[vpn-help] VPN Tunnel connection Established, but cannot ssh.

Kevin VPN kvpn at live.com
Wed Jan 23 21:16:10 CST 2013 

On 12/20/2012 06:16 PM, Jinyan Huang wrote:
> The NAT-T is disable default. I used all default setting. I have tried
> to decrease the MTU to a lower value 900. I does not help.
>
> I think there is the internet environment problem. But I do not know
> where it is. Because I used the same computer, at home I can ssh, in
> office, VPN Tunnel connection can be Established, but cannot ssh.
>
> The IT group told me that all out ports have been open. They also do
> not have any idea how to fix it, because they do not know shrew
> software.
>

On 12/19/2012 11:30 AM, Jinyan Huang wrote:> Kevin,
 > It seems I cannot access the DNS server at 10.10.2.16.
 >
 > ping 10.10.2.16
 > PING 10.10.2.16 (10.10.2.16): 56 data bytes
 > Request timeout for icmp_seq 0
 > Request timeout for icmp_seq 1


Hi Jinyan,

When you connect to the VPN from work, can you connect to ANY computer 
at all?

My guess is that the problem is that the VPN configuration is designed 
only for connections from external (the Internet), not from internally 
(in other words, not on the internal network 10.10.x.x/16).  Many VPNs 
only allow access "across" the firewall - you can connect to the VPN 
from the Internet side of the VPN gateway/firewall and access resources 
on the protected side, but it does not like it when you connect to the 
VPN from the protected side and try to access resources on the protected 
side.  You also see this often when people connect to the VPN from the 
Internet and then complain that the VPN won't let them send traffic to 
the Internet.

I expect that at home, you're connecting to the Internet side of the 
firewall/VPN, but at work, you're connecting to the protected side.  The 
VPN for some reason lets you connect at work, but when you actually try 
to send traffic, the firewall drops it because it's exiting the firewall 
through the same interface it came in on.

To be honest, if all you're trying to do is SSH, you probably don't need 
the VPN when you're at work, since SSH traffic is already encrypted.

More information about the vpn-help mailing list