[Vpn-help] Feisty 32 bit network browsing

Matthew Linehan mlinehan at ledgible.com
Tue Sep 4 16:51:16 CDT 2007

Charlie: Your screen shot attachment did not come through on this 
e-mail.  Also, The vpn-help list server may reject attachments...

Matt: What Charlie is trying to say, is that he can't browse SAMBA 
shares. i.e. get directory listings from our main Windows file server.
Stuff like smb://servername/sharename does not resolve

I think the problem is even deeper though.  The VPN tunnel comes up, but 
we cannot ping any of the machines on the company side of the tunnel. I 
took a quick peek at the setup, and it appears to be a routing issue to 
me.  For whatever reason, shrew soft is not getting the "remote network 
topology" from our Adtran gateway router, this was true with the 
released windows version as well.  So my ShrewSoft install directions 
instruct our employees to manually:

=========== (quote from the Windows setup directions)===========
Un-Check the *Obtain the remote network topology and route policy 
automatically from the peer gateway* check box, and then click the *Add* 
button, and then enter a static route to the ALI network by setting 
*Entry Type* to *Network*, *Net Address* to **, *Net Mask* 
to **, and then press *OK*. The final "VPN Routing Policy" 
is shown below. Click *Save* to save this VPN configuration.

===========(end quote)===========

Our internal network uses addresses in the 192.168.168.* range.  The 
Adtran gateway router allocates addresses in the 192.168.167.*  range to 
VPN clients.

As far as I can tell, Charlie has ShrewSoft setup correctly, with the 
required manual network topology as directed in my directions.  We can 
successfully start the VPN tunnel, but nothing on the company side is 
accessible.  Pings to known good equipment in the 192.168.168.* range 
time out.

We used the linux route command, to dump the routing table.  I'm no 
expert in linux IP routing, but it does not look right to me.  There 
were no entries in the routing table that would direct packets destined 
for the 192.168.168.* network to the TAP0 interface 
created by the VPN tunnel.  Indeed there were NO lines in the routing 
table that referenced the 192.168.168.* network at all.  I'm fairly 
certain that the incorrect routing table is the source of the problem, 
however I do not know how iked and the ip routing stuff interact with 
each other, so I could be wrong.


charles morrison wrote:
> Matt,
> I am able to connect to my company network but am unable to browse it. 
> I had this working before, under the 64 bit install. Here is a screen 
> shot of the setup and my route table while connected using the VPN 
> tunnel.
> VPN set up screenshot
> Any ideas as to what I should do?
> Charlie Morrison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20070904/7d0de4c9/attachment-0002.html>

More information about the vpn-help mailing list