NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mvaar's avatar
mvaar
Aspirant
Sep 11, 2015

FVS336Gv2 full tunnel no internet

I have upgraded the firmware to latest (4.3.3-5) and I am using the latest vpnclient lite version 6.x. Running windows 10 pro 64 bit.

 

I set up the gateway as enumerated in the manual and I can connect both with split tunnel enabled and disabled.

 

With split tunnel enabled, it works as expected- I can see the remote lan and I can see the internet. Tracert also shows traffic flowing as expected.

 

With split tunnel disabled, I can see the remote lan but no internet. So all traffic may be going through the tunnel but not beyond.

 

Mode config is disabled and I specified an client IP different from the one in the subnet. Is there some additional config needed to get the internet traffic flow working ?

Security

8 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Sep 14, 2015

    Hi mvaar,

     

    I think if you want full tunnel support, you should use SSL VPN instead and check "full tunnel support" in the SSL VPN Client setup page of the FVS336Gv2. 

     

    Check pages 8-15 on the link below.  Is this how you configured a client-to-box VPN?

     

    http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

     

    I look forward to your response.  Feel free to post screenshots of your setup.  Welcome to the community! :smileyhappy:

     

     

    Regards,

     

    DaneA
    Netgear Community Team

    • mvaar's avatar
      mvaar
      Aspirant
      Sep 14, 2015

      I followed the instructions in this manual - http://www.downloads.netgear.com/files/GDC/VPNG01L/VPNClient_UM_27May2015.pdf

       

      Remember, I have a fvs336gv2 with firmware 4.3.3-5, not a fvs318.

      Yes, it is a client to gateway VPN.

      I followed the gateway setup exactly as described in appendix A, manually configuring a gateway, with the addition of (edge) xauth.

       

      I assigned client IP address of 192.168.7.10, while connecting (tunneling) to the remote subnet 192.168.120.0/255.255.255.0 . The endpoint is 192.168.120.1. It is one of the VLANs I set up on the router. 

       

      On the router, all outbound traffic is allowed so I saw no reason to add any firewall rule ( as some have indicated elsewhere that to make full tunnel possible you need to add firewall rules or even routes). I am a little hazy on these concepts though, I admit.

       

      So with split tunneling, everything works. I can see the remote subnet and I can ping to the internet- all traffic except to the 192.168.120.0 is going from my local gateway - 192.168.70.1 .

       

      With full tunnel, I can see everything in the 192.168.120.0 as expected but I cannot even ping IP addresses on the internet.

      • mvaar's avatar
        mvaar
        Aspirant
        Sep 14, 2015

        also, I see this line in the vpn log -

         

        [FVS336Gv2] [IKE] INFO: No policy found, generating the policy : 192.168.7.10/32[0] 192.168.120.0/24[0] proto=any dir=in

         

        I do have a vpn policy but it is declared for fqdn and not the ip address 192.168.7.10. Could this be causing the problem ?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More