Re: Wireless Router into Netopia Router Into VPN

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: IBC (spamityspam_at_spam.spam)
Date: 07/22/04 

Date: Thu, 22 Jul 2004 14:08:24 -0500

All the posts I've seen about the injection issue pertain to:

 VULNERABLE:
DI-624 Revision B, firmware up to 1.28 (latest)
It is *highly* probable that other models are affected too.

This one is version C with 2.42 Firmware. May still be an issue, but for now
DHCP is the least of my worries.....

As far as looping goes, I'm not sure what we're talking about anymore and
could really use some help from the big guns who have done this before. As
near as I can tell, the Dlink should be sending requests to the router which
should be sending them to the internet. The path to my VPN just happens to
come back through a shared gateway. The dlink servers ONLY one wireless
laptop.

"Kathy" <k_j_evans@tohell.with.spam> wrote in message
news:eugmuZBcEHA.2476@TK2MSFTNGP09.phx.gbl...
> Doesn't the SBS external NIC need to be on a different subnet from the
> Netopia?
>
> DLINK don't (AFAIK) allow looping back to the outside from the inside -
> check the user guide. So you can't test your VPN from inside the network,
> you have to get out via another router (dial-up) and then come back in.
>
> And isn't that DLINK one of the ones with the scripting injection via DHCP
> vulnerability? I'd make sure that DHCP is turned off on it.
>
> Kathy
>
> "IBC" <spamityspam@spam.spam> wrote in message
> news:Och11ABcEHA.596@TK2MSFTNGP11.phx.gbl...
> > If I read your chart correctly, yes, that's our set up.
> >
> > Big nasty internet
> > |
> > (Public IP)Netopia Router(DHCP for
192.168.1.X)-------(192.168.1.XX)DLink
> > Router(192.168.20.X)------Laptop(192.168.20.X)
> > |
> > (DHCP)192.168.1.XXExternal NIC on SBS
> > |
> > ISA Server
> > |
> > (10.X.X.X)Internal NIC on SBS
> > |
> > LAN Side
> >
> > (pretty much your diagram re-digested)
> >
> > If I make a VPN call out to our public IP, shouldn't it be flying out to
> our
> > DNS servers(located externally at our ISP) and whipping a U-turn back
> > through the WAN port? If so, how does it distinguish this from any other
> > connection from the internet?
> >
> > I think I'm seeing how its not gonna work, but I could use the
explanation
> > and any conceivable work arounds......
> >
> > Thanks!
> >
> >
> > "David Elders" <david_elders@nospam.hotmail.com> wrote in message
> > news:uB32tuAcEHA.2476@TK2MSFTNGP09.phx.gbl...
> > > Hi IBC,
> > >
> > > Can you note your logistical set-up, please? Is it:
> > >
> > > Internet
> > > Netopia Router > DLink Wireless Router
> > > External NIC on SBS
> > > ISA
> > > Internal NIC on SBS
> > > LAN
> > >
> > > In which case the following would all be in the same IP range:
> > >
> > > External NIC on SBS
> > > Interal side of Netopia
> > > External side of DLink
> > >
> > > Or am I getting mixed up? :-)
> > >
> > > David
> > >
> > >
> > > "IBC" <spamityspam@spam.spam> wrote in message
> > > news:%23CeUPZAcEHA.1152@TK2MSFTNGP09.phx.gbl...
> > > > We purchased an inexpensive wireless router to do some experimenting
> in
> > > the
> > > > office. I have plugged the WAN port of the new wireless router
(DLink
> > > > DI-624) into one of the LAN ports on our Netopia router. This set up
> > works
> > > > perfectly for creating a separate network for the wireless and I can
> > > access
> > > > the internet just fine. The trouble comes when I try to VPN from the
> > > > wireless into our network. I get the "Connecting" screen, I get the
> > > > "Verifying username and Password" screen, but it just hangs there
> until
> > it
> > > > times out. I have a wireless DLink setup at home and I have
> successfully
> > > > VPN'ed into the office with it several times. I brought that laptop
> into
> > > the
> > > > office, and it does the same hanging routine. So, I KNOW I have the
PC
> > set
> > > > up properly, and the logs show a connection attempt, but there isn't
> any
> > > > username or password info in the log.
> > > >
> > > > I checked the router log and see a suspicious pattern of dropped
> packets
> > > > (ICMP from the netopia on what looks to be port 32). This is a
default
> > > rule
> > > > on the router. Maybe a red herring.
> > > >
> > > > Any ideas where to look?
> > > >
> > > > (I understand I could have gotten a WAP and tied right into the
> network,
> > > but
> > > > we wanted the functionality of letting clients browse the internet
> while
> > > > staying off our network)
> > > >
> > > > Thanks!
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Quantcast