Hi all
I have an ASG at work and I would like to allow remote clients to access to our work LAN, I have successfully set up the SSL VPN connection using the Astaro client downloaded from UserPortal. Now all clients are able to connect to the work LAN using their laptops remotely, the clients mostly use what ever WIFI network they have (home/airport).
the problem is when they run Astrao SSL client they lose their connection with the internet. I was able to solve this partially by adding a masquerading rule to allow them to connect to the internet but this means that they are going to connect to the internet through the ASG and use the work public ip address which I don't want. (I disabled the masquerading rule)
all what I want is to allow clients connecting using SSL VPN to be able to still use their local connection (whatever that is) to connect the internet directly and not through the ASG.
NOTES
here is my setup
ASG is connected to the internet through an ADSL modem which is setup as a bridge (so ASG is handelling PPPOE )
ASG internal ipaddress = 172.16.100.1
ASG internal network = 172.16.100.1/24 netmask 255.255.255.0
SSL VPN pool = 172.16.200.1/24 netmask 255.255.255.0
from ASG websdmin > remote access > advanced
DNS server #1 = 172.16.100.1
DNS server #2 = 172.16.100.1
when I perform ipconfig /all on clients here is what I get
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Astaro SSL VPN Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.200.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 172.16.200.5
DHCP Server . . . . . . . . . . . : 172.16.200.5
DNS Servers . . . . . . . . . . . : 172.16.100.1
172.16.100.1
Lease Obtained. . . . . . . . . . : Saturday, March 10, 2012 1:57:34 PM
Lease Expires . . . . . . . . . . : Sunday, March 10, 2013 1:57:34 PM
after the client connects using Astaro's ssl client I noticed this entry in the client's routing table :
==========================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 128.0.0.0 172.16.200.5 172.16.200.6 1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
***.***.***.*** 255.255.255.255 192.168.1.1 192.168.1.102 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.0.0.0 128.0.0.0 172.16.200.5 172.16.200.6 1
172.16.200.1 255.255.255.255 172.16.200.5 172.16.200.6 1
172.16.200.4 255.255.255.252 172.16.200.6 172.16.200.6 1
172.16.200.6 255.255.255.255 127.0.0.1 127.0.0.1 1
172.16.255.255 255.255.255.255 172.16.200.6 172.16.200.6 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25
224.0.0.0 240.0.0.0 172.16.200.6 172.16.200.6 1
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25
255.255.255.255 255.255.255.255 172.16.200.6 4 1
255.255.255.255 255.255.255.255 172.16.200.6 5 1
255.255.255.255 255.255.255.255 172.16.200.6 172.16.200.6 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 172.16.200.5
==========================================================
* ***.***.***.*** is the ASG public ip address
if I delete the first entry
0.0.0.0 128.0.0.0 172.16.200.5 172.16.200.6 1
clients are able to connect to the internet ..... with their own connection ... but is still slow and not stable ....
please help
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
