wireless connection problem

I am trying to connect (wireless) to my office network with my laptop. I have a Toshiba Satellite notebook; it says that I am connected to the network, but I am not sending nor receiving packets (while everything works fine if I am not wireless connected). I tried to ping between computers, but there is no answer. I checked the ip settings and they are fine. If I do an ipconfig /all command I get the right ip address, subnet mask and gateway.

I think this might have occured after I installed SSH sentinel for the VPN connection while it was working well before I installed this software.

Please help.

Thank you.

Netadict

Obvious question then is does it work again when you uninstall that software?

David.

Thank you for your help.

One more question, why the wireless connection does not work if I disable the SSH network?

Thank you.

Regards, Netadict

"Jeff Liebermann" ha scritto nel messaggio news: snipped-for-privacy@4ax.com... | On Fri, 26 Aug 2005 15:09:06 GMT, "Netadict" | wrote: | Yeah, that's highly probable. VPN clients and shims take over the IP | stack. If you want to do an unencrypted session directly to the | internet through your own router, you have to either disable the shim, | or setup a profile that has no VPN encryption in the tunnel with the | correct gateway. That's the way my SafeNet VPN shim works. There's a | good reason for this as a VPN should not allow traffic from your LAN | or through your router to get into the corporate LAN at the other end | of the VPN tunnel. That's an instant security nightmare. So, with | the VPN running and connected, you don't get to connect directly to | the internet. This smells like a corporate setup so I suggest you | call your corporate IT people and ask for help. | -- | Jeff Liebermann snipped-for-privacy@comix.santa-cruz.ca.us | 150 Felker St #D

| Santa Cruz CA 95060 | AE6KS 831-336-2558

I don't know. If you disable the VPN or SSH shim, or set it to pass through, it should allow connections to the internet. Maybe it would be helpful if you would disclose the vendor, product name, and version?

Try this simple experiment. start -> run -> cmd tracert

Try the above with the VPN running and without the VPN running. Where do the packets try to go? If they're going to the corporate LAN, then there's probably another layer of security inside the corporate LAN that needs to be dealt with before you can go out to the internet. If the packet try to go via the corporate LAN through the VPN, even with the VPN disabled, then you have *NOT* disabled the VPN or SSH client.

You can also get a clue where packets are going by dumping the route table. route -print | more However, you might have some difficulties interpreting the numbers. If the routeing table does NOT change when you are disabling the VPN or SSH client, then you're doing something wrong.

Also, when you connect via the VPN, you will be assigned a new IP address that is routed to the corporate LAN. Run: ipconfig and see where it's going. Note the default route value. If the default route points to the corporate LAN, that's where you're going to get your internet access. If it points to your router, then you should be able to browse the internet normally.

Thank you.

I tried tracert

with the VPN Policy Manager running and not running but it does not change. I can always surf the internet, my major problem is the wireless connection that it is not working since I installed SSH sentinel (TM) version 1.4 (build 137).

I presume that I have no choice then unistall the SSH sentinel SW.

Thanks for your help.

Ciao, Netadict

"Jeff Liebermann" ha scritto nel messaggio news: snipped-for-privacy@4ax.com... | On Fri, 26 Aug 2005 17:42:23 GMT, "Netadict \\(home\\)" | wrote: | | >One more question, why the wireless connection does not work if I disable | >the SSH network? | | I don't know. If you disable the VPN or SSH shim, or set it to pass | through, it should allow connections to the internet. Maybe it would | be helpful if you would disclose the vendor, product name, and | version? | | Try this simple experiment. | start -> run -> cmd | tracert

| | Try the above with the VPN running and without the VPN running. Where | do the packets try to go? If they're going to the corporate LAN, then | there's probably another layer of security inside the corporate LAN | that needs to be dealt with before you can go out to the internet. If | the packet try to go via the corporate LAN through the VPN, even with | the VPN disabled, then you have *NOT* disabled the VPN or SSH client. | | You can also get a clue where packets are going by dumping the route | table. | route -print | more | However, you might have some difficulties interpreting the numbers. | If the routeing table does NOT change when you are disabling the VPN | or SSH client, then you're doing something wrong. | | Also, when you connect via the VPN, you will be assigned a new IP | address that is routed to the corporate LAN. Run: | ipconfig | and see where it's going. Note the default route value. If the | default route points to the corporate LAN, that's where you're going | to get your internet access. If it points to your router, then you | should be able to browse the internet normally. | | | | -- | # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 | # 831.336.2558 voice | # | # snipped-for-privacy@comix.santa-cruz.ca.us | # snipped-for-privacy@cruzio.com AE6KS

Sorry. I didn't quite understand your description. When you say "I can always suft the internet" I presume that means you can surf the internet through a wired connection at both the office and the house. My guess is that you cannot connect using a wireless connection at the office. Is this correct?

You state that IPCONFIG /ALL shows the "correct" IP addreses. It's possible that you're looking at the addresses delivered by the previous lease or from your home system. Try: start -> run -> cmd ipconfig /release (wait about 5 seconds) ipconfig /renew ipconfig and see if it returns the same IP addresses. If not, then you were not getting a DHCP assigned IP address which usually means an bad WEP key.

Sorry, I can't guess any more details from what you've supplied.

Well, I use the SafeNet VPN client on my laptops to connect to my home and office networks. It's very similar to your SSH Sentinel. In fact, SafeNet bought the SSH Sentinel product last year.

work. That has to be a VPN configuration problem. However, setting up a VPN is not a trivial exercise. I think you need some local hands-on help.

However, if all you want is a single VPN tunned between your home and office, I suggest you NOT install software on the clients and use a hardware solution at both ends. Replace your routers with VPN routers that are designed for the purpose. You can still connect when portable using VPN client software on laptops, but the basic connection between home and office is via dedicated routers.

I've been using various Sonicwall VPN routers for the purpose but they tend to rather expensive. I have one customer with 4 locations in 3 states using Sonicwall TELE connected via a hardware VPN. Click "network neighborhood" and you see every machine at all the locations. I've also used Netscreen (now Jupiter) Linux based routers for VPN. They're nice because they support both IPSec and PPTP VPN's. The PPTP is useful as it comes with all Windoze versions.

I've been looking at the line of Netgear VPN routers:

current experience with these. I have used Linksys BEFVP41 routers but was not thrilled with the performance limits.

Incidentally, the Netgear software VPN client:

Thanks for your help.

I unistalled SSH sentinel and everything is working fine again.

Now I need to set a VPN between office and home.

Thank you.

Ciao, netadict

"Jeff Liebermann" ha scritto nel messaggio news: snipped-for-privacy@4ax.com...

Yes. You need to subscribe to a dynamic DNS service (DDNS) such as No-ip.com or dyndns.com. Dyndns is supported in firmware by most routers so methinks this is the best choice. I have a paid account with them and use it to point to customers, weather stations, and internet connected devices. If the router does not support DDNS in firmware, then you can add their software to one of the office client computers.

Thanks for your suggestion.

One more question, as far as you know is it possible to make a VPN between a static IP address (office) and a dynamic IP address (home)?

Thank you for your help.

Ciao, Netadict

"Jeff Liebermann" ha scritto nel messaggio news: snipped-for-privacy@4ax.com...

Yes but you have to either know the IP address or be able to resolve it by using something like dyndns.org which some routers support or use a tool like dns2go from

to register the current address in a dns service.

David.