done to SMTP when we connect at the BedBug Inn ("Free wifi, administered by gibbons").
Secondarily, it would be nice to be able to connect to and browse some of the internal machines.
So here is what I did:
* Installed 10.4.10 Server on a machine with two ethernet interfaces, one that has a public IP address, the other connects into the private network. When I'm actually at that machine, things work fine - I can browse the private network shares, connect to the net, etc.
* Configured VPN. I have no problems getting a VPN connection, both sides are happy. The VPN assigns incoming clients IP addresses in the private network IP range, but outside those assigned by the wireless router's NAT.
* Added 192.168.2.1/255 (the private network) and 12.17.29.193/224 (the public network) to the Network Routing Definition box under VPN/Settings/Client Information.
However, here's where it all falls down. Once the VPN is established, I can't connect to any of the public machines, and the only private-side device that seems to respond is the Wireless/NAT box (A Belkin N1). So the only thing I can do is administer the Belkin remotely, which, while nice, is not exactly what I had in mind.
Doing a traceroute while VPN is active to my mailserver shows the first hop direct to the VPN machine, then off into * * * heaven (though I have no idea if traceroute works over VPN!).
One curious note: when I change the order of the Network Routing Definitions so that the public network comes first, and the private one second, I can't contact the Belkin box.
Any advice, oh wise and powerful masters of technology?
Various, but the server is running on a G4   Mac OS X (10.4.10)  

I said:
"let's assume I VPN to the wireless box"
You replied:
"That's not correct as it is not the device running the VPN endpoint - in this case. "
But wouldn't I have to (on the VPN client) specify the public IP of the wireless box in order connect (because the packets are forwarded) to the actual OS X box running the VPN? Otherwise, it can't see it.
Part of the problem I have is that I can't dedicate a whole machine to VPN. The OS X machine running VPN is also running DNS, and will eventually run our mailserver and perhaps FTP, web, etc, as I slowly migrate stuff to it.
So this machine has to have a public IP address. It cannot be hidden behind the wireless NAT. And it seems to me that this is the crux of the problem. What I think you are telling me is that if the VPN machine was entirely hidden behind the wireless NAT, and had no direct public (WAN) interface, then since all the packets destined for the outside world (including my public servers)would have to go through the NAT, and all would be OK.
If so, then it seems to me that the best solution is to use something like OpenVPN on another OS X (not OS X Server, since I only have one of those) machine in the private network. Since the incoming VPN traffic will be Mac only, it shouldn't be an issue, L2TP-only is fine.
"Otherwise you have to run NAT and the firewall in the VPN server too and use private IPs for VPN clients - or use "only" it (remove the other NAT box and put it on the LAN only). Using only one device for NAT/gw means less configuration."
It is entirely unclear to me, in my setup, what effect turning on NAT on the VPN box (or perhaps, just IP forwarding) would have -- and if I do turn on NAT, would I still have the VPN assign IP's to clients in the internal private network's range, or would I use a different range (ie: private is 192.168.237.xxx, VPN assigns 192.168.239.xxx) and expect the NAT to handle the conversion?
I'm a bit leery of just trying it and seeing what happens because it if mucks things up so badly that the server becomes unreachable (via server admin), I'll have to schlep down to the office to fix it.
"Other things to consider is "bottlenecks" between your LAN and WAN."
Not a real issue. We have a small office, and a relatively small pipe to the internet. Most of the traffic from that pipe is from the public machines anyway. The traffic that goes through the wireless router is basically websurfing and hitting the mailserver.
I could, of course, use the VPN OS X machine as the NAT/DHCP server, and hang the wireless router off the internal network as a simple access point. But would that resolve all the VPN issues?
Once again, thanks for your helpful and prompt replies.

Similar Messages

  • Need Help...Problem accessing a website that I can get on the Itouch???

    My database is a hosted app so I need to log into it via the web...I can log in with my touch with no problem...With the Iphone 3G I can't log in...Does anyone have any idea as to why?

    If you are in the NYC area, ATT has a server problem. I have the same problem. I've called ATT several times, but they don't have an estimated time it will be fixed.

  • Need help configuring VPN on RV120W Router (WiTopia VPN)

    Hello Cisco Community,
    I need some help configuring a VPN from WiTopia on my RV120W router. I am trying to make it so that if any device connects to the router it can automatically connect to the VPN from WiTopia.
    Please note that the VPN plan includes PPTP, L2TP, & IPSEC VPN types.
     Is this possible? And if so, how?
    Thanks in advance!

    Hello,
    If WiTopia is providing only client to gateway VPN, where WiTopia is the gateway allowing connections to clients, than you will not be able to configure RV120 to connect to it. RV120 in its VPN configurations cannot be configured to be a client. 
    The only tunnel where can play the role of the connecting part is IPSec gateway to gateway, when in the IKE policy the Direction type is Initiator and the Exchange mode is Aggressive. And you will need to receive all additional configuration parameters from WiTopia -the Encryption, Authentication Algorithm, PFS, SA lifetime and so on. But this means that WiTopia have to provide gateway to gateway VPN connection.
    Regards,
    Kremena

  • Need Help with error message on the Network Systems Preferences, Please

    In Systems Preference, > Network, I get the error message "Your network settings been changed by another application," with an active OK button. However, when I click the OK button, it persists and does not allow me to access the screen. The only way to end this is to force quit Systems Preferences.
    Do you have any idea what is causing this freeze? I have a TimeWarner Internet connection (which I want to change to Verizon as soon as I resolve this). For a while I had Earthlink DSL which didn't work well at all. Could it be something with the not-used Earthlink or the current TimeWarner?
    Any ideas about the cause and, more importantly, the solution?
    Thanks,
    Jeanie

    My computers have not been networked, intentionally. I like having them autonomous. So I have a separate Internet connection for each. And maybe that's what I need to maintain.
    In the house is a Mac Mini and the house phone with new Verizon modem. In the separate office, I have my G5 tower, which is really my main computer.
    Was just on phone with Verizon Tech who did say that they do not support Mac. They made a decision not to because there are fewer of us. However, I can purchase a premium support which appears to cover such support.
    I've not seen the Verizon commercials, but I expect that they are filled with hype. The one I laugh at the most on the FIOS cable video is that they call their cable user interface "intuitive."

  • I am currently having problems accessing a network connection.  I have reset my IPAD network connections and am still having a problem.  I know that it is not my network because I can access the internet on my laptop computer.

    I am having problems opening any email or apps on my IPAD 2.  It says there is no network connection but I don't have any problems accessing the internet on my laptop.

    In any event, if your OS X version is 10.7.x, download and install AirPort Utility 5.6 for Lion:
    Lion: AirPort Utility 5.6.
    If your OS X version is 10.5.x or 10.6.x, download and install AirPort Utility 5.5.3:
    Leopard, Snow Leopard: AirPort Utility 5.5.3.
    After you install the appropriate version of AirPort Utility, open it. The program will be located in your Utilities folder, which in turn is found in your Applications folder.
    To open the Utilities folder, go to the Finder and select "Utilities" from the Go menu:
    AirPort Utility 5.6 looks like this:
    ... but make sure you use the version of AirPort Utility you just downloaded.
    Launch AirPort Utility and select your Time Capsule. Click Manual Setup, then the Guest Menu tab, then you can elect to disable the guest network, or to establish whatever security settings you want.
    The window looks somewhat like this:
    If your version of AirPort Utility does not look anything like that, you are probably not using the one you just downloaded. Find it and start over.
    When you are finished configuring your Time Capsule, click Update and allow the Time Capsule to restart.

  • Exchange setup error: "There was a problem accessing the registry on this computer"

     Hi,
    i am trying to install Exchange 2007 SP1 in a Windows 2003 Server standard 32 bits version.
    During the "Readiness checks" i received the next error in "Hub transport role prerequisites":
    Error:
    There was a problem accessing the registry on this computer. This may happen if the Remote Registry service is not running; it may also indicate a network problem.
    Remote Registry service is running. I've searched for the error in google and in some topics appears that the error is due to the "Client for Microsoft Networks" and "File and Printer Sharing" is not installed in the LAN properties. The server has 2 network cards and in both of them is checked. One of the connections is disabled.
    I dont know what more to do, any help will be appreciated.
    Thanks

    No, firewall is disabled.
    Setup Logs says:
    10:50:04.890: Starting Collecting Data phase.
    10:50:04.921: No mapping between account names and security IDs was done
    10:50:04.984: Error (Unexpected error [0x674CBB7E] while executing command '[Microsoft.Win32.RegistryKey]:penRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, [System.Net.Dns]::GetHostEntry([System.Net.Dns]::GetHostName()).HostName)'.) trying to process object [Microsoft.Win32.RegistryKey]:penRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, [System.Net.Dns]::GetHostEntry([System.Net.Dns]::GetHostName()).HostName), skipping object.
    10:50:06.093: Completed Collecting Data phase.
    10:50:06.125: Error (Rule name 'PreReq_fPassiveUninstallNoCMSPresentKey' referenced by rule 'PreReq_fPassiveUninstallNoCMSPresent' in input file is not defined) in format of rules in configuration file.
    10:50:06.171: Starting Postprocessing Rules phase.
    10:50:06.187: Completed Postprocessing Rules phase.
    Thanks for your help!

  • [ETL]Could you please help with a problem accessing UML stereotype attributes ?

    Hi all,
    Could you please help with a problem accessing UML stereotype attributes and their values ?
    Here is the description :
    -I created a UML model with Papyrus tool and I applied MARTE profile to this UML model.
    -Then, I applied <<PaStep>> stereotype to an AcceptEventAction ( which is one of the element that I created in this model ), and set the extOpDemand property of the stereotype to 2.7 with Papyrus.
    -Now In the ETL file, I can find the stereotype property of extOpDemand as follows :
    s.attribute.selectOne(a|a.name="extOpDemand") , where s is a variable of type Stereotype.
    -However I can't access the value 2.7 of the extOpDemand attribute of the <<PaStep>> Stereotype. How do I do that ?
    Please help
    Thank you

    Hi Dimitris,
    Thank you , a minimal example is provided now.
    Version of the Epsilon that I am using is : ( Epsilon Core 1.2.0.201408251031 org.eclipse.epsilon.core.feature.feature.group Eclipse.org)
    Instructions for reproducing the problem :
    1-Run the uml2etl.etl transformation with the supplied launch configuration.
    2-Open lqn.model.
    There are two folders inside MinimalExample folder, the one which is called MinimalExample has 4 files, model.uml , lqn.model, uml2lqn.etl and MinimalExampleTransformation.launch.
    The other folder which is LQN has four files. (.project),LQN.emf,LQN.ecore and untitled.model which is an example model conforming to the LQN metamodel to see how the model looks like.
    Thank you
    Mana

  • I cant connect with my imessage and facetime in my iphone; i already upload de i os 7.02 but the message still have it; it said that they have problem with the network; i reset the network and doesnt work

    I cant connect with my imessage and facetime in my iphone; i already upload de i os 7.02 but the message still have it; it said that they have problem with the network; i reset the network and doesnt work

    Hello, Toro Silva. 
    Thank you for visiting Apple Support Communities.
    The steps in the section labeled Unable to activate FaceTime or iMessage with phone number and Apple ID after waiting 24 hours (iPhone only) of the article below, should help resolve the issue.  Make sure to create a current backup prior to processing these steps.
    iOS: Troubleshooting FaceTime and iMessage activation
    http://support.apple.com/kb/ts4268
    Cheers,
    Jason H

  • NO LONGER ABLE TO UPLOAD "NO CONFIGURED COMPUTER FOUND ON THE NETWORK" ????

    I am stumped because I have uploaded pictures for a long time with no trouble to my computer and it doesn't matter what program software I use whether its Picasa or I photo or any other I assume, I get this message:
    "no configured computer found on the network"
    and if I use and flash drive it says:
    "device selected is not active."
    No matter what method I use on my MAC Tiger and no matter what program whether its Picasa or Iphoto and where i try to load them from whether its a camera or a card reader or through the slot on my printer, i keep getting the message "no configured computer found on the network" and if I use and flash drive it says device selected is not active.
    I don't get it. I've uploaded pictures all kinds of times to my computer without this trouble. Where do i need to look, I assume at the computer because it doesn't matter which method I use to load them the computer doesn't work.
    software, computer, hardware, what????

    I'm sorry, I apologize, I left a follow-up here when I realized it was DUH not connected with my cable? Like what an idiot. I don't have enough ports and so I had unplugged it.
    I know I left a followup but maybe it wasn't saved. Again, sorry. Thanks for your response.

  • Unable to access the network

    Ok, I've had this problem for quite a while now
    There's this 1 site that I cannot access on my computer it says "Unable to access the network Google Chrome is having trouble accessing the network." However I can access the site on my laptop, I don't see how I can fix the problem!?

    Bradley750 wrote:
    Ok, I've had this problem for quite a while now
    There's this 1 site that I cannot access on my computer it says "Unable to access the network Google Chrome is having trouble accessing the network." However I can access the site on my laptop, I don't see how I can fix the problem!?
    Hi. Welcome to the forums.
    Can you give a little more information, mainly the site you're havging problems with.
    Have you tried a different browser ? What OS ?
    There are a wide variety of reasons, security products interferring, hosts file problems, browser issues etc.
    http://www.andyweb.co.uk/shortcuts
    http://www.andyweb.co.uk/pictures

  • Need help with daq problem

    Hi,
    I need to generate a clock with a period of 20 micro seconds, duty cycle of
    approx 20% and a data line as well as an address line all linked to the clock
    pulse.
    I have tried many different solutions, all using the Daq PCI-1200 but nothing
    seems to work correctly. Usually the system bombs and I have to do a manual
    reset to over come the problem.
    Any suggestions?
    Ken

    Hallo, Ken,
    Du meintest am 20.02.00 zum Thema Need help with daq problem:
    > I need to generate a clock with a period of 20 micro seconds, duty
    > cycle of approx 20% and a data line as well as an address line all
    > linked to the clock pulse.
    You'll need an external clock, expecially under Windows.
    Windows ticks with appr. 18 Hz, and the CPU tick isn't always available
    when Windows tasks multi.
    Viele Gruesse!
    Helmut

  • I need help! I cannot access my iTunes from my window's. I keep getting message "error 7" and also MSVCR80.dll missing. I do not know how to access this?

    I need help! I cannot access my iTunes from my window's. I keep getting message "error 7" and also MSVCR80.dll missing. I do not know how to access this?
    I tried downloading the latest version of iTunes, but it does not sync to my windos 7 HP because of the previous messages. Any feedback would be greatly appreciated.
    Thank you,
    ElsaV73

    Hope this article helps you:
    http://support.apple.com/kb/TS5376
    Pleas reply with any further questions.

  • The problem with the network card.

    The problem with the network card.
    My laptop HP Pavilion dv7-1260ew network connection breaks .
    NIC is to blame .
    On that card could replace the old Intel 5100 to work with the network as a standard N.

    Pawełek wrote:
    The problem with the network card.
    My laptop HP Pavilion dv7-1260ew network connection breaks .
    NIC is to blame .
    On that card could replace the old Intel 5100 to work with the network as a standard N.
    This confusing which one are you asking about?
    I am a Volunteer to help others on here-not a HP employee.
    Replies aren't online 24/7 because of Time Zone differences.
    Remember in this Day and Age of Computing the Internet is Knowledge at your fingertips if you choose understand it. -2015-

  • I need to know how to access the book pod in robohelp 8/

    i need to know how to access the book pod in robohelp 8/

    Hi there
    Actually, by my count there are at least five ways to coax books into the TOC
    From the menu, Click File > New > Book.
    Type the keyboard shortcut of Ctrl+Shift+B.
    Right-click the pod and choose New > Book.
    Click the New Book icon in the pod toolbar.
    If you have organized your project using folders, you may automatically create a TOC based on the file structure and each folder becomes a book. There are also multiple ways to automatically create the TOC. One is by right-clicking the TOC pod. Another is by clicking an icon in the pod toolbar and another is by clicking the Tools menu.
    Cheers... Rick
    Helpful and Handy Links
    RoboHelp Wish Form/Bug Reporting Form
    Begin learning RoboHelp HTML 7 or 8 within the day - $24.95!
    Adobe Certified RoboHelp HTML Training
    SorcerStone Blog
    RoboHelp eBooks

  • Need help with getResource() problem under weblogic 6.1

    Hey all,
              I've got a serious problem that I can't figure out. This should be really
              simple - but it's alluding me. I have an ear file with a number of servlets
              inside it. This ear file also contains a resource that my servlets want to
              read from. This resource is located (within the ear file) at:
              "/content/structure/a.txt". The file contains raw ascii.
              To have my serlvet read from this file, I thought it would be as simple as:
              URL content =
              servlet.getServletContext().getResource("/content/structure/a.txt");
              // pw is an instance of PrintWriter
              pw.print(content.getContent());
              However, when I execute the above I get the following exception:
              java.lang.NullPointerException
              at
              java.net.URLConnection.stripOffParameters(URLConnection.java:1011)
              at java.net.URLConnection.getContentHandler(URLConnection.java:979)
              at java.net.URLConnection.getContent(URLConnection.java:581)
              OK, so fine - I figure that I'm new to this. The documentation for the URL
              class tells me there is another way around this. It says that rather then
              calling getContent() directly, I can open a stream on the URL and read from
              that, like so:
              URL content =
              servlet.getServletContext().getResource("/content/structure/scenario2resourc
              es.txt");
              FileInputStream fis = content.openStream();
              but when I do this I get the following different exception:
              java.lang.ClassCastException: weblogic.utils.zip.SafeZipFileInputStream^M
              at Utility.writeFileToOutput(Utility.java:134)^M
              Apparently this thing is trying to return a web-logic-specific stream (which
              is incompatible with an FileInputStream) - which I don't want to use or
              learn about since I want my stuff to work under other webservers.
              Can anyone tell me what I'm doing wrong? This should be simple.
              -john
              John Hilgedick
              WisdomTools, Inc.
              [email protected]
              

    Wenjin,
              I appreciate your response. I tried treating it as a normal InputStream -
              but it didn't make any difference. Here's what I did:
              URL content =
              servlet.getServletContext().getResource("/content/structure/scenario2resourc
              es.txt");
              InputStream is = (InputStream)content.getContent();
              And here's the exception:
              java.lang.NullPointerException^M
              at
              java.net.URLConnection.stripOffParameters(URLConnection.java:1011)^M
              at
              java.net.URLConnection.getContentHandler(URLConnection.java:979)^M
              at java.net.URLConnection.getContent(URLConnection.java:554)^M
              at java.net.URL.getContent(URL.java:807)^M
              at Utility.writeFileToOutput(Utility.java:134)^M
              You can see that it is definitely breaking somewhere in getContent().
              If you have any other ideas, I'd appreciate hearing about them.
              -john
              ----- Original Message -----
              From: "Wenjin Zhang" <[email protected]>
              Newsgroups: weblogic.developer.interest.servlet
              Sent: Wednesday, November 20, 2002 5:03 PM
              Subject: Re: Need help with getResource() problem under weblogic 6.1
              >
              > The "/" in getServletContext().getResource("/content/structure/a.txt")
              means the
              > web (WAR) application root, not your EAR root.
              >
              > The ClassCastException is because that content.openStream() is not
              FileInputStream
              > and has nothing to do with Weblogic. You should treat it as normal
              InputStream.
              >
              >
              > "John Hilgedick" <[email protected]> wrote:
              > >Hey all,
              > >
              > >I've got a serious problem that I can't figure out. This should be
              really
              > >simple - but it's alluding me. I have an ear file with a number of
              servlets
              > >inside it. This ear file also contains a resource that my servlets want
              > >to
              > >read from. This resource is located (within the ear file) at:
              > >"/content/structure/a.txt". The file contains raw ascii.
              > >
              > >To have my serlvet read from this file, I thought it would be as simple
              > >as:
              > >
              > >URL content =
              > >servlet.getServletContext().getResource("/content/structure/a.txt");
              > >// pw is an instance of PrintWriter
              > >pw.print(content.getContent());
              > >
              > >However, when I execute the above I get the following exception:
              > >
              > >java.lang.NullPointerException
              > > at
              > >java.net.URLConnection.stripOffParameters(URLConnection.java:1011)
              > > at
              java.net.URLConnection.getContentHandler(URLConnection.java:979)
              > > at java.net.URLConnection.getContent(URLConnection.java:581)
              > >
              > >OK, so fine - I figure that I'm new to this. The documentation for the
              > >URL
              > >class tells me there is another way around this. It says that rather
              > >then
              > >calling getContent() directly, I can open a stream on the URL and read
              > >from
              > >that, like so:
              > >
              > >URL content =
              >
              >servlet.getServletContext().getResource("/content/structure/scenario2resour
              c
              > >es.txt");
              > >FileInputStream fis = content.openStream();
              > >
              > >but when I do this I get the following different exception:
              > >
              > >java.lang.ClassCastException: weblogic.utils.zip.SafeZipFileInputStream^M
              > > at Utility.writeFileToOutput(Utility.java:134)^M
              > >
              > >Apparently this thing is trying to return a web-logic-specific stream
              > >(which
              > >is incompatible with an FileInputStream) - which I don't want to use
              > >or
              > >learn about since I want my stuff to work under other webservers.
              > >
              > >Can anyone tell me what I'm doing wrong? This should be simple.
              > >
              > >-john
              > >
              > >
              > >--
              > >John Hilgedick
              > >WisdomTools, Inc.
              > >[email protected]
              > >
              > >
              >
              

Maybe you are looking for

  • Java Sound API - Threads

    Hi, I have a bit of a problem with my program. I have a class that runs my GUI for the application that I am developing. One of the features of the GUI is that when you hit the "Speak" button a recording is made of the speech input from a mic connect

  • What do I need for my MAC PRO to connect to my wirelessrouter in my home

    I have a Mac Pro 3.1 that i got from my old job. I now want to use it for my main computer and internet access. I have a PC that has my main modem and router in another part of house. I want to use the MAC Pro for my other computer - but connect to r

  • How do I change the font in my project?

    Is there a way to remap all instances of a font in After Effects? Just like in Flash when my machine can't find the version of the font it needs, I have the option to remap that font to a different typeface, instead of having to go through every laye

  • Bill of Lading & Letter of Credit form names

    Hi Everyone,            Can you give the SAP standard form names for Bill of Lading and Letter of Credit? Regards, Sugopa

  • Show document´s attachments using content presenter

                DataBinder binder = idcClient.createBinder();             binder.putLocal("IdcService", "DOC_INFO");             binder.putLocal("dID", "xxxxx");             binder.putLocal("dDocName", "XXXXXXX");             ServiceResponse response =