Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: danimalapple
danimalapple Author
User level: Level 1
4 points

VPN connection works, but can't ping or access any other device on remote network

I have an OS X Lion server at work (uses a static IP of 192.168.2.10). VPN is setup and works.


The work network's router has an IP of 192.168.2.1 and hands out IPs of 192.168.2.100-149. The VPN service is configured to hand out IPs of 192.168.2.150-170.


My home network uses a router with an IP of 192.168.1.1 and hands out IPs from 192.168.1.2-49


Both routers are using subnet mask of 255.255.255.0


The problem is, I can connect to the VPN just fine and access all services running on that same OS X server like iChat and AFP file sharing. But, I cannot directly access any other device on the office network like client machines or even trying to log into the router's GUI interface. Pings timeout, etc.


Example:


At my home, I have a local IP of 192.168.1.12 and I connect to the work VPN. It assigns me an IP address of 192.168.2.151 and I'm able to connect to iChat on the OS X server that has a static IP of 192.168.2.10


In terminal, I try to ping the router on the work network (192.168.2.1) and I get no response (even though ICMP response is turn ON). I try to ping another OS X workstation on the work office, and get no response.


---------------


I'm not sure how to fix this, or whether I need to change settings on either router or the server.


Would greatly appreciate any insight or help on this. Thanks.

Mac Mini Server w/ OS X Lion

Posted on Jun 6, 2012 11:36 AM

Reply
19 replies
User profile for user: Kurt.Nicklow
Kurt.Nicklow
User level: Level 1
0 points

Aug 13, 2012 12:10 PM in response to danimalapple

danimalapple wrote:


Previously, I was using DD-WRT firmware at office. We changed to Tomato. When I did that, this stopped working. I can't be 100% sure that is the reason, but it seems it could be related. But I think that if it is, I should be able to find a way to configure it similarily so that it works the same.


Is there a way to send all traffic for 192.168.2.x over VPN? Perhaps the other firmware more intelligently routed based on destination.


I can't imagine changing a routing or NAT rule on the gateway is going to have any effect on whether or not the end-user's device uses it to begin with. The only thing I can think of would be that the DNS resolution on the OSX VPN server isn't finding the gateway (or not interacting with it properly) due to changes. If you're suggesting making a routing or NAT change the on the DNS then you may be correct. You'll have to validate all the settings on your DNS (and the zones).


Has the subnet or ip address scheme changed for the network?

Reply
User profile for user: danimalapple
danimalapple Author
User level: Level 1
4 points

Aug 13, 2012 12:20 PM in response to Kurt.Nicklow

We changed the server's IP from 192.168.6.1 to 192.168.2.1. And we also changed the DHCP lease range to match. We basically changed "6" to "2".


I also just confirmed that when connected via VPN from a Windows 7 machine, it works as expected. It works both with and without the setting turned on that is equivalent to "send all traffic over VPN". I can ping other devices on network and get a response.


It seems that OS X clients are not properly routing traffic for that network segment over the VPN. Strange. Perhaps it was actually related to a OS X update and not a config change.

Reply
User profile for user: Kurt.Nicklow
Kurt.Nicklow
User level: Level 1
0 points

Aug 13, 2012 12:23 PM in response to danimalapple

danimalapple wrote:


We changed the server's IP from 192.168.6.1 to 192.168.2.1. And we also changed the DHCP lease range to match. We basically changed "6" to "2".


I also just confirmed that when connected via VPN from a Windows 7 machine, it works as expected. It works both with and without the setting turned on that is equivalent to "send all traffic over VPN". I can ping other devices on network and get a response.


It seems that OS X clients are not properly routing traffic for that network segment over the VPN. Strange. Perhaps it was actually related to a OS X update and not a config change.


It'd be worth looking at the patch notes to see if that is in fact the cause of the issue.


Changing the server's address could of thrown off all or at least some of your DNS zones in the DNS server. Unfortunately the DNS services in OSX server are very fragile and address changes leave them prone to failure.

Reply
User profile for user: danimalapple
danimalapple Author
User level: Level 1
4 points

Sep 18, 2012 6:27 PM in response to Kurt.Nicklow

As we were having other issues with that server, we recently bought a Mac Pro, and installed Snow Leo Server on it and configured it almost identical to the other server, accept for different hostname.


VPN works as expected and as it did before, with no client changes, and "send all traffic over VPN" turned off.


I don't know why this changed, but it certainly changed. Whether I had some obscure bug with my particular server after upgrading to Lion, I'm not sure. But I bet it's just a change that was made in Lion, for seemingly no reason.


Lion Server is half baked. Very dissapointed with it. Snow Leo Server is much more stable, efficient and reliable.

Reply

VPN connection works, but can't ping or access any other device on remote network

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up