D-Link Forums
The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: longtex on September 02, 2010, 10:37:02 AM
-
We have a DNS-323 running an application where users map a drive to it and run an app through a browser.
Works fine inside on the LAN, but with a VPN tunnel from a different subnet, the DNS-323 does not show up at all - can't even ping it.
What to do?
-
Can't even ping it by IP?!
-
No ping, no nothin'... Can see other computers, but not the NAS.
(All computers here are static IP only - that's how all of them roll)
-
You probably need to look at how your VPN is configured - I use a Netgear VPN router and the Netgear VPN client software and have no problems accessing my DNS-323 via the VPN.
The only setting on the DNS-323 that might impact it be accessible over a VPN would be the default gateway setting, and technically that shouldn't have an impact, since the VPN should make your client appear to be on the local LAN.
-
You probably need to look at how your VPN is configured - I use a Netgear VPN router and the Netgear VPN client software and have no problems accessing my DNS-323 via the VPN.
The only setting on the DNS-323 that might impact it be accessible over a VPN would be the default gateway setting, and technically that shouldn't have an impact, since the VPN should make your client appear to be on the local LAN.
I'm thinking it has to do with the DNS-323 being on a different subnet than the remote computers. On the plain vanilla WINXP computers, you have to allow other subnets, but haven't seen anyplace to allow that or list IPs to let in...
-
You MUST use a different subnet when dealing with a VPN - it's the only way your VPN server/client will know how to route the traffic.
That "allow other subnets" looks suspiciously like some sort of personal firewall or internet security suite settings - it's not "plain vanilla WINXP" - there's no such software running on an out of the box DNS-323.
-
You MUST use a different subnet when dealing with a VPN - it's the only way your VPN server/client will know how to route the traffic.
That "allow other subnets" looks suspiciously like some sort of personal firewall or internet security suite settings - it's not "plain vanilla WINXP" - there's no such software running on an out of the box DNS-323.
Of course the "other end" of the tunnel has a different subnet - that's the point... and the problem.
Nobody's talking about the 323 being WinXP - it's a comment on those systems - the default in Windows Firewall on XP File/Printer sharing is to allow only local subnet - you have to specifically change it to allow "any" or "other" or whatever its terminology is. It occurred to me that perhaps the 323 has a similar security setting, that's all. I don't have access to that LAN, so I can't see it, and I'm having to talk them through doing whatever it is they need to do to allow traffic from the remote sites. If I can get them to let me in with VNC or LogMeIn or whatever, maybe I can look at it and find out what it's doing.
The question is, what - if anything - on the 323 is disallowing other subnets, and how can it be changed or turned off?
Or is there some possible additional security software on the 323 that's causing this?
-
SOLVED.
It turns out they had the 323's gateway pointing to a wireless router used for walk-in traffic.
Changed that to the VPN's address, and - as they say in Fraintz - VI-OLA!
Thanks for the help, everyone!
-
Of course the "other end" of the tunnel has a different subnet - that's the point... and the problem.
Nobody's talking about the 323 being WinXP - it's a comment on those systems - the default in Windows Firewall on XP File/Printer sharing is to allow only local subnet - you have to specifically change it to allow "any" or "other" or whatever its terminology is. It occurred to me that perhaps the 323 has a similar security setting, that's all. I don't have access to that LAN, so I can't see it, and I'm having to talk them through doing whatever it is they need to do to allow traffic from the remote sites. If I can get them to let me in with VNC or LogMeIn or whatever, maybe I can look at it and find out what it's doing.
The question is, what - if anything - on the 323 is disallowing other subnets, and how can it be changed or turned off?
Or is there some possible additional security software on the 323 that's causing this?
Do forgive me for disagreeing - I've been using VPNs with Windows for many years - and NEVER ONCE changed any WINDOWS settings to allow access from a remote host - I have had to do it when running a third party personal firewall.
I also never suggested that the DNS-323 was XP - in fact - if you read the post, you'll see what I siad is that there was no such software running on the DNS-323 - in short, I answered the question you ask in this post, before you even asked it.
-
NEVER ONCE changed any WINDOWS settings to allow access from a remote host
Again, I was talking about Win XP Firewall's File & Printer Sharing, not about the 323's. Since it wasn't my 323, I didn't (and still don't) know what sort of security walls might be in place. I didn't mean to imply that the 323 would be running XP, but it occurred to me that it might have a similar issue, and was not aware that they hadn't changed the gateway to point to their shiny new VPN router instead of the old non-VPN router - and probably wouldn't have even thought about it until it was mentioned. Thanks to you guys, when I called them and told them to check it - and they said "oops" and changed it - it was literally not more than a few seconds before it opened up.
As far as I know, the Win XP Firewall default on File & Printer Sharing is "My network (subnet) only", so if you're trying to map a drive from a computer on a different subnet (VPN or not), it's not going to happen unless and until you change that setting. I could surer'n hell be wrong, but that's what I've seen so far: different subnets, no map unless the default setting is changed.
Thanks again, I really appreciate the help.
-
Would it make sense actually posting the same thing a third time? Maybe I should just forget about it?
It did take two tries to get you to consider the gateway setting - it's actually there in my first reply in your first thread (this one) although I believe it was the second time I posted it, in your second thread, that got your attention.
As plain as I can make it - there is NO such security software running on an "out-of-the-box" DNS-323.
By "out-of-the-box" I mean as shipped by DLink, there are ways to add thirty party applications.
Re - windows file & print sharing - installing & supporting VPNs is one of the things I do for a living, and I can map a drive letter on a Windows XP system, to a share that's physically located xteen thousand miles away via a vpn with NO changes to the Windows firewall - no changes means it's at the default settings.
-
Would it make sense actually posting the same thing a third time? Maybe I should just forget about it?
It did take two tries to get you to consider the gateway setting - it's actually there in my first reply in your first thread (this one) although I believe it was the second time I posted it, in your second thread, that got your attention.
As plain as I can make it - there is NO such security software running on an "out-of-the-box" DNS-323.
By "out-of-the-box" I mean as shipped by DLink, there are ways to add thirty party applications.
Re - windows file & print sharing - installing & supporting VPNs is one of the things I do for a living, and I can map a drive letter on a Windows XP system, to a share that's physically located xteen thousand miles away via a vpn with NO changes to the Windows firewall - no changes means it's at the default settings.
No need to get righteous and snippy here, old dog. I didn't ask you about the 323 this last time - I thought that "Solved" was clear enough, and I believe I did thank you. I also thought I explained that since I couldn't see the 323 I was assuming they had the gateway pointed correctly, and it wasn't until you emphasized it that I told them to check it.
While I appreciate your response underscoring yet again what you do, apparently I wasn't clear enough with my Windows question. Regardless of the distance between the two ends of a VPN tunnel, if you have Win XP computers on different subnets, how do you map a drive to a Win XP share without changing File & Printer sharing settings?
-
Same way I do it on the LAN - right click, select "Map network drive", select a drive later and then enter the UNC path (\\server\share)
-
Hi there,
Sorry to "hijack" this thread, but I have a DNS-323 hooked to a Linksys WRV-210 "VPN" Router. Could you tell me how/if it is possible to remotely access the 323 "directly" (i.e., just the 323 hooked on the router. No PC on this end). Would I have to use VPN/FTP/both?
Any bit of help would be greatly appreciated. :)
-
A PC is not required except for initial configuration of the DNS and your router. It all depends on what type of access you want. There is a ton on information on setting up FTP.
-
So, FTP is the way.
But where would VPN enter on this equation? Would it be just some kind of "security layer", if desired? I mean, VPN have nothing to do with allowing remote access to the 323's filesystem?
-
A VPN or Virtual Private Network allows you to connect either a single computer to a network at another physical location as if they were both in the same place, or one network to another network at a different location again, as if they both in the same place.
You could - if you so chose use your VPN router to connect in this fashion - or - you could use ftp, and you could even use ftp over a VPN.
VPNs are generally considered to be the secure way of doing things, but as with all security systems, the strength lies in how they are setup.
-
Hopefully some of you folks are still around and monitoring this thread. I am having the same problem accessing the dns-323 through a netgear vpn. But only when I have the windows firewall turned on. No problem with the firewall off. So 100% its the windows firewall. The machine accessing the dns-323 are all XP pro with Trend Micro Titanium, titanium use the windows firewall.
So in the posts here there are referances to allowing the other subnets in the firewall. Question is: How, where is that change made? Under File and printer sharing? In f&ps I see that tcp 139 and 445 is configured for subnet only as is udp 137 and 138. Change scope gives me some selections, which one? I still need all the other systems to be able to access this machine using file sharing.