Help! Windows XP networking hell on earth

Hi everyone,

I'm trying to get my GF's Windows XP Pro machine work nicely on my LAN and with her VPN dialer simultaneously. We've just moved in together and I've got to get this figured out so she can work (she works out of the house).

For work, she is required to use an AT&T VPN "dialer" that makes a VPN tunnel over an existing internet connection. I can make that work just fine. She also needs to be able to use the LAN resources -- file sharing, printers, etc. That also works fine. They don't work at the same time, however.

She also needs to be able to access the internet without going through the VPN, to download email, etc.

All of these things should work simultaneously, but I can't make it work reliably.

The VPN dialer requires something called "Net Firewall" to be bound to the network adapter. This conflicts with filesharing on the lan.

I figured I could solve the problem by installing a second NIC. In fact, it worked just fine for a little while, but now it isn't working. When I first installed the second NIC, it worked like a charm.

When the VPN is connected, I can't access anything on the LAN. I can't even ping machines on the LAN. Its as if the second network connection doesn't even exist.

I made sure that Windows File Sharing and Client for Microsoft Windows Networks are both unchecked on one connection, while they are checked but Network Firewall is unchecked on the other one.

Why can't I make this work? What an abortion. I could have had this running on 50 unix/linux computers buy now...

Please help.

Thanks in advance,

Jim

The Sonicwall VPN software I use & support for my office has that type of functionality as a feature. The reasoning is this: if your machine can see both the internet/local intranet as well as the VPN tunnel simultaneously then it is essentially a gaping hole in the company firewall, so that behavior is not allowed. If that's the case with the AT&T software then no amount of fiddling with windows settings will have any effect. I'd read the AT&T documentation (if there is any).

'Luck.

-Zeke

Well, I hope there is a way. Like I said, it seemed to work for a little while initially...

A trick that could be useful (not tested myself, but heard from friends...):

Oten LAN/Internet TCP/IP connections are blocked when the VPN is active. However, frequently the VPN software does not block Netbios shares. So you could share another PC's printer peripherals this way.

Maybe i'm not 100% correct, but this type of solution worked for him.

Jelle

IF it's a standard Windows VPN (i.e. it shows up in the list in Network connections as a VPN) then you could try clearing the "Use default gateway on remote network" checkbox. This works for me when using the VPN from home- anything that accesses work goes through the VPN while other stuff goes through my regular connection.

Good advice, Siberia. I was going to suggest it until I read the tip about the VPN software deliberately blocking access to local shares. I figured that one sounded more likely.

But in non-VPN situations, unchecking "use default gateway on remote network" has often solved those kinds of problems for me.

Like I said, it seemed to work for a little while initially...

The setting is on the VPN gateway and beyond your control. They could have changed the setting after you initially had it working.

That being said, the setting is enforced by the VPN client software on your machine. It might not be intelligent enough to deal with two NICs, it depends on how it locks down the connection. Good client software would be able to do it.

First thing you should do is ask the VPN admin whether this feature is enabled or not. Pointless banging your head against a brick wall if it is.

Can a VPN client access multiple VPNs? If so can you setup one of your own?
Or maybe you just need a way to quickly change which network is enabled?

Run your VPN client inside a VMware OS box and leave the host connected to the world at large. It'll never know the difference.

-Zeke