wireless connection problem

I am trying to connect (wireless) to my office network with my laptop. I
have a Toshiba Satellite notebook; it says that I am connected to the
network, but I am not sending nor receiving packets (while everything works
fine if I am not wireless connected). I tried to ping between computers, but
there is no answer. I checked the ip settings and they are fine. If I do an
ipconfig /all command I get the right ip address, subnet mask and gateway.

I think this might have occured after I installed SSH sentinel for the VPN
connection while it was working well before I installed this software.

Please help.

Thank you.

Netadict




Netadict

> I think this might have occured after I installed SSH sentinel for the VPN
> connection while it was working well before I installed this software.

Obvious question then is does it work again when you uninstall that
software?

David.

On Fri, 26 Aug 2005 15:09:06 GMT, "Netadict" <(E-Mail Removed)>
wrote:

>I am trying to connect (wireless) to my office network with my laptop. I
>have a Toshiba Satellite notebook; it says that I am connected to the
>network, but I am not sending nor receiving packets (while everything works
>fine if I am not wireless connected). I tried to ping between computers, but
>there is no answer. I checked the ip settings and they are fine. If I do an
>ipconfig /all command I get the right ip address, subnet mask and gateway.
>
>I think this might have occured after I installed SSH sentinel for the VPN
>connection while it was working well before I installed this software.

Yeah, that's highly probable. VPN clients and shims take over the IP
stack. If you want to do an unencrypted session directly to the
internet through your own router, you have to either disable the shim,
or setup a profile that has no VPN encryption in the tunnel with the
correct gateway. That's the way my SafeNet VPN shim works. There's a
good reason for this as a VPN should not allow traffic from your LAN
or through your router to get into the corporate LAN at the other end
of the VPN tunnel. That's an instant security nightmare. So, with
the VPN running and connected, you don't get to connect directly to
the internet. This smells like a corporate setup so I suggest you
call your corporate IT people and ask for help.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Thank you for your help.

One more question, why the wireless connection does not work if I disable
the SSH network?

Thank you.

Regards,
Netadict


"Jeff Liebermann" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
| On Fri, 26 Aug 2005 15:09:06 GMT, "Netadict" <(E-Mail Removed)>
| wrote:
| Yeah, that's highly probable. VPN clients and shims take over the IP
| stack. If you want to do an unencrypted session directly to the
| internet through your own router, you have to either disable the shim,
| or setup a profile that has no VPN encryption in the tunnel with the
| correct gateway. That's the way my SafeNet VPN shim works. There's a
| good reason for this as a VPN should not allow traffic from your LAN
| or through your router to get into the corporate LAN at the other end
| of the VPN tunnel. That's an instant security nightmare. So, with
| the VPN running and connected, you don't get to connect directly to
| the internet. This smells like a corporate setup so I suggest you
| call your corporate IT people and ask for help.
| --
| Jeff Liebermann (E-Mail Removed)
| 150 Felker St #D http://www.LearnByDestroying.com
| Santa Cruz CA 95060 http://802.11junk.com
| AE6KS 831-336-2558

On Fri, 26 Aug 2005 17:42:23 GMT, "Netadict \(home\)"
<(E-Mail Removed)> wrote:

>One more question, why the wireless connection does not work if I disable
>the SSH network?

I don't know. If you disable the VPN or SSH shim, or set it to pass
through, it should allow connections to the internet. Maybe it would
be helpful if you would disclose the vendor, product name, and
version?

Try this simple experiment.
start -> run -> cmd <enter>
tracert www.yahoo.com

Try the above with the VPN running and without the VPN running. Where
do the packets try to go? If they're going to the corporate LAN, then
there's probably another layer of security inside the corporate LAN
that needs to be dealt with before you can go out to the internet. If
the packet try to go via the corporate LAN through the VPN, even with
the VPN disabled, then you have *NOT* disabled the VPN or SSH client.

You can also get a clue where packets are going by dumping the route
table.
route -print | more
However, you might have some difficulties interpreting the numbers.
If the routeing table does NOT change when you are disabling the VPN
or SSH client, then you're doing something wrong.

Also, when you connect via the VPN, you will be assigned a new IP
address that is routed to the corporate LAN. Run:
ipconfig
and see where it's going. Note the default route value. If the
default route points to the corporate LAN, that's where you're going
to get your internet access. If it points to your router, then you
should be able to browse the internet normally.



--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# http://802.11junk.com
# (E-Mail Removed)
# (E-Mail Removed) AE6KS

Thank you.

I tried tracert www.yahoo.com with the VPN Policy Manager running and not
running but it does not change. I can always surf the internet, my major
problem is the wireless connection that it is not working since I installed
SSH sentinel (TM) version 1.4 (build 137).

I presume that I have no choice then unistall the SSH sentinel SW.

Thanks for your help.

Ciao,
Netadict

"Jeff Liebermann" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
| On Fri, 26 Aug 2005 17:42:23 GMT, "Netadict \(home\)"
| <(E-Mail Removed)> wrote:
|
| >One more question, why the wireless connection does not work if I disable
| >the SSH network?
|
| I don't know. If you disable the VPN or SSH shim, or set it to pass
| through, it should allow connections to the internet. Maybe it would
| be helpful if you would disclose the vendor, product name, and
| version?
|
| Try this simple experiment.
| start -> run -> cmd <enter>
| tracert www.yahoo.com
|
| Try the above with the VPN running and without the VPN running. Where
| do the packets try to go? If they're going to the corporate LAN, then
| there's probably another layer of security inside the corporate LAN
| that needs to be dealt with before you can go out to the internet. If
| the packet try to go via the corporate LAN through the VPN, even with
| the VPN disabled, then you have *NOT* disabled the VPN or SSH client.
|
| You can also get a clue where packets are going by dumping the route
| table.
| route -print | more
| However, you might have some difficulties interpreting the numbers.
| If the routeing table does NOT change when you are disabling the VPN
| or SSH client, then you're doing something wrong.
|
| Also, when you connect via the VPN, you will be assigned a new IP
| address that is routed to the corporate LAN. Run:
| ipconfig
| and see where it's going. Note the default route value. If the
| default route points to the corporate LAN, that's where you're going
| to get your internet access. If it points to your router, then you
| should be able to browse the internet normally.
|
|
|
| --
| # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
| # 831.336.2558 voice http://www.LearnByDestroying.com
| # http://802.11junk.com
| # (E-Mail Removed)
| # (E-Mail Removed) AE6KS

On Sat, 27 Aug 2005 06:17:03 GMT, "Netadict \(home\)"
<(E-Mail Removed)> wrote:

>I tried tracert www.yahoo.com with the VPN Policy Manager running and not
>running but it does not change. I can always surf the internet, my major
>problem is the wireless connection that it is not working since I installed
>SSH sentinel (TM) version 1.4 (build 137).
>
>I presume that I have no choice then unistall the SSH sentinel SW.

Sorry. I didn't quite understand your description. When you say "I
can always suft the internet" I presume that means you can surf the
internet through a wired connection at both the office and the house.
My guess is that you cannot connect using a wireless connection at the
office. Is this correct?

You state that IPCONFIG /ALL shows the "correct" IP addreses. It's
possible that you're looking at the addresses delivered by the
previous lease or from your home system. Try:
start -> run -> cmd <enter>
ipconfig /release
(wait about 5 seconds)
ipconfig /renew
ipconfig
and see if it returns the same IP addresses. If not, then you were
not getting a DHCP assigned IP address which usually means an bad WEP
key.

Sorry, I can't guess any more details from what you've supplied.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# http://802.11junk.com
# (E-Mail Removed)
# (E-Mail Removed) AE6KS

Thanks for your help.

I unistalled SSH sentinel and everything is working fine again.

Now I need to set a VPN between office and home.

Thank you.

Ciao,
netadict

"Jeff Liebermann" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
> On Sat, 27 Aug 2005 06:17:03 GMT, "Netadict \(home\)"
> <(E-Mail Removed)> wrote:
>
>>I tried tracert www.yahoo.com with the VPN Policy Manager running and not
>>running but it does not change. I can always surf the internet, my major
>>problem is the wireless connection that it is not working since I
>>installed
>>SSH sentinel (TM) version 1.4 (build 137).
>>
>>I presume that I have no choice then unistall the SSH sentinel SW.
>
> Sorry. I didn't quite understand your description. When you say "I
> can always suft the internet" I presume that means you can surf the
> internet through a wired connection at both the office and the house.
> My guess is that you cannot connect using a wireless connection at the
> office. Is this correct?
>
> You state that IPCONFIG /ALL shows the "correct" IP addreses. It's
> possible that you're looking at the addresses delivered by the
> previous lease or from your home system. Try:
> start -> run -> cmd <enter>
> ipconfig /release
> (wait about 5 seconds)
> ipconfig /renew
> ipconfig
> and see if it returns the same IP addresses. If not, then you were
> not getting a DHCP assigned IP address which usually means an bad WEP
> key.
>
> Sorry, I can't guess any more details from what you've supplied.
>
> --
> # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
> # 831.336.2558 voice http://www.LearnByDestroying.com
> # http://802.11junk.com
> # (E-Mail Removed)
> # (E-Mail Removed) AE6KS

On Sun, 28 Aug 2005 08:15:37 GMT, "Netadict" <(E-Mail Removed)>
wrote:

>Thanks for your help.
>I unistalled SSH sentinel and everything is working fine again.
>Now I need to set a VPN between office and home.

Well, I use the SafeNet VPN client on my laptops to connect to my home
and office networks. It's very similar to your SSH Sentinel. In
fact, SafeNet bought the SSH Sentinel product last year.
> http://www.ssh.com/company/newsroom/article/484/
There's no reason that the ethernet should work while the wireless not
work. That has to be a VPN configuration problem. However, setting
up a VPN is not a trivial exercise. I think you need some local
hands-on help.

However, if all you want is a single VPN tunned between your home and
office, I suggest you NOT install software on the clients and use a
hardware solution at both ends. Replace your routers with VPN routers
that are designed for the purpose. You can still connect when
portable using VPN client software on laptops, but the basic
connection between home and office is via dedicated routers.

I've been using various Sonicwall VPN routers for the purpose but they
tend to rather expensive. I have one customer with 4 locations in 3
states using Sonicwall TELE connected via a hardware VPN. Click
"network neighborhood" and you see every machine at all the locations.
I've also used Netscreen (now Jupiter) Linux based routers for VPN.
They're nice because they support both IPSec and PPTP VPN's. The PPTP
is useful as it comes with all Windoze versions.

I've been looking at the line of Netgear VPN routers:
> http://www.netgear.com/products/busi...ecurity_sb.php
which are MUCH cheaper than Sonicwall. However, I don't have any
current experience with these. I have used Linksys BEFVP41 routers
but was not thrilled with the performance limits.

Incidentally, the Netgear software VPN client:
> http://www.netgear.com/products/deta...01L_VPN05L.php
appears to be the SafeNet OEM VPN client.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Thanks for your suggestion.

One more question, as far as you know is it possible to make a VPN between a
static IP address (office) and a dynamic IP address (home)?

Thank you for your help.

Ciao,
Netadict


"Jeff Liebermann" <(E-Mail Removed)> ha scritto nel messaggio
news:(E-Mail Removed)...
> On Sun, 28 Aug 2005 08:15:37 GMT, "Netadict" <(E-Mail Removed)>
> wrote:
>
>>Thanks for your help.
>>I unistalled SSH sentinel and everything is working fine again.
>>Now I need to set a VPN between office and home.
>
> Well, I use the SafeNet VPN client on my laptops to connect to my home
> and office networks. It's very similar to your SSH Sentinel. In
> fact, SafeNet bought the SSH Sentinel product last year.
>> http://www.ssh.com/company/newsroom/article/484/
> There's no reason that the ethernet should work while the wireless not
> work. That has to be a VPN configuration problem. However, setting
> up a VPN is not a trivial exercise. I think you need some local
> hands-on help.
>
> However, if all you want is a single VPN tunned between your home and
> office, I suggest you NOT install software on the clients and use a
> hardware solution at both ends. Replace your routers with VPN routers
> that are designed for the purpose. You can still connect when
> portable using VPN client software on laptops, but the basic
> connection between home and office is via dedicated routers.
>
> I've been using various Sonicwall VPN routers for the purpose but they
> tend to rather expensive. I have one customer with 4 locations in 3
> states using Sonicwall TELE connected via a hardware VPN. Click
> "network neighborhood" and you see every machine at all the locations.
> I've also used Netscreen (now Jupiter) Linux based routers for VPN.
> They're nice because they support both IPSec and PPTP VPN's. The PPTP
> is useful as it comes with all Windoze versions.
>
> I've been looking at the line of Netgear VPN routers:
>>
>> http://www.netgear.com/products/busi...ecurity_sb.php
> which are MUCH cheaper than Sonicwall. However, I don't have any
> current experience with these. I have used Linksys BEFVP41 routers
> but was not thrilled with the performance limits.
>
> Incidentally, the Netgear software VPN client:
>> http://www.netgear.com/products/deta...01L_VPN05L.php
> appears to be the SafeNet OEM VPN client.
>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> AE6KS 831-336-2558