Reply
New Member
Posts: 32
Registered: 4 weeks ago

Can't make VPN work

Hi,

 

I had a VPN setup on my previous router and Win 10 client which all worked fine.  So, I now have a USG Pro and set up the VPN.  The Win 10 client can log in, and web browse devices on the LAN, but I cannot connect to any of my network shares like I could previously.

 

Any idea what is wrong?  I don't need to manually set routing rules for the VPN, do I?

 

Thanks,

Drew VS

Regular Member
Posts: 402
Registered: ‎10-21-2013
Kudos: 116
Solutions: 21

Re: Can't make VPN work

How are you accessing the shares? Could it be a DNS issue?

New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

I'm just browsing in explorer.  Or, looking for //servername/share.  It tells me //servername does not exist.

 

Drew VS

Regular Member
Posts: 402
Registered: ‎10-21-2013
Kudos: 116
Solutions: 21

Re: Can't make VPN work

Are you able to ping the server name?

 

Sounds like it probably is a DNS issue. 

 

In the controller, under settings, then networks do you have a remote vpn network configured?

New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

I can ping the server IP, and I can brose various server services via Chrome.  But I cannot connect to shares.

 

Not sure what you mean by server "name".  Can you be more specific?  I am trying to use at SAMBA shares, and I had not thought they were involved in DNS name resolution.  This all worked fine on a previous router.

 

Yes, I have a remote user VPN defined, L2TP server.  It is on a different address than the main corporate network.  Name sever is set to Auto.  Enable WINS server is not checked.  Is this correct?

 

 

 

Thanks,

Drew VS

New Member
Posts: 4
Registered: ‎09-02-2015

Re: Can't make VPN work

change the dns value from auto to manual.  type in the address of your dns server. 

New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

All,

 

Thank you all for your help, I have it working now.  The solution was that I had to enable and fill in my WINS server.  So it was a name resolution problem, but on the NetBIOS side rather than IP.

 

Drew VS

Established Member
Posts: 1,356
Registered: ‎01-29-2015
Kudos: 182
Solutions: 51

Re: Can't make VPN work

That's very odd. I haven't worried about WINS for a VERY long time.

New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

I can confirm that turning off WINS will 100% reproduce it.  

 

Where would my USG typically get the information needed to replace WINS by its own DNS?

 

Thanks,

Drew VS 

Emerging Member
Posts: 88
Registered: ‎05-06-2017
Kudos: 178
Solutions: 5

Re: Can't make VPN work

[ Edited ]

WINS and DNS are different things and I don't believe the USG has a WINS server.

However your clients are likely already setup to use the USG as the DNS server. The only thing you need to do beyond that is configure your client aliases and then they will resolve through the USG DNS (you may need to add the suffix configured on your network).

 

Edit: Here's some screenshots of what I'm talking about...

 

DNS_1.PNGDNS_2.PNGDNS_3.PNG

In the second screenshot "Home" is my VPN connection adapter in Windows.

New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

Thanks Roland,

 

The server is not running Windows, so I don't know what the equivalent to the Advanced TCP/IP setting would be.  I'm guess that the Linux server uses WINS to get that same information.

 

Thanks,
Drew VS

Emerging Member
Posts: 88
Registered: ‎05-06-2017
Kudos: 178
Solutions: 5

Re: Can't make VPN work

I'm not sure where you would configure the hostname in Linux. That is really just a convenience thing though so you can use the hostname alone rather than the FQDN.

You can always add the domain name yourself when you are trying to access the machine. Should be easy to confirm by trying to ping hostname and then ping hostname.domainname
Highlighted
New Member
Posts: 32
Registered: 4 weeks ago

Re: Can't make VPN work

I now see those were properties you showed were for the client machine; I had misunderstood.  I added those and it did not help; I still need to run WINS.

 

Regarding adding the domain name...I am simply browsing through explorer looking at user shares, so I don't know how that would be done. I dont want to go to a command line...etc.  Applications do not find the relevant files unless I run WINS.

 

Anyway, it works fine with WINS, so unless I am forced to drop that service, all seems fine now.

 

Thanks!

Drew

Reply