Wednesday, June 10, 2009

Blocked again.

I was blocked again my a customer firewall. When I get a moment this afternoon I'm going to install and try my friend Rob Daly's suggestion of using Hamachi. I'll use this as a "backdoor" so that I don't become stranded. However, I don't consider this a long term solution, nor is it a scalable solution for a company looking to roll this out.

I might also try VNC. The Wyse X90 has a VNC client installed by default. I just need to install the VNC server on my virtual desktop.

2 comments:

  1. Alex - A few thoughts... I've seen connect issues due to IP address conflict. For example, if my local machine gets 10.0.0.17, and I connect via VPN, I may get a successful connect ... BUT then the packages don't route because the other side also has that address set defined and routes my traffic to the wrong machine on the response. No good answer, but if you have any control over the corporate IP address set try to use weird addresses like 10.217.97.* rather than 10.0.0.*.

    Also - VPN often fails to work over NAT devices, or fails due to firewall rules. If you have any protocol options, try playing with those. I've been able to use OpenVPN to route all traffic over port 80 and had great success in the field - but that doesn't work unless you have control over both sides of the connection (ie, run your own VPN server and VPN client).

    Good luck!

    - Chris (twitter @cmidgley)

    ReplyDelete
  2. Chris,

    Thanks for the advise. My Cisco VPN client has an option to either allow, or not allow local LAN access. This would force all traffic over the VPN tunnel. I've tried using that with no luck. I've also wondered if GRE traffic is allowed by the firewall or not.

    I'll try configuring the TCP option and see if I can get it working that way. Thanks!

    ReplyDelete