home network + port forwarding + work vpn + GRRR

[TechDoofus]

LONG READ, WORTH IT?

Hello, Everybody

This is my first post, and I'm hoping someone will be able to help.

As a 'part-time' computer networking student, I know just enough to be dangerous. I'd put my tech ability and knowledge quite a bit above your Average Joe, but well below the real pros.

MY SITUATION:

For my job, my workplace has us use Panasonic Toughbooks. For years, each night we plug them into the Telco line in order to enable an automated upload/download of our routes. I'm a heat/cool repair technician. In recent days, they have provided us with the option of a LAN upload/download. This would be highly desirable so I can eliminate my $50 per month phone line that serves virtually no purpose.

THE PROBLEM: We have no administrator access to these computers. Some of my coworkers have been able to get the LAN upload/download to function to work, whereas others (such as myself) have not been so lucky. The key difficulty, I suspect, is within the way our home networks are setup. The guys that have gotten it to work, are like "Dude, you just plug in an ethernet cable from the laptop to the router, and voila!"

MY EQUIPMENT: I use a Linksys E-1000 residential wireless router. I have tried several times to plug an ethernet cable (cat 6, tried multiple cables) from the work PC to the router. Each morning, on those attempts, the upload/download process failed due to lack of connectivity.

THE PLOT THICKENS: The "wired networking" capability of our work PCs, the Toughbooks, only comes on temporarily in the middle of the night to allow for this functionality and then turns off completely again. So, I have no way to see/retrieve/access the IP number or MAC address of the wired card for this computer!

MY DERP'NESS: I suspect that I need to set up 'port forwarding' inside the Linksys E-1000, but I'm quite unfamiliar with that practice, although I've been reading on it. How does one setup port forwarding without knowing the IP/MAC info for the target machine? Does it even matter?

WHAT I DO KNOW: Our work PCs communicate through the VPN with UDP packets, but I know nothing of the particular client software used. During the workdays, I can view "Network Statistics" and see real-time transfer of UDP packets. SO, I suspect that our upload/downloads are via UDP, but I may be wrong...

Is there any way that I can simply turn on a particular port, or range of ports, inside of this router, so that I can get this to work?

We can get no help from our workplace because they are "tech dumb" and don't know the difference between RAM and ROM. This functionality is setup through our third-party vendor and they will not talk with us about this issue. So, I'm stuck.

It sure would be nice to save $50 a month though...

 

[Cromewell]

This sounds like the strangest setup I've ever heard of. Is it a VPN that connects overnight? If so make sure you have VPN pass through enabled in your router config, there's 3 types IP Sec, PPTP and L2TP.

If there's some other sorcery going on as long as you know the port it operates on and the IP of your machine on the network you can set up a forward. The forward rule doesn't care what the external IP is, it just tells your router that if someone on the outside starts a conversation on port x that it shouldn't discard the traffic.

 

[TechDoofus]

This sounds like the strangest setup I've ever heard of. Is it a VPN that connects overnight? If so make sure you have VPN pass through enabled in your router config, there's 3 types IP Sec, PPTP and L2TP.

If there's some other sorcery going on as long as you know the port it operates on and the IP of your machine on the network you can set up a forward. The forward rule doesn't care what the external IP is, it just tells your router that if someone on the outside starts a conversation on port x that it shouldn't discard the traffic.

Hey, thank you for your response!

Yes, it is precisely that: a VPN that automatically senses whether it is connected via Telco or Ethernet, and then initiates an automated sequence. That sequence uploads all of my previous day's route details - customer info, parts usage, monies collected, etc...and then...it downloads all of the coming day's same information. This is an entirely automated system and I have zero access to it. Sadly.

I have been through my router, but will go check about VPN pass-through, and enable that. With VPN pass-through enabled, should I need to setup any sort of other port-forwarding?

UPDATE:

It looks as though all three VPN Passthrough options are/were already enabled.

 

[Cromewell]

VPN pass through should handle it for you. You could try putting the machine into dmz (basically means everything is forwarded).

Make sure your router doesn't drop your connection when it's not in use as well. It will reconnect when you try to use it but if the vpn is very time sensitive it may not go fast enough.

 

[TechDoofus]

VPN pass through should handle it for you. You could try putting the machine into dmz (basically means everything is forwarded).

Make sure your router doesn't drop your connection when it's not in use as well. It will reconnect when you try to use it but if the vpn is very time sensitive it may not go fast enough.

I appreciate the suggestions. As I reviewed the settings in my router, I saw that all three VPN-Passthrough modes were/are enabled and have been previously. Something is fishy with the port forwarding capability of this Linksys E-1000. It will not retain settings, which a Google search turned up others complaining of similar. Instead, I've decided to try this feature "Port Triggering." Will report back with results!

Thanks again!

 

[beers]

Port forwarding probably won't help you, it is for inbound connections that arrive on a particular port and the router forwards them to a specific LAN address. If your PC is the one initiating the connection, the router will make a rule for return traffic to that PC.

You could check the DHCP leases to see if the PC actually connected or pulled an address.

The company help desk would probably be a better bet and could modify the GPO/etc for testing if your system is really that locked down.

 

[TechDoofus]

Port forwarding probably won't help you, it is for inbound connections that arrive on a particular port and the router forwards them to a specific LAN address. If your PC is the one initiating the connection, the router will make a rule for return traffic to that PC.

You could check the DHCP leases to see if the PC actually connected or pulled an address.

The company help desk would probably be a better bet and could modify the GPO/etc for testing if your system is really that locked down.

The port forwarding would not cooperate and the port triggering also did not work. Unfortunately, the company help-desk has one answer to everything: we'll send you a new hard drive, lol. It's bad, really really bad.

Here is a question though...

My home setup is like this:

Coaxial In > Residential Gateway > Wireless Router > Home Network > wired components + wireless components

* That "residential gateway" is a combination modem, router, and wireless access point. However, I have it set into "bridged" mode so it only operates as a modem. So, my routing and wireless are handled by my Linksys E-1000.

Correct me if I'm wrong, but am I going about this all wrong in an attempt to connect this to my home network? Theoretically, could I just plug directly into the modem overnight?

I don't really need to protect the company PC through the security settings in my wireless router, do I? That's on the company and the VPN client, right?

 

[Cromewell]

Correct me if I'm wrong, but am I going about this all wrong in an attempt to connect this to my home network? Theoretically, could I just plug directly into the modem overnight?

Yes.

 

[TechDoofus]

Yes.

Well, okay, that is encouraging.

I did some googling and found many similar complaints of people not being able to utilize their work VPNs with the Linksys E-1000 wireless router. Regardless of settings such as passthrough, forwarding, triggering, etc, others reported having no luck at all.

So, it seems that an answer may be in sight.

Now, I wonder: Should I need to unplug my wireless router just to be able to plug in my work laptop? Physically, there is only one ethernet port on the modem itself. However, would it not be possible to use a splitter or hub of some sort to achieve the same result?

Of course, this is all hypothetical until I simply try to bypass the wireless router and go straight out through the modem. I just like to plan ahead!

...curious if anyone has any further thoughts on this...

 

[TechDoofus]

Well, update, I have only been working part-time, so I just had the chance to try this. Unfortunately, even after bypassing my wireless router and simply connecting directly to the modem, still a no-go!

I guess this leaves a couple of possibilities: the problem with my work computer itself or my ISP's setup is whack.

Any ideas?

 

[Cromewell]

You've made sure all the little things are in order? Like your laptop needs to be on, not sleeping (or be woken up a little before the VPN connection), it has the VPN software installed, firewall rules to allow the connection, that kind of thing.

Past that, it's unlikely that your ISP is at fault. It's not impossible, but pretty unlikely. Is the VPN service something you have to tell your work you are subscribing to?

 

[TechDoofus]

You've made sure all the little things are in order? Like your laptop needs to be on, not sleeping (or be woken up a little before the VPN connection), it has the VPN software installed, firewall rules to allow the connection, that kind of thing.

Past that, it's unlikely that your ISP is at fault. It's not impossible, but pretty unlikely. Is the VPN service something you have to tell your work you are subscribing to?

Rather than give poor answers to your questions, I will just list "what I do know":

- The laptop is always powered on overnight. It never goes to sleep.
- At 3 AM, the laptop uses some sort of client (VPN?) to call out over either a Telco line or a LAN connection
- I do not have administrator access to the operating system (Windows 7). Furthermore, I do not even have access to Windows at all! This PC runs on some sort of script, where on startup, it boots directly into our self-contained application.
- I have to do zero configuration for this to happen. As in, my directions from work are "Plug it in, make sure it's on, go to bed."
- This system works flawlessly over the Telco line, and has for years.
- Most of my coworkers are not having this issue, and they are completely tech-stupid, trust me on that.
- What little access to Windows functionality that I do have allows me to click on scarce icons in the taskbar. I can watch packets, network connectivity, etc. (this is during my workday that I can observe these things).
- Where I suspect the problem may be: From the "Start" button, I can click on a link that says "Show Interfaces" - it shows a wireless NIC is online, but it says "Wired Connection" (some client name...) is not running.

What I am uncertain about though is if that "wired" interface only starts up at 3AM. This may be my issue. I may followup with tech support. My downloads have not worked for a week. So, I get up and login with wireless and my day downloads in 15 seconds.

I am not opposed to using the wireless; however, our systems only receive updates (gps mapping, operating system, other stuff) via "overnight connection," which is what is NOT working due to this issue.

MORE INFO

When I click on the "Start" button, and click on "Show Interfaces," it says a command prompt-type screen and reads:

The Wired AutoConfig Service (dot3svc) is not running.

There is 1 interface on the system:

...and then lists the Wi-Fi interface...

I'm not surprised this cannot connect over a wired connection, if the service that would allow it is not running. However, the "helpdesk" could not tell me if this was normal when I inquired some months ago. Furthermore, they "sent me a new hard drive" (they are modular, takes two seconds to change), and the same thing happens.