VPN + US based MS Exchange server
Discussion
BT just upgraded my line to 8Mbps and I'm using a VPN to enable access to a remote MS Exchange Server in US using a NetGear DG834G router. Works fine but if I open a browser it dives through the VPN and surfaces in US so my IP address looks like I'm in US! Can't view e.g. BBC streaming video and if I try I get a message that the content is not available outside of UK, even though I'm sitting in bl**dy Surrey. Also my browser speed when the VPN is open is lousy. I can of course get these streams and a proper stellar speed browsing by disconnecting the VPN but that's very inconvenient since I'm using MS Outlook real time connected to the remote server.
I've taken a search through past posts on the VPN topic and tried the fix of changing the VPN properties for TCP/IP by unchecking the Default Gateway option in Advanced settings. This enables me to browse nicely alongside the VPN but unchecking this box screws the communication with the Exchange Server so my Outlook locks up.
Anyone got any creative ideas?
I've taken a search through past posts on the VPN topic and tried the fix of changing the VPN properties for TCP/IP by unchecking the Default Gateway option in Advanced settings. This enables me to browse nicely alongside the VPN but unchecking this box screws the communication with the Exchange Server so my Outlook locks up.
Anyone got any creative ideas?
Thanks for your comments - as the only 'remote' worker for this US company I sure wish I had the knowledge you guys have. I'm not an IT specialist but from time to time I've had to learn enough to understand and resolve issues that enable me to be fully integrated with mothership communications.
I'm using a VPN set up using the XP facility, not the router; and I'm using Outlook 2003.
If I continue to use this VPN set up how do I define the default gateway for the protected network is through the VPN, so other requests go through a local gateway? I presume that's 'split-tunneling'? Is the definition of local subnets that are internal to the LAN a simple process? Is there a webpage that explains how to do this?
I'm using a VPN set up using the XP facility, not the router; and I'm using Outlook 2003.
If I continue to use this VPN set up how do I define the default gateway for the protected network is through the VPN, so other requests go through a local gateway? I presume that's 'split-tunneling'? Is the definition of local subnets that are internal to the LAN a simple process? Is there a webpage that explains how to do this?
_deejay_ said:
hut49 said:
Guess I opened a can of worms - shame none of them speak my language!!
So if I look at Outlook connection status I see the it's connecting to the correct Server at HQ; Type = directory; interface = WAN (PPP/SLIP); connection = TCP/IP
So if I look at Outlook connection status I see the it's connecting to the correct Server at HQ; Type = directory; interface = WAN (PPP/SLIP); connection = TCP/IP
OK. What we therefore need to know is the IP address of your exchange server.
From that we should be able to make an educated guess at how to fix it.
If you know what the server is called then you can 'ping' it from your machine once VPN'd in, and it'll tell you.
Darren.
OK, so I pinged the server and now I know the IP address. What's next?
_deejay_ said:
hut49 said:
_deejay_ said:
hut49 said:
Guess I opened a can of worms - shame none of them speak my language!!
So if I look at Outlook connection status I see the it's connecting to the correct Server at HQ; Type = directory; interface = WAN (PPP/SLIP); connection = TCP/IP
So if I look at Outlook connection status I see the it's connecting to the correct Server at HQ; Type = directory; interface = WAN (PPP/SLIP); connection = TCP/IP
OK. What we therefore need to know is the IP address of your exchange server.
From that we should be able to make an educated guess at how to fix it.
If you know what the server is called then you can 'ping' it from your machine once VPN'd in, and it'll tell you.
Darren.
OK, so I pinged the server and now I know the IP address. What's next?
OK, so we need to work out what network that machine is on. If you could post or mail me the first two octet's (i.e. the numbers before the first dot and the second dot) of that IP address, and also do the same for your IP address when you're at home then we should be able to work out some routes.
oh, and to get your own IP address, run ipconfig /all from a command line.
Darren.
Edited by _deejay_ on Sunday 2nd July 10:51
So here's the IP info and some other pieces in case this is helpful:
IP address for my wireless network connection is 10.0.X.X
Subnet mask 255.255.X.X
DGW 10.0.X.X
IP address PPP Adapter VPN is 192.168.X.X
Subnet mask 255.255.X.X
DGW 192.168.X.X
I had no idea what I'd started when I posted the original question! Thanks for using this opportunity as a case study for your various consulting businesses. Hope y'all managed to get some sunshine over the weekend as well
_DeeJay_ said:
hut49 said:
The Exchange server IP is 192.168.X.X
OK, that should be enough information. Just out of interest, did the first x in yourIP address PPP Adapter VPN IP address match the first X of the Exchange server IP address?
thanks,
Darren.
Edited by _DeeJay_ on Monday 3rd July 09:09
No, they are different.
_DeeJay_ said:
BliarOut said:
route ADD 192.16.0.0 MASK 255.255.0.0 10.0.x.x (that will be the IP address of the DefGW that you get with your VPN established and the use DefGW tickbox ticked)
When you're happy, run that command with a -p to make the route permanent.
Job done. Basically any of the internal US networks are within the 192.168 range, so just dump any 192.168 traffic over the VPN and let the rest head for the internet.
When you're happy, run that command with a -p to make the route permanent.
Job done. Basically any of the internal US networks are within the 192.168 range, so just dump any 192.168 traffic over the VPN and let the rest head for the internet.
Damned consultants. Try again
it's 192.168, and the default gateway needs to be the default gateway of the VPN NIC
D
edited to add: the command is actually 'route add 192.168.0.0 mask 255.255.0.0 <gateway on vpn adapter>'.
To obtain the gateway IP address, VPN into the system with the 'use remote gateway checked' then run 'route print' from a command line
It'll display a table. On the line which starts 0.0.0.0, you'll see the address under the gateway field. It should start 192.168.x.x not 10.x.x.x
Once you've done that and added the route command, you'll be able to uncheck the gateway setting and try again.
Darren.
Edited by _DeeJay_ on Monday 3rd July 09:40
I ran the route print cmd and got the table. So, before venturing into the darkness and doing something my IT dept might regard as grounds for disconnection of all services, can I check that the following is the correct entry for the cmd line
route ADD 192.168.0.0 MASK 255.255.0.0 192.168.X.X
where the last IP address in that entry is that for the PPP Adapter VPN that I got from the table?
Having entered that cmd I can then go and uncheck the use default gateway box in the TCP/IP settings for the VPN
Do I need to add the -p at the end of this cmd? or should I try it first without the -p and if it works then repeat the cmd with the -p to make it permanent?
I made that entry on the cmd line and then unchecked the default gateway box on the VPN - message that this would not become effective until the next dial in - so I closed the VPN connection and re-dialed it. VPN restablished, browser goes direct rather than through VPN but Outlook not able to handshake with the Exchange server. Back to square one....
_DeeJay_ said:
hut49 said:
I made that entry on the cmd line and then unchecked the default gateway box on the VPN - message that this would not become effective until the next dial in - so I closed the VPN connection and re-dialed it. VPN restablished, browser goes direct rather than through VPN but Outlook not able to handshake with the Exchange server. Back to square one....
Ok, that's fine. Lets work out what's going wrong.
Once you've VPN'd can you still ping the exchange server?
Darren
No - the request times out
BliarOut said:
Nah, it'll work, it's just a bit tricky with all the X.X's
It's not a security risk to publish the exact IP addresses as 192.168.x.x and 10.x.x.x are all in the unassigned IP ranges and if we have the numbers it will make helping you easier.
Can you post the IP address of the Exchange server and copy the full output of a route print command up here. (You can hide any 'real' IP addresses if you're concerned)
Also, if you type tracert 192.168.x.x where x.x is the IP address of your Exchange server you should see which way the packets are actually going.
It's not a security risk to publish the exact IP addresses as 192.168.x.x and 10.x.x.x are all in the unassigned IP ranges and if we have the numbers it will make helping you easier.
Can you post the IP address of the Exchange server and copy the full output of a route print command up here. (You can hide any 'real' IP addresses if you're concerned)
Also, if you type tracert 192.168.x.x where x.x is the IP address of your Exchange server you should see which way the packets are actually going.
I'm pretty much out of my depth here and have no way of knowing what security risk in posed by publicising this route print info. No offense BlairOut but can anyone corroborate? I appreciate that two great PHers are trying to help me out and I don't want to be a wuss but I also don't want to have the IT guy calling me saying his P&J is under attack!
I did try the tracert cmd but the destination host was unreachable after the 5th hop starting at 192.168.X.X where this X.X is different to the IP address of the Exchange Server
I haven't re-booted since running the 'fix' that didn't produce what we wanted. Should I re-boot then run the tracert cmd with VPN connected and default gateway box checked or unchecked?
Or should I run tracert without re-booting?
And should I run the route print in those same conditions?
Or should I run tracert without re-booting?
And should I run the route print in those same conditions?
With VPN connected and DefGW box ticked:
1. Tracert exchange server cmd produces a one hop to the IP address and trace complete
2. Route print cmd gives the following:
*** info removed ***
With VPN connected but with DeGW box UN-checked:
1. Tracert gives the following:
***Info removed***
2. Route Print gives the following:
***Info removed***
Let me know if any of the above is too much info that I should edit, alternatively if you think I obscured important info, let me know that too!
1. Tracert exchange server cmd produces a one hop to the IP address and trace complete
2. Route print cmd gives the following:
*** info removed ***
With VPN connected but with DeGW box UN-checked:
1. Tracert gives the following:
***Info removed***
2. Route Print gives the following:
***Info removed***
Let me know if any of the above is too much info that I should edit, alternatively if you think I obscured important info, let me know that too!
Edited by hut49 on Monday 3rd July 13:40
Edited by hut49 on Monday 3rd July 20:50
With VPN connected and DefGW unticked
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C
ocuments and Settings
icky>ipconfig /all
***info removed, so I can sleep at night***
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C
ocuments and Settings icky>ipconfig /all
***info removed, so I can sleep at night***
Edited by hut49 on Monday 3rd July 14:15
Edited by hut49 on Monday 3rd July 20:48
Bummer, I get the following message:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and Settings icky>route ADD 192.168.0.0 MASK 255.255.0.0 192.168.1
60.200
The route addition failed: Either the interface index is wrong or the gateway do
es not lie on the same network as the interface. Check the IP Address Table for
the machine.
If you've had enough of this don't hesitate to say so - I really appreciate everything that you and DeeJay have done...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and Settings icky>route ADD 192.168.0.0 MASK 255.255.0.0 192.168.1
60.200
The route addition failed: Either the interface index is wrong or the gateway do
es not lie on the same network as the interface. Check the IP Address Table for
the machine.
If you've had enough of this don't hesitate to say so - I really appreciate everything that you and DeeJay have done...
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff