Going in circles trying to configure SSL VPN for Sonicwall TZ105

sonicwallvpn

I'll preface this question by saying that I have made an effort to research this and I have been learning more about networking etc. as I broaden my IT experience, but VPN configuration still has gray areas for me. Anyway…

We are a small office that has a 2-line bonded ADSL connection with our ISP (static IP). The modem is bridged to our Sonicwall TZ 105 hardware firewall. Off and on I have been trying to figure out how to set up a VPN connection so my boss can access our server remotely. I don't have access to his network hardware (it's going to be just a standard modem from AT&T or Comcast or whoever). What I can do is have him bring in his laptop and install the NetExtender client which should allow him to connect with SSL VPN.

We are all on PCs with Windows 7 Pro, also running AVG 2012 with Windows Firewall turned off (not sure if the software firewalls matter here).

What I Did

I Tried to configure the SSL VPN using this video, pretty much everything I did mimics what this guy does.

User setup:

  1. I set up a user for him (bobdole) and a password.

  2. I made user bobdole a member of the SSLVPN group and Trusted Users group for good measure, as instructed in the video. For VPN Access tab I put LAN Subnets.

Server setup:

  1. Enabled WAN SSL VPN on port 443 using AES 256 SHA1

  2. Set client address range outside of normal DHCP range (assigned by the Sonicwall either way I think) 192.168.168.187-192

  3. Set DNS server 1 and 2 to the same ones we use normally, they point to our ISP DNS servers. Left DNS Domain blank. Left UserDomain as "LocalDomain". No WINS server.

  4. Set up one client route: Lan Primary Subnet (as instructed in the video) which populates as 192.168.168.0/255.255.255.0. This is the only client route.

The Problem and Questions

I installed NetExtender on my workstation, which is inside the LAN that a remote user would be trying to connect to. Should I try from outside the network? I know that will be the application in the end but can I not test accessibility from inside the network?

I cannot connect with NetExtender. No matter what I put in I get:

"Error: The server is not reachable. The server may be down or your
internet settings may be down."

The NetExtender login page looks like this after I enter in my information:

  • Server: 111.11.11.111:443
  • Username: bobdole
  • Password: ********
  • Domain: LocalDomain

I click "Connect" and the window says "Verifying User" for a few seconds before giving me the error. I don't know where I screwed up or did not put something in correctly, or if it's just the fact that I can't do this from inside the network.

The Server IP I'm using is our public IP, which is a static IP. The username is the one I set up in the Sonicwall, with the password. Should I be entering in something else for the Server IP? Leave port number off? Any help or clarifying questions are appreciated, thank you.

Best Answer

You are correct in your assumption that trying to connect while inside the LAN is likely not going to work. There are relatively few of these multi-purpose prosumer appliances that support hairpin NAT, which is required for this to work.

So - just head to your local coffee shop, or tether to your phone and then try to VPN in.

Related Topic