New Windows 7 PC can't see computers over router VPN link

[Ted]

I have just replaced my main XP computer with a Windows 7 64 computer.

I have a Draytek Vigor2600 router with inbuilt VPN that connects to another similar
router over the internet.

Both local and remote computers are a mixture of XP, Vista machines, with some
printers and other boxes.

The local machines are all on 192.168.8.x subnet.
The remote machines are all on 192.168.9.x subnet.

With my old XP computer I could see all my local machines and all the remote
machines. File and printer sharing, etc, worked fine and was reliable.

With my new Window 7 64 computer I can only see my local machines, and not the
remote ones.

I can ping all the remote machines ok (those that I know the IP address of).

I can make a connection to a particular remote machines using its IP number (as in
\\192.168.9.xx\somefolder), but this assumes I know of the existence and IP number
of the machine in advance (they do change).

If I disable the W7 firewall some of the remote machines do appear sometimes, but
usually disappear again quite soon.

If this is a firewall blocking problem, how do I tell the firewall to allow it?
Why, with the firewall disabled, to they disappear again?

If it is not a firewall problem what else might it be?

I have tried everything I can think of!

Ted.

 

[The poster formerly known as 'The Poster Formerly]

I have just replaced my main XP computer with a Windows 7 64 computer.

I have a Draytek Vigor2600 router with inbuilt VPN that connects to another similar
router over the internet.

Both local and remote computers are a mixture of XP, Vista machines, with some
printers and other boxes.

The local machines are all on 192.168.8.x subnet.
The remote machines are all on 192.168.9.x subnet.

With my old XP computer I could see all my local machines and all the remote
machines. File and printer sharing, etc, worked fine and was reliable.

With my new Window 7 64 computer I can only see my local machines, and not the
remote ones.

I can ping all the remote machines ok (those that I know the IP address of).

I can make a connection to a particular remote machines using its IP number (as in
\\192.168.9.xx\somefolder), but this assumes I know of the existence and IP number
of the machine in advance (they do change).

If I disable the W7 firewall some of the remote machines do appear sometimes, but
usually disappear again quite soon.

If this is a firewall blocking problem, how do I tell the firewall to allow it?
Why, with the firewall disabled, to they disappear again?

If it is not a firewall problem what else might it be?

I have tried everything I can think of!

Ted.

What is the setting for your windows firewall on the w7 machine
currently? (is it public or work or home)?

--
"Software is like sex, it's better when it's free."
- Linus Torvalds

DRM and unintended consequences:
http://blogs.techrepublic.com.com/security/?p=435&tag=nl.e101

 

[Seth]

I have just replaced my main XP computer with a Windows 7 64 computer.

I have a Draytek Vigor2600 router with inbuilt VPN that connects to
another similar
router over the internet.

Both local and remote computers are a mixture of XP, Vista machines, with
some
printers and other boxes.

The local machines are all on 192.168.8.x subnet.
The remote machines are all on 192.168.9.x subnet.

With my old XP computer I could see all my local machines and all the
remote
machines. File and printer sharing, etc, worked fine and was reliable.

With my new Window 7 64 computer I can only see my local machines, and not
the
remote ones.

I can ping all the remote machines ok (those that I know the IP address
of).

I can make a connection to a particular remote machines using its IP
number (as in
\\192.168.9.xx\somefolder), but this assumes I know of the existence and
IP number
of the machine in advance (they do change).

If I disable the W7 firewall some of the remote machines do appear
sometimes, but
usually disappear again quite soon.

If this is a firewall blocking problem, how do I tell the firewall to
allow it?
Why, with the firewall disabled, to they disappear again?

If it is not a firewall problem what else might it be?

I have tried everything I can think of!

When you first brought the Win7 machine up on the network, you probably got
a big popup asking if the network you were on was Home, Work or Public. Did
you choose something other and Work?

Go into the Network sharing center and if your profile is not set to Work,
change it so it is.

 

[Ted]

When you first brought the Win7 machine up on the network, you
probably got a big popup asking if the network you were on was Home,
Work or Public. Did you choose something other and Work?

Go into the Network sharing center and if your profile is not set to
Work, change it so it is.

It is set to "Work". I did try it as "Home" as well, but it made nom difference.

Ted.

 

[The poster formerly known as 'The Poster Formerly]

It is set to "Work". I did try it as "Home" as well, but it made nom difference.


Ted.

OK Ted, try this next. In Network sharing center, do you have network
discovery and file and printer sharing turned on?

--
"Software is like sex, it's better when it's free."
- Linus Torvalds

DRM and unintended consequences:
http://blogs.techrepublic.com.com/security/?p=435&tag=nl.e101

 

[Brian Gregory [UK]]

I have just replaced my main XP computer with a Windows 7 64 computer.

I have a Draytek Vigor2600 router with inbuilt VPN that connects to
another similar
router over the internet.

Both local and remote computers are a mixture of XP, Vista machines, with
some
printers and other boxes.

The local machines are all on 192.168.8.x subnet.
The remote machines are all on 192.168.9.x subnet.

With my old XP computer I could see all my local machines and all the
remote
machines. File and printer sharing, etc, worked fine and was reliable.

With my new Window 7 64 computer I can only see my local machines, and not
the
remote ones.

I can ping all the remote machines ok (those that I know the IP address
of).

I can make a connection to a particular remote machines using its IP
number (as in
\\192.168.9.xx\somefolder), but this assumes I know of the existence and
IP number
of the machine in advance (they do change).

If I disable the W7 firewall some of the remote machines do appear
sometimes, but
usually disappear again quite soon.

If this is a firewall blocking problem, how do I tell the firewall to
allow it?
Why, with the firewall disabled, to they disappear again?

If it is not a firewall problem what else might it be?

I have tried everything I can think of!

So your local subnet on the W7 machine is set to include both 192.168.8.xx
and 192.168.9.xx ?

 

[Ted]

So your local subnet on the W7 machine is set to include both
192.168.8.xx and 192.168.9.xx ?

--

Brian Gregory. (In the UK)
(e-mail address removed)
To email me remove the letter vee.

Sorry, I don't understand that.
How do I set a "local subnet" on the W7 machine?

The VPN link is in the router itself. It is not a VPN link created in W7

Ted.

 

[The poster formerly known as 'The Poster Formerly]

Yes I do.
I have followed all the usual advice from Microsoft (and others) of how to
configure networking several times, in case I had missed something.

Everything *seems* to be configured ok, but it just does not work for computers at
the other end of the routers VPN link.

Ted.

I have a setup very similar to yours Ted, and with all of the items I
suggested for you to check, I can see all of the computers on the
network here.

My setup is such that we have one domain spread across 4 remote
locations, each with their own subnet. My windows 7 machine can see all
of the other machines in the other subnets, and they can see my windows
7 machine just fine.

I would suggest next that you speak with Draytek support and see if they
have any suggestions about how to resolve this with your windows 7
clients. I wish you success.

--
"Software is like sex, it's better when it's free."
- Linus Torvalds

DRM and unintended consequences:
http://blogs.techrepublic.com.com/security/?p=435&tag=nl.e101

 

[Ted]

I have a setup very similar to yours Ted, and with all of the items I
suggested for you to check, I can see all of the computers on the
network here.

My setup is such that we have one domain spread across 4 remote
locations, each with their own subnet. My windows 7 machine can see
all of the other machines in the other subnets, and they can see my
windows 7 machine just fine.

I would suggest next that you speak with Draytek support and see if
they have any suggestions about how to resolve this with your windows
7 clients. I wish you success.

Is it possible for it to be a router issue then?
As the router works fine with the XP box, I assumed it was not at fault.

As the 2600 is an old(ish) router, I rather doubt Draytek would be interested. It
does have the latest available firmware in it.

I would consider a new router if I *knew* it would fix the problem, as the 2600 is
not wireless and I am thinking of getting a laptop.

Ted.

 

[The poster formerly known as 'The Poster Formerly]

Is it possible for it to be a router issue then?
As the router works fine with the XP box, I assumed it was not at fault.

As the 2600 is an old(ish) router, I rather doubt Draytek would be interested. It
does have the latest available firmware in it.

I would consider a new router if I *knew* it would fix the problem, as the 2600 is
not wireless and I am thinking of getting a laptop.

Ted.

Yes, it may be a router problem. Hard to be sure with the limited info
you provide. I don't know if your networks are each in a domain(s) or
workgroup(s). Is the router with the VPN an internet appliance, or does
each computer have vpn client software?

It's possible that your VPN does not support the new version of windows
entirely.

You could determine if the VPN/router is the problem by putting another
win 7 machine on the local LAN with your current win 7 machine and
seeing if you can reproduce the problem with the same network settings
like we talked about, then take the second win 7 machine and put it on
the other end of the VPN (remote location) and see again if you can
reproduce the problem.

IDK if you tried this yet or not, but if your windows 7 machines run
software firewalls, you could try disabling the windows firewall and use
a 3rd party firewall for more granular control of what gets through, or
try with no firewall enabled to see if it helps.

Since your vista machines work fine and vista is similar to windows 7,
you may try applying the same network settings to win 7 as vista and see
how it goes.

Hope it works out for you.

--
"Software is like sex, it's better when it's free."
- Linus Torvalds

DRM and unintended consequences:
http://blogs.techrepublic.com.com/security/?p=435&tag=nl.e101

 

[Gene E. Bloch]

Sorry, I don't understand that.
How do I set a "local subnet" on the W7 machine?

The VPN link is in the router itself. It is not a VPN link created in W7

Ted.

There is a parameter called a subnet mask; it's usually 255.255.255.0.
Two IP addresses are in the same subnet if they are identical
everywhere there is a 1 in the binary expansion of that mask. Since 255
= 11111111 in binary, that means the above subnet includes every IP
address where the first three octets (the numbers between the dots)
agree.

In "192.168.8.xx and 192.168.9.xx", the third octets disagree. Your
subnet mask needs to account for that. 255.255.254.0 would work fine,
if I didn't make an error, since the only difference is in the units
bit of the third octet.

This is set in various network configuration panels, but I don't want
to research it myself at the moment.

 

[Brian Gregory [UK]]

There is a parameter called a subnet mask; it's usually 255.255.255.0.
Two IP addresses are in the same subnet if they are identical
everywhere there is a 1 in the binary expansion of that mask. Since 255
= 11111111 in binary, that means the above subnet includes every IP
address where the first three octets (the numbers between the dots)
agree.

In "192.168.8.xx and 192.168.9.xx", the third octets disagree. Your
subnet mask needs to account for that. 255.255.254.0 would work fine,
if I didn't make an error, since the only difference is in the units
bit of the third octet.

This is set in various network configuration panels, but I don't want
to research it myself at the moment.

Yes.

I was reasoning that presumably Windows 7 would need to believe that the VPN
addresses were part of the private network it was part of (it wouldn't want
to let the whole internet get at your shares and printers) and might only
include the subnet covered by the subnet mask rather than the whole of the
192.168.xxx.xxx which although they are always local IPs might conceivably
be some other separate network you don't want to see your shares and
printers.

Maybe the router that creates the VPN knows about the and hands out
appropriate subnet masks via DHCP, but I don't know that. Or maybe the
Windows 7 PC is at a fixed IP and not using DHCP and has the wronf
subnetmask set. Or maybe I'm barking up entirely the wrong tree.

I don't have Windows 7 installed yet so I can't say exactly how to check
your subnet mask.
However in Windows XP it's in the properties of the network connection once
you're connected,
or you can do ipconfig /all at a command prompt to see info on all your
network connections.

Finally how about speaking to Draytek. They're supposed to be very helpful.

 

[Brian Gregory [UK]]

There is a parameter called a subnet mask; it's usually 255.255.255.0.
Two IP addresses are in the same subnet if they are identical
everywhere there is a 1 in the binary expansion of that mask. Since 255
= 11111111 in binary, that means the above subnet includes every IP
address where the first three octets (the numbers between the dots)
agree.

In "192.168.8.xx and 192.168.9.xx", the third octets disagree. Your
subnet mask needs to account for that. 255.255.254.0 would work fine,
if I didn't make an error, since the only difference is in the units
bit of the third octet.

This is set in various network configuration panels, but I don't want
to research it myself at the moment.

Yes.

I was reasoning that presumably Windows 7 would need to believe that the VPN
addresses were part of the private network it was part of (it wouldn't want
to let the whole internet get at your shares and printers) and might only
include the subnet covered by the subnet mask rather than the whole of the
192.168.xxx.xxx which although they are always local IPs might conceivably
be some other separate network you don't want to see your shares and
printers.

Maybe the router that creates the VPN knows about this and hands out
appropriate subnet masks via DHCP, but I don't know that. Or maybe the
Windows 7 PC is at a fixed IP and not using DHCP and has the wrong subnet
mask configured. Or maybe I'm barking up entirely the wrong tree.

I don't have Windows 7 installed yet so I can't say exactly how to check
your subnet mask.
However in Windows XP it's in the properties of the network connection once
you're connected,
or you can do ipconfig /all at a command prompt to see info on all your
network connections.

Finally how about speaking to Draytek. They're supposed to be very helpful.

 

[Gene E. Bloch]

I was reasoning that presumably Windows 7 would need to believe that the VPN
addresses were part of the private network it was part of (it wouldn't want
to let the whole internet get at your shares and printers) and might only
include the subnet covered by the subnet mask rather than the whole of the
192.168.xxx.xxx which although they are always local IPs might conceivably be
some other separate network you don't want to see your shares and printers.

Maybe the router that creates the VPN knows about the and hands out
appropriate subnet masks via DHCP, but I don't know that. Or maybe the
Windows 7 PC is at a fixed IP and not using DHCP and has the wronf subnetmask
set. Or maybe I'm barking up entirely the wrong tree.

I don't have Windows 7 installed yet so I can't say exactly how to check your
subnet mask.
However in Windows XP it's in the properties of the network connection once
you're connected,
or you can do ipconfig /all at a command prompt to see info on all your
network connections.

Finally how about speaking to Draytek. They're supposed to be very helpful.

Of course, I totally agree with your reasoning. But I was replying to
the OP, who said he didn't know what that all meant, and I was hoping I
could help him.

It took me about three tries to get the mask right. Getting rusty

 

[Seth]

There is a parameter called a subnet mask; it's usually 255.255.255.0. Two
IP addresses are in the same subnet if they are identical everywhere there
is a 1 in the binary expansion of that mask. Since 255 = 11111111 in
binary, that means the above subnet includes every IP address where the
first three octets (the numbers between the dots) agree.

In "192.168.8.xx and 192.168.9.xx", the third octets disagree. Your subnet
mask needs to account for that. 255.255.254.0 would work fine, if I didn't
make an error, since the only difference is in the units bit of the third
octet.

That won't work with consumer class routers. They can't handle the
translation properly to go across the WAN link like that.

The easier thing to do (and proper form a managed network perspective) is to
host ones own DNS within the private network.

 

[Ted]

Thanks to everyone for all the advice and suggestions.

I am a bit out of my depth here. This is obviously not a simple issue, and I need
to do some more research, so that I can least ask the right questions!

As it all worked fine before with the XP box, I was hoping for a simple answer

Ted.

 

[lugnut]

On Thu, 4 Feb 2010 17:38 +0000 (GMT Standard Time),

I have just replaced my main XP computer with a Windows 7 64 computer.

I have a Draytek Vigor2600 router with inbuilt VPN that connects to another similar
router over the internet.

Both local and remote computers are a mixture of XP, Vista machines, with some
printers and other boxes.

The local machines are all on 192.168.8.x subnet.
The remote machines are all on 192.168.9.x subnet.

With my old XP computer I could see all my local machines and all the remote
machines. File and printer sharing, etc, worked fine and was reliable.

With my new Window 7 64 computer I can only see my local machines, and not the
remote ones.

I can ping all the remote machines ok (those that I know the IP address of).

I can make a connection to a particular remote machines using its IP number (as in
\\192.168.9.xx\somefolder), but this assumes I know of the existence and IP number
of the machine in advance (they do change).

If I disable the W7 firewall some of the remote machines do appear sometimes, but
usually disappear again quite soon.

If this is a firewall blocking problem, how do I tell the firewall to allow it?
Why, with the firewall disabled, to they disappear again?

If it is not a firewall problem what else might it be?

I have tried everything I can think of!

Ted.

I had this problem with one machine that was on XP SP2. It
worked fine after SP3 install. Somewhere, I found a MS
article indicating that a file from MS had to be installed
for them to see each other. That file is part of SP3 which
you should probably have anyway. Not much help but all I
have at the moment is my LTA memory.

Lugnut