NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mvaar's avatar
mvaar
Aspirant
Sep 11, 2015

FVS336Gv2 full tunnel no internet

I have upgraded the firmware to latest (4.3.3-5) and I am using the latest vpnclient lite version 6.x. Running windows 10 pro 64 bit.   I set up the gateway as enumerated in the manual and I can co...
Security
DaneA's avatar
DaneA
NETGEAR Employee Retired
Sep 14, 2015

Hi mvaar,

 

I think if you want full tunnel support, you should use SSL VPN instead and check "full tunnel support" in the SSL VPN Client setup page of the FVS336Gv2. 

 

Check pages 8-15 on the link below.  Is this how you configured a client-to-box VPN?

 

http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

 

I look forward to your response.  Feel free to post screenshots of your setup.  Welcome to the community! :smileyhappy:

 

 

Regards,

 

DaneA
Netgear Community Team

  • mvaar's avatar
    mvaar
    Aspirant
    Sep 14, 2015

    I followed the instructions in this manual - http://www.downloads.netgear.com/files/GDC/VPNG01L/VPNClient_UM_27May2015.pdf

     

    Remember, I have a fvs336gv2 with firmware 4.3.3-5, not a fvs318.

    Yes, it is a client to gateway VPN.

    I followed the gateway setup exactly as described in appendix A, manually configuring a gateway, with the addition of (edge) xauth.

     

    I assigned client IP address of 192.168.7.10, while connecting (tunneling) to the remote subnet 192.168.120.0/255.255.255.0 . The endpoint is 192.168.120.1. It is one of the VLANs I set up on the router. 

     

    On the router, all outbound traffic is allowed so I saw no reason to add any firewall rule ( as some have indicated elsewhere that to make full tunnel possible you need to add firewall rules or even routes). I am a little hazy on these concepts though, I admit.

     

    So with split tunneling, everything works. I can see the remote subnet and I can ping to the internet- all traffic except to the 192.168.120.0 is going from my local gateway - 192.168.70.1 .

     

    With full tunnel, I can see everything in the 192.168.120.0 as expected but I cannot even ping IP addresses on the internet.

    • mvaar's avatar
      mvaar
      Aspirant
      Sep 14, 2015

      also, I see this line in the vpn log -

       

      [FVS336Gv2] [IKE] INFO: No policy found, generating the policy : 192.168.7.10/32[0] 192.168.120.0/24[0] proto=any dir=in

       

      I do have a vpn policy but it is declared for fqdn and not the ip address 192.168.7.10. Could this be causing the problem ?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More