#1  
Old January 15th, 2013, 02:25 PM
DPP DPP is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jan 2013
Posts: 3
DPP is on a distinguished road
Question IPSec VPN routing problems to WAN

I have set up an IPSec VPN from a shrew client to a home network with an SRXN3205 being used as a gateway. I followed a guide on vpncasestudy.com for a FVS336G with shrew (the basic setup with a shared key, no mode config and without Xauth). It works nicely, but there are a couple of issues I don't know how to solve.

1. I have tried to route all network traffic through the VPN by setting the local IP settings to Any in the VPN policy on the SRXN3205 and then setting policies in the Shrew client for the IPs I want to send through the VPN. This works, but after a few mins any WAN connections stop working, although I can still access the LAN. entering the IP address of websites in a browser also doesn't work so it seems it is a routing problem, not a DNS problem. If I disconnect and reconnect then everything works again.

2. I don't have a DNS server on the LAN, but the gateway has the DNS proxy setting enabled. If I set the gateway IP as a DNS server on the Shrew client then I don't get any name resolution for WAN or LAN (I was trying to do this to get computer browsing to work, but no luck here despite having enabled NetBIOS and messing around with a WINS server, but that is a longer story that I won't go into here)

Please can anyone help me? I am using a linux client if that is important.
Reply With Quote
  #2  
Old January 23rd, 2013, 02:05 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: IPSec VPN routing problems to WAN

Quote:
2. I don't have a DNS server on the LAN, but the gateway has the DNS proxy setting enabled. If I set the gateway IP as a DNS server on the Shrew client then I don't get any name resolution for WAN or LAN (I was trying to do this to get computer browsing to work, but no luck here despite having enabled NetBIOS and messing around with a WINS server, but that is a longer story that I won't go into here)
Without your OWN DNS server it will not resolve it

Quote:
1. I have tried to route all network traffic through the VPN by setting the local IP settings to Any in the VPN policy on the SRXN3205 and then setting policies in the Shrew client for the IPs I want to send through the VPN. This works, but after a few mins any WAN connections stop working, although I can still access the LAN. entering the IP address of websites in a browser also doesn't work so it seems it is a routing problem, not a DNS problem. If I disconnect and reconnect then everything works again.
ANY under VPN policy just simply allow to use any remote LAN subnet IP so makes not difference if you set specific IP in the router VPN policy or not.
Reply With Quote
  #3  
Old January 29th, 2013, 02:40 PM
DPP DPP is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jan 2013
Posts: 3
DPP is on a distinguished road
Default Re: IPSec VPN routing problems to WAN

Quote:
Originally Posted by jmizoguchi View Post
Without your OWN DNS server it will not resolve it
Sorry I wasn't very clear in my post. I was trying to get netBIOS name resolution working not DNS names for the LAN. I have got this going now using a WINS server.

I understand better what the DNS proxy option does now. Will it forward DNS lookup requests only from the local LAN, or can it also act as a proxy for computers connected via VPN too?

My problem seems to affect connections to the LAN aswell. After a few minutes my connection will suddenly stall, although the Shrew client still reports the connection is OK. Clicking disconnect and reconnect and everything is OK again, but it can get annoying. I have read in some places that reducing the MTU might help, but I don't know much about this. Might this help?
Reply With Quote
  #4  
Old January 29th, 2013, 02:47 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: IPSec VPN routing problems to WAN

MTU should be 1430 on main router

Quote:
DNS Proxy
Enable DNS Proxy: When enabled, the will act as a proxy for all DNS requests and communicate with the ISP's DNS servers (as configured in the WAN settings page). All DHCP clients will receive the Primary/Secondary DNS IP along with the IP where the DNS Proxy is running. When disabled, all DHCP clients will receive the DNS IP addresses of the ISP excluding the DNS Proxy IP address.
The feature is particularly useful in Auto Rollover mode. For example, if the DNS servers for each connection are different, then a link failure may render the DNS servers inaccessible. However, when the DNS proxy is enabled, then clients can make requests to the router and the router, in turn, sends those requests to the DNS servers of the active connection.
Reply With Quote
  #5  
Old January 30th, 2013, 02:30 AM
DPP DPP is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jan 2013
Posts: 3
DPP is on a distinguished road
Default Re: IPSec VPN routing problems to WAN

OK, thanks.

MTU on the router was set to a default value of 1500. I will change it.
On the client, what should the MTU be (I am using a virtual adapter)? At the moment it is set to a (default, I think) of 1380.
Reply With Quote
  #6  
Old January 30th, 2013, 03:40 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: IPSec VPN routing problems to WAN

Didn't I say 1430?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 05:32 AM.