[vpn-help] VPN Tunnel connection Established, but cannot ssh.
Kevin VPN
kvpn at live.com
Wed Jan 23 21:16:10 CST 2013
On 12/20/2012 06:16 PM, Jinyan Huang wrote:
> The NAT-T is disable default. I used all default setting. I have tried
> to decrease the MTU to a lower value 900. I does not help.
>
> I think there is the internet environment problem. But I do not know
> where it is. Because I used the same computer, at home I can ssh, in
> office, VPN Tunnel connection can be Established, but cannot ssh.
>
> The IT group told me that all out ports have been open. They also do
> not have any idea how to fix it, because they do not know shrew
> software.
>
On 12/19/2012 11:30 AM, Jinyan Huang wrote:> Kevin,
> It seems I cannot access the DNS server at 10.10.2.16.
>
> ping 10.10.2.16
> PING 10.10.2.16 (10.10.2.16): 56 data bytes
> Request timeout for icmp_seq 0
> Request timeout for icmp_seq 1
Hi Jinyan,
When you connect to the VPN from work, can you connect to ANY computer
at all?
My guess is that the problem is that the VPN configuration is designed
only for connections from external (the Internet), not from internally
(in other words, not on the internal network 10.10.x.x/16). Many VPNs
only allow access "across" the firewall - you can connect to the VPN
from the Internet side of the VPN gateway/firewall and access resources
on the protected side, but it does not like it when you connect to the
VPN from the protected side and try to access resources on the protected
side. You also see this often when people connect to the VPN from the
Internet and then complain that the VPN won't let them send traffic to
the Internet.
I expect that at home, you're connecting to the Internet side of the
firewall/VPN, but at work, you're connecting to the protected side. The
VPN for some reason lets you connect at work, but when you actually try
to send traffic, the firewall drops it because it's exiting the firewall
through the same interface it came in on.
To be honest, if all you're trying to do is SSH, you probably don't need
the VPN when you're at work, since SSH traffic is already encrypted.
More information about the vpn-help
mailing list