L2TP Mac Sierra issue (solved)


#1

I have a Peplink Balance 305
I have established a connection to the pep via L2TP
It gives me a 10. IP address
I just can not access any thing in the 10. network.
I have tried a simple shared drive using afp, smb, webdav anytime i am connected via VPN it does not show.
PPTP it was conenct and cmd K enter afp://10.10.10.11 -> prompts for pass -> shows drives
now nothing works, just the connection to the pep
Wondering if anyone has had this issue and how to solve or where i can look?


#2

Hi matt,

Since you are getting established via L2TP and receiving an appropriate IP address, the Balance is performing as expected and at that point I would look elsewhere for troubleshooting. Have you performed a trace route from the remote device to the IP you are attempting to access? Can you ping it? You can perform a network capture from within the Balance to analyze what is happening at the packet level from the Balance’s perspective. To run a PCAP within the Balance access the support.cgi page.

To access the support.cgi page alter your URL when logged into the Balance web-admin to reflect the following:

http(s)://[YOUR DEVICE IP]/cgi-bin/MANGA/support.cgi

Scroll down under the interface statistics window at the top to locate the network capture area and begin a capture of all interfaces. Recreate the problem while capturing and then download the PCAP file, the download link will appear after the capture has begun. You can use WireShark (free) to investigate the network capture information.

You want to see stuff arrive on the WAN and then depart the LAN interface. From what you described it appears that the Balance is performing normally and the problem may be elsewhere, hopefully this gets you started with a troubleshooting path.

Good luck matt.


#3

thanks for the start
a few things i noticed
when i connect to the pep and go to whatsmyip.com it gives me the static ip of the pep that my vpn is connecting to. Is that correct? or should it return my isp’s ip on the remote client?

also I add the dump into wireshark but it shows no record of my 10. ip address. How do i track down who i am?


#4

Hi matt,

When you establish a L2TP VPN you are connecting to that network so when doing a “whatsmyip” the IP shown should be the public IP of the “edge router” on the network you are connecting to. It sounds as though this is indeed what was shown and that is expected behavior.

To identify what your device’s IP address is you can check the device’s network information. In Windows you can quickly check this by accessing a command prompt and typing “ipconfig” and then looking for the IPv4 address. This is your IP and what you can look for in the PCAP results.

I hope that helps, good luck matt!


#5

Well. Im lost.
I set up a brand new OS X server. No firewall, shared a drive over the network.
Internally i can cmd K -> afp://10.10.10.199
user name and pass -> im in.

if i vpn in on a remote computer i get a local IP (10.10.10.189)
cmd K -> afp://10.10.10.199 I get a generic message “There was a problem connecting to the server 10.10.10.199, contact your sys admin for information”

im not sure where the disconnect comes in. i am seeing TCP retransmission packets for smb ports, but nothing to explain why its happening.

If anyone knows anything! i would be most grateful.

also from the pep to the vpn client i cant ping. so if the connected client is .123 i ping from the pep interface and 100% packet loss


#6

Fixed!
what was it?
had to set up services for each port (smb, afp) in the pep interface
i used apples port page https://support.apple.com/en-us/HT202944 to find the smb afp ports

beer thirty!


#7

I’m guessing, but most times a device will not respond to pings unless you disable firewall settings or specifically configure to allow. Curiously, could you ping from the device to the Balance? If so, this would illustrate the issue.

I’m happy to hear that you were able to identify and resolve this issue, well done mate!

Cheers! :+1:


#8

One of the nice “tricks” to identify information helpful for configuration of services is to setup an inbound firewall rule to allow everything and log it. When attempting the desired “service” the information will be sent to the event log, indicating information that may be helpful to get the service setup correctly. This can be especially useful for less “well-documented” services.

You do not want to leave this in place after gathering the desired information.

The screen shot below is an example of how to configure the inbound firewall rule to capture the information:

I hope this may help!


#9

When you say you had to set up “services” can you describe which screen you’re looking at? I’ve tried pass-through services, firewall rules… Can’t seem to figure it out.

Thanks