NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336Gv2 full tunnel no internet
I have upgraded the firmware to latest (4.3.3-5) and I am using the latest vpnclient lite version 6.x. Running windows 10 pro 64 bit. I set up the gateway as enumerated in the manual and I can co...
Hi mvaar,
Have you tried to use Mode Config? If yes, does same problem occur? If not yet, kindly check this link below as reference guide on how to create a mode config record then check if same problem will occur:
Regards,
DaneA
Netgear Community Team
yes, I also tried using mode config. Same result, with the difference that my (local) virtual IP is from the pool defined in the mode config. I still get the INFO message that policy doesn't exist and creates on the fly. It seems that the policy only has parameters for in and not out, according to that log message.
Also, it recognizes that the client is behind NAT but treats the peer as my <client public IP>- is that OK ? In other words are the tunnel endpoints as expected ?
I do not like the idea of SSL VPN to expose my full network. SSL VPN is only protected by one user/pwd combination from the whole internet. I think that it is good in certain scenarios and if I can configure the access to a fine grained level inside my private network.
Thanks for responding to my posts.
Hi mvaar,
Kindly check this forum thread below and it seems similar to your concern. It might help you as well:
https://community.netgear.com/t5/VPN-Firewalls/FVS318N-to-Netgear-PRO-Safe-Client-IPSEC/td-p/501726
Regards,
DaneA
NETGEAR Community Team
Yeah, that is exactly what I want to do; unfortunately I see no solution posted in there either.
I saw something interesting in one of the docs that the last responder posted where the TCP/IP properties for the connection had an advanced option to "use default g/w on the remote network" but I did not find that on my wireless connection's properties. That author was using an older version of windows.
At this point I am curious if it is even possible to get internet access with full tunnel. Can you get it working ? Or is that a limitation of the VPN policy being set ? I tried using "Any" for the local network in the vpn policy ( which is considered wrong by netgear but not flagged as such) but that did not help my cause at all. I cannot see anything else in the vpn policy definition that I can work with.
Hi mvaar,
As I have observed the ProSAFE devices like the FVS336Gv2, there is no option or check box on the web-GUI to enable full tunnel when setting up client-to-box IPSecVPN. As I would analyze it, if there is a check box to enable/disable split tunnel on the VPN Client software, there should be also an option or check box on the web-GUI of the ProSAFE device to enable full tunnel when setting up client-to-box IPSec VPN.
I would assume that full tunnel on a client-to-box VPN setup is not possible if the corresponding firewall router on the remote site is a ProSAFE device like FVS336Gv2. Regarding this, I encourage you to contact NETGEAR Support at anytime then raise your concern.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
