[vpn-help] Connecting via ShrewSoft VPN client means no LAN internet access (Windows 7 64 bit) - any advice please?

Daniel Humphreys dan_humphreys at yahoo.co.uk
Wed Apr 27 07:03:01 CDT 2011


Hi all,

I have a Windows 7 64 bit desktop machine which is connected to a LAN.

I recently installed ShrewSoft VPN client v 2.1.7 on my machine so 
that I can connect to a license server hosted by my customer.  They are 
running a Cisco VPN server and I originally tried (unsuccessfully!) to 
use the Cisco VPN client for Windows 64 bit but the default gateway 
wasn't being configured correctly after loading in my pcf file.  Using 
ShrewSoft I am able to import the same pcf file, and successfully 
connect to the machine I need to using the VPN client software.  The 
client machine I need to connect to has IP address 1.52.90.33.

The problem is that when I am connected to the customer network using the VPN client application (and after a few minutes) I lose my internet and LAN connection.  I can only presume that this is because, by 
default the ShrewSoft VPN client application automatically tunnels all 
traffic through the VPN connection.  I know there is an option to switch off the "Tunnel All" option on the Policy tab of the application and 
enter a Remote Network Resource (to "Include" or "Exclude") as "Address" and "Netmask" IP addresses however I am not sure what I need to enter 
here.

Here is my ipconfig output before connecting to the VPN (with suffixes blanked out):
Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : ***.***
Link-local IPv6 Address . . . . . : fe80::8de3:9dbe:393a:33ba%11
IPv4 Address. . . . . . . . . . . : 150.237.13.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 150.237.13.1

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix  . : ***.***
IPv6 Address. . . . . . . . . . . : 2002:96ed:d11::96ed:d11
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix  . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cf9:38c4:6912:f2ee
Link-local IPv6 Address . . . . . : fe80::2cf9:38c4:6912:f2ee%12
Default Gateway . . . . . . . . . :

Tunnel adapter isatap.***.***:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . : ***.***

Here is my route print output before connecting to the VPN:
===========================================================================
Interface List
11...20 cf 30 9d ec 2a ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethern
et NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
0.0.0.0          0.0.0.0     150.237.13.1    150.237.13.17      2
127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
150.237.13.0    255.255.255.0         On-link     150.237.13.17    257
150.237.13.17  255.255.255.255         On-link     150.237.13.17    257
150.237.13.255  255.255.255.255         On-link     150.237.13.17    257
224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
224.0.0.0        240.0.0.0         On-link     150.237.13.17    257
255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
255.255.255.255  255.255.255.255         On-link     150.237.13.17    257
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
14   1140 ::/0                     2002:c058:6301::c058:6301
1    306 ::1/128                  On-link
12     58 2001::/32                On-link
12    306 2001:0:4137:9e76:2cf9:38c4:6912:f2ee/128
On-link
14   1040 2002::/16                On-link
14    296 2002:96ed:d11::96ed:d11/128
On-link
11    286 fe80::/64                On-link
12    306 fe80::/64                On-link
12    306 fe80::2cf9:38c4:6912:f2ee/128
On-link
11    286 fe80::8de3:9dbe:393a:33ba/128
On-link
1    306 ff00::/8                 On-link
12    306 ff00::/8                 On-link
11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None

Here is my ipconfig output after connecting to the VPN (with suffixes blanked out):
Windows IP Configuration


Ethernet adapter Local Area Connection* 18:

Connection-specific DNS Suffix  . : cpuk.local
Link-local IPv6 Address . . . . . : fe80::b862:8a04:2a87:8cb8%26
IPv4 Address. . . . . . . . . . . : 192.168.128.92
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 0.0.0.0

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : ***.***
Link-local IPv6 Address . . . . . : fe80::8de3:9dbe:393a:33ba%11
IPv4 Address. . . . . . . . . . . : 150.237.13.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 150.237.13.1

Tunnel adapter isatap.cpuk.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . :

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix  . : ***.***
IPv6 Address. . . . . . . . . . . : 2002:96ed:d11::96ed:d11
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix  . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2849:2e70:3f57:7fa3
Link-local IPv6 Address . . . . . : fe80::2849:2e70:3f57:7fa3%12
Default Gateway . . . . . . . . . :

Tunnel adapter isatap.***.***:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix  . : ***.***

Here is my route print output after connecting to the VPN:
===========================================================================
Interface List
26...aa aa aa ac bf 00 ......Shrew Soft Virtual Adapter
11...20 cf 30 9d ec 2a ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethern
et NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
0.0.0.0          0.0.0.0     150.237.13.1    150.237.13.17    102
0.0.0.0          0.0.0.0         On-link    192.168.128.92     31
127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
150.237.13.0    255.255.255.0         On-link     150.237.13.17    257
150.237.13.1  255.255.255.255         On-link     150.237.13.17      2
150.237.13.17  255.255.255.255         On-link     150.237.13.17    257
150.237.13.255  255.255.255.255         On-link     150.237.13.17    257
192.168.128.0    255.255.254.0         On-link    192.168.128.92    286
192.168.128.92  255.255.255.255         On-link    192.168.128.92    286
192.168.129.255  255.255.255.255         On-link    192.168.128.92    286
213.249.130.194  255.255.255.255     150.237.13.1    150.237.13.17      2
224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
224.0.0.0        240.0.0.0         On-link     150.237.13.17    257
224.0.0.0        240.0.0.0         On-link    192.168.128.92    286
255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
255.255.255.255  255.255.255.255         On-link     150.237.13.17    257
255.255.255.255  255.255.255.255         On-link    192.168.128.92    286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
14   1140 ::/0                     2002:c058:6301::c058:6301
1    306 ::1/128                  On-link
12     58 2001::/32                On-link
12    306 2001:0:5ef5:79fd:2849:2e70:3f57:7fa3/128
On-link
14   1040 2002::/16                On-link
14    296 2002:96ed:d11::96ed:d11/128
On-link
11    286 fe80::/64                On-link
26    286 fe80::/64                On-link
12    306 fe80::/64                On-link
12    306 fe80::2849:2e70:3f57:7fa3/128
On-link
11    286 fe80::8de3:9dbe:393a:33ba/128
On-link
26    286 fe80::b862:8a04:2a87:8cb8/128
On-link
1    306 ff00::/8                 On-link
12    306 ff00::/8                 On-link
11    286 ff00::/8                 On-link
26    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None

Is the problem because I have a second default network destination 
0.0.0.0?  What do I need to do to limit the VPN traffic to accessing 
machine 1.52.90.33 on my customers network?

Many thanks and hope to hear from someone soon!

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20110427/120a74ff/attachment.html>


More information about the vpn-help mailing list