0

I'll preface this question by saying that I have made an effort to research this and I have been learning more about networking etc. as I broaden my IT experience, but VPN configuration still has gray areas for me. Anyway...

We are a small office that has a 2-line bonded ADSL connection with our ISP (static IP). The modem is bridged to our Sonicwall TZ 105 hardware firewall. Off and on I have been trying to figure out how to set up a VPN connection so my boss can access our server remotely. I don't have access to his network hardware (it's going to be just a standard modem from AT&T or Comcast or whoever). What I can do is have him bring in his laptop and install the NetExtender client which should allow him to connect with SSL VPN.

We are all on PCs with Windows 7 Pro, also running AVG 2012 with Windows Firewall turned off (not sure if the software firewalls matter here).

What I Did

I Tried to configure the SSL VPN using this video, pretty much everything I did mimics what this guy does.

User setup:

  1. I set up a user for him (bobdole) and a password.

  2. I made user bobdole a member of the SSLVPN group and Trusted Users group for good measure, as instructed in the video. For VPN Access tab I put LAN Subnets.

Server setup:

  1. Enabled WAN SSL VPN on port 443 using AES 256 SHA1

  2. Set client address range outside of normal DHCP range (assigned by the Sonicwall either way I think) 192.168.168.187-192

  3. Set DNS server 1 and 2 to the same ones we use normally, they point to our ISP DNS servers. Left DNS Domain blank. Left UserDomain as "LocalDomain". No WINS server.

  4. Set up one client route: Lan Primary Subnet (as instructed in the video) which populates as 192.168.168.0/255.255.255.0. This is the only client route.

The Problem and Questions

I installed NetExtender on my workstation, which is inside the LAN that a remote user would be trying to connect to. Should I try from outside the network? I know that will be the application in the end but can I not test accessibility from inside the network?

I cannot connect with NetExtender. No matter what I put in I get:

"Error: The server is not reachable. The server may be down or your internet settings may be down."

The NetExtender login page looks like this after I enter in my information:

  • Server: 111.11.11.111:443
  • Username: bobdole
  • Password: ********
  • Domain: LocalDomain

I click "Connect" and the window says "Verifying User" for a few seconds before giving me the error. I don't know where I screwed up or did not put something in correctly, or if it's just the fact that I can't do this from inside the network.

The Server IP I'm using is our public IP, which is a static IP. The username is the one I set up in the Sonicwall, with the password. Should I be entering in something else for the Server IP? Leave port number off? Any help or clarifying questions are appreciated, thank you.

Delaric
  • 11
  • 1
  • 3

1 Answers1

1

You are correct in your assumption that trying to connect while inside the LAN is likely not going to work. There are relatively few of these multi-purpose prosumer appliances that support hairpin NAT, which is required for this to work.

So - just head to your local coffee shop, or tether to your phone and then try to VPN in.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Ok, good to know. Thank you for the answer. Does everything else seem ok? I'll see if I can get a laptop with NE out or maybe even try from home. – Delaric May 22 '14 at 15:39
  • If you have the Wireless TZ105 W model, you can connect via wireless and access your VPN. By default, the WLAN not have access to the LAN which avoids the NAT problem. SonicPoints may work as well. I believe the default configuration also keeps the WLAN separated. – Nilpo Jul 01 '16 at 06:07