Cannot Access LAN & Webadmin from SSL VPN

stevenhemelaere · #1 (**permalink**) 06-19-2009, 08:15 AM

I already checked a lot of posts on this subject, but can't seem to find an answer.

First off:

The SSL VPN connection builds up correctly and i get an IP in the SSL VPN Pool (10.242.2.6)

My internal network is set to 192.168.200.0/24 with Astaro on 192.168.200.1

The company network from which i am connecting has a 10.x.x.x network.

You would think this is the problem, however when making a PPTP VPN Connection, i get a correct address (10.242.1.2) and i can just access the WebAdmin

So the company network isn't the problem either.

OK next off:

I can ping 192.168.200.1 when i'm connected with PPTP, but not with SSL VPN, so no problem on the ICMP side.

And the most intriguing:

When doing a ping -t to my Astaro while connecting to SSL VPN, it gets an answer when the VPN is just connected, and about 5 seconds later i get Destination host unreachable...

Oh BTW:

With SSL VPN you do not have an option "use default gateway on remote network", and when manually setting it (rightclick on the network connection->TCP/IP Properties->Advanced, add gateway 192.168.200.1 with metric 1), it still doesn't work.

I don't know, but shouldn't this just work as with PPTP??

stevenhemelaere · #2 (**permalink**) 06-19-2009, 08:21 AM

Extra info:

-> Of course i set SSL VPN in the allowed networks for webadmin
-> The Local networks on my SSL Global tab are set to Internal Network
-> Automatic Packet filter rules on SSL Global tab have been enabled.

And finally, a route print:

Code:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.242.2.5      10.242.2.6       1
      10.132.36.0    255.255.254.0     10.132.37.45    10.132.37.45       10
     10.132.37.45  255.255.255.255        127.0.0.1       127.0.0.1       10
       10.242.2.1  255.255.255.255       10.242.2.5      10.242.2.6       1
       10.242.2.4  255.255.255.252       10.242.2.6      10.242.2.6       30
       10.242.2.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255     10.132.37.45    10.132.37.45       10
   10.255.255.255  255.255.255.255       10.242.2.6      10.242.2.6       30
     78.20.92.128  255.255.255.255      10.132.36.1    10.132.37.45       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.95.0    255.255.255.0     192.168.95.1    192.168.95.1       20
     192.168.95.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.95.255  255.255.255.255     192.168.95.1    192.168.95.1       20
    192.168.187.0    255.255.255.0    192.168.187.1   192.168.187.1       20
    192.168.187.1  255.255.255.255        127.0.0.1       127.0.0.1       20
  192.168.187.255  255.255.255.255    192.168.187.1   192.168.187.1       20
        224.0.0.0        240.0.0.0     10.132.37.45    10.132.37.45       10
        224.0.0.0        240.0.0.0       10.242.2.6      10.242.2.6       30
        224.0.0.0        240.0.0.0     192.168.95.1    192.168.95.1       20
        224.0.0.0        240.0.0.0    192.168.187.1   192.168.187.1       20
  255.255.255.255  255.255.255.255     10.132.37.45               4       1
  255.255.255.255  255.255.255.255     10.132.37.45    10.132.37.45       1
  255.255.255.255  255.255.255.255       10.242.2.6      10.242.2.6       1
  255.255.255.255  255.255.255.255     192.168.95.1    192.168.95.1       1
  255.255.255.255  255.255.255.255    192.168.187.1   192.168.187.1       1
Default Gateway:        10.242.2.5
===========================================================================
Persistent Routes:
  None

stevenhemelaere · #3 (**permalink**) 06-19-2009, 08:54 AM

OK Problem solved.

I just had a hunch to remove all masquerading rules i had except for the standard Internal (Network) -> External (WAN).

Now it works without setting a default gateway.

stevenhemelaere · #4 (**permalink**) 06-19-2009, 02:58 PM

Forget my last post.

Apparently i was lucky then.

Connection is always finished within 10 seconds.

It seems like he just can't keep the connection alive.