VPN connection works, but can't ping or access any other device on remote network

danimalapple: On the client machine, in the VPN Properties > Advanced > Options Tab: "Send all traffic over VPN connection" <-- put a check mark there. This will force the client to use the DNS server in the VPN instead of the ISP's DNS server. This worked for me (on Rogers Internet, at least).

I have the same problem while setting up a MBA for one of our employees.

I have confirmed that the VPN is working through one ISP via a hotspot connection or home Internet (Rogers). I can ping hosts on the remote network. Outlook for Mac works through the VPN. We can map shared drives.

But when I connected it through another ISP via hotspot connection (WIND Mobile), I cannot ping any hosts. Outlook cannot connect. Shared drives are unavailable. I assumed that maybe there was something wrong with the WIND Mobile network.

However, the employee took the laptop to Austria and is experiencing the same problem: The VPN is running, but he cannot ping any of the clients on the remote network. Outlook for Mac cannot connect. Shared drives are unavailable. Could it be that the ISP is blocking PPTP traffic?

Can't be blocked traffic if you can connect to the VPN. Run a port check from a website like this to be sure: http://www.yougetsignal.com/tools/open-ports/

Also, here is a list of frequently used ports for the Apple services: http://support.apple.com/kb/TS1629

Additionally, look at the DNS settings on the OSX server. If you have DNS setup on it and your gateway that could be causing some issues. If you have DNS turned on in the OSX server verify that it's setup properly. Additionally, setting up a VPN server and then changing addressing information can cause a lot of stability issues with OSX server services, including VPN.

Thanks.

To clarify: we were able to ping, retrieve mail, and access files through Rogers Internet via VPN on the MacBook Air when I was setting it up here in Toronto. We have employees in Toronto that are still connected through the VPN this way with no issues. Now that the MBA is in Austria, the VPN connects, the connection counter appears beside the VPN icon, but is unable to ping, mail, and share through the VPN.

Do I run the port check from the computer trying to connect to the VPN?

Also, we don't have an OSX server. We are connecting to our router which has a VPN server.

On the client, I have configured to have all traffic go through the VPN connection when it is connected. This setting fixed our internal DNS resolution issue in the past.

When you're testing ports you always want to run the port check from the outside looking in. I'd advise running any tests you want to run on all the three scenarios (if possible). Even if one of the scenarios is working it's worth making sure the results of a port test, ping, or the like are logically consistent.

My understanding is the WIND is a mobile Broadband card so it sort of adds up that there might be some limitations. Given the Austrian endpoint is international I suppose it could be subject to the same shortcomings, but I'm honestly not sure. Start with the port checks, that out to give you some hard data.

BrownBrady wrote:

Thanks.

To clarify: we were able to ping, retrieve mail, and access files through Rogers Internet via VPN on the MacBook Air when I was setting it up here in Toronto. We have employees in Toronto that are still connected through the VPN this way with no issues. Now that the MBA is in Austria, the VPN connects, the connection counter appears beside the VPN icon, but is unable to ping, mail, and share through the VPN.

Do I run the port check from the computer trying to connect to the VPN?

Also, we don't have an OSX server. We are connecting to our router which has a VPN server.

On the client, I have configured to have all traffic go through the VPN connection when it is connected. This setting fixed our internal DNS resolution issue in the past.

Also, Telnet can be used to test some ports.

danimalapple wrote:

I have an OS X Lion server at work (uses a static IP of 192.168.2.10). VPN is setup and works.

The work network's router has an IP of 192.168.2.1 and hands out IPs of 192.168.2.100-149. The VPN service is configured to hand out IPs of 192.168.2.150-170.

My home network uses a router with an IP of 192.168.1.1 and hands out IPs from 192.168.1.2-49

Both routers are using subnet mask of 255.255.255.0

The problem is, I can connect to the VPN just fine and access all services running on that same OS X server like iChat and AFP file sharing. But, I cannot directly access any other device on the office network like client machines or even trying to log into the router's GUI interface. Pings timeout, etc.

Example:

At my home, I have a local IP of 192.168.1.12 and I connect to the work VPN. It assigns me an IP address of 192.168.2.151 and I'm able to connect to iChat on the OS X server that has a static IP of 192.168.2.10

In terminal, I try to ping the router on the work network (192.168.2.1) and I get no response (even though ICMP response is turn ON). I try to ping another OS X workstation on the work office, and get no response.

---------------

I'm not sure how to fix this, or whether I need to change settings on either router or the server.

Would greatly appreciate any insight or help on this. Thanks.

Check the DNS settings on the server (see my earlier post in this thread).

danimalapple wrote:

Anything in particular I should be looking for?

The DNS settings look fine to me. They work in the office just fine. But from outside, via VPN, I'm having the problems as described.

I just don't know what could potentially cause this, so not sure what I should be looking for.

Is the OSX Server the DNS for your entire office, or do you have DNS being run off something else and the OSX server just sort of exists in the same envrionment?

From my experience, you can have that setting turned off but you must:

1) Use the full hostnames when referencing internal hosts. For example:

mailsvr.domain.local <-- will resolve

mailsvr <-- will not resolve

2) In VPN Properties > DNS tab: Add at least 1 internal DNS server and 1 Search Domain. In the example above, the search domain is "domain.local"

danimalapple wrote:

OK - is that the only way to make this work?

But like I said, previously, it worked WITHOUT doing that. I don't really want to send all traffic over the VPN.

It seems like something isn't configured right, but I'm just not sure what.

I'd be curious to hear how it would of worked without that setting enabled. The various services you're looking to use aren't necessarily going to know to go over the VPN vs. another gateway unless you specify so.