#StackBounty: #windows-10 #vpn #sstp VPN adapter settings keep reverting on Windows 10

Bounty: 50

A few times a day, my VPN connection will disconnect. When I attempt to reconnect I get an error that says my username and password is not recognized.

VPN Error Message

To resolve this, I need to go into the settings for my VPN adapter, and uncheck the box that says "Automatically use my Windows logon name and password". I also change the VPN type from Automatic to SSTP.

enter image description here

After making these changes, I am able to connect to the VPN again. (I have to reeneter my credentials). A few hours later, my VPN will disconnect, and I have to repeat this process all over again.

What is making Windows revert these settings? Is there anything I can do to fix this.

My IT department insists this is a problem with my PC, and not a problem with the VPN service.

I am using Windows 10 Pro 20H2. I am not connected to a domain.


Get this bounty!!!

#StackBounty: #vpn #routing #openvpn Route subnet through a VPN gateway with OpenVPN

Bounty: 50

A small company I work at is getting rid of an office soon and it has fallen onto me to migrate the currently
on-prem-hosted VPN (just a Zyxel Zywall 110 device) into a cloud-based VM. I am not that experienced in networking (backend-dev-turned-ops)
so I would like to validate if the following approach will work.


I have a dedicated VM where I’ve set up OpenVPN Access Server and the basics are working well, people can connect,
all good.

There is one catch though, the current VPN forwards a certain IP range through a "tunnel" into a client’s internal network.
It looks like this:

if addr in '172.30.239.0/25':
    route through gw 194.xxx.xxx.xxx
else:
    route through gw 0.0.0.0

Where the connection from our router to the client’s VPN GW is done via IKEv1 with pre-shared key (judging from the router’s web UI).

Some ascii art depicting the setup below. I am replacing Router with a VM.

            +-----------------+           [     Client infra, this has to stay the same     ]
            | Router          |           194.xxx.xxx.xxx            e.g. 172.30.239.75
            | --------------- |   IKEv1   +-------------+       +-------------------------+
User -----> | 172.30.239.0/25-| --------> | VPN gateway |-----> | Internal network server |
            |     default     |           +-------------+       +-------------------------+
            |        |        |
            +--------+--------+
                     |
                     |
                 internet

The OpenVPN Access Server does not support anything like this by itself (or I haven’t been able to find that config), so I thought I could do it on the VM level.
If I connect the OS to the VPN gateway with something like Strongswan and configure appropriate routing in iptables, could
this work? Would the traffic of users connected to the OpenVPN server going to the 172.30.239.0/25 range get routed
through to the Strongswan’s connection, or is this approach fundamentally wrong? What are my options?

Thanks!


Get this bounty!!!

#StackBounty: #vpn #windows-server #hosts Can't access second site on IIS when connected on a VPN

Bounty: 50

I have a Windows Server which has my dev website on it and can be accessed via IP or server name http://servername on the actual server or http://servername.org.com on my home PC which is connecting to the same network via VPN.

I’ve created an additional site on my IIS test1 which uses the same port as my default. Unassigned IP address and with the host name test1.com. Within my hosts file, I have also added:

127.0.0.1 test1.com

On my actual server which I connect to via RDP, I can access this second website via the the URL of test1.com on a web browser and it works fine but when I do the same on my home PC, it does not work even though I’m connected to the same network via VPN. I’ve tried out different combinations of the URL such as http://servername.org.com./test1.com to no avail.

What would I need to do to accomplish this? Also, just a tag on question to this. Say my default website is version 1 of that website and I want to create version 2. What would be the best approach to managing this on my server?

  1. http://servername.org.com/v1/index.html for version 1 and the same for v2 but different directory.
  2. Or create a new website on my IIS per iteration so http://servername-v1.org.com and http://servername-v2.org.com

Or does it not really matter? Those different versions would just be dev versions. I currently do it the number 1 way but wondered if there was an actual proper way of doing this.


Get this bounty!!!

#StackBounty: #vpn #windows-server #hosts Can't access second site on IIS when connected on a VPN

Bounty: 50

I have a Windows Server which has my dev website on it and can be accessed via IP or server name http://servername on the actual server or http://servername.org.com on my home PC which is connecting to the same network via VPN.

I’ve created an additional site on my IIS test1 which uses the same port as my default. Unassigned IP address and with the host name test1.com. Within my hosts file, I have also added:

127.0.0.1 test1.com

On my actual server which I connect to via RDP, I can access this second website via the the URL of test1.com on a web browser and it works fine but when I do the same on my home PC, it does not work even though I’m connected to the same network via VPN. I’ve tried out different combinations of the URL such as http://servername.org.com./test1.com to no avail.

What would I need to do to accomplish this? Also, just a tag on question to this. Say my default website is version 1 of that website and I want to create version 2. What would be the best approach to managing this on my server?

  1. http://servername.org.com/v1/index.html for version 1 and the same for v2 but different directory.
  2. Or create a new website on my IIS per iteration so http://servername-v1.org.com and http://servername-v2.org.com

Or does it not really matter? Those different versions would just be dev versions. I currently do it the number 1 way but wondered if there was an actual proper way of doing this.


Get this bounty!!!

#StackBounty: #vpn #windows-server #hosts Can't access second site on IIS when connected on a VPN

Bounty: 50

I have a Windows Server which has my dev website on it and can be accessed via IP or server name http://servername on the actual server or http://servername.org.com on my home PC which is connecting to the same network via VPN.

I’ve created an additional site on my IIS test1 which uses the same port as my default. Unassigned IP address and with the host name test1.com. Within my hosts file, I have also added:

127.0.0.1 test1.com

On my actual server which I connect to via RDP, I can access this second website via the the URL of test1.com on a web browser and it works fine but when I do the same on my home PC, it does not work even though I’m connected to the same network via VPN. I’ve tried out different combinations of the URL such as http://servername.org.com./test1.com to no avail.

What would I need to do to accomplish this? Also, just a tag on question to this. Say my default website is version 1 of that website and I want to create version 2. What would be the best approach to managing this on my server?

  1. http://servername.org.com/v1/index.html for version 1 and the same for v2 but different directory.
  2. Or create a new website on my IIS per iteration so http://servername-v1.org.com and http://servername-v2.org.com

Or does it not really matter? Those different versions would just be dev versions. I currently do it the number 1 way but wondered if there was an actual proper way of doing this.


Get this bounty!!!

#StackBounty: #debian #iis #vpn #apache2 #curl Issue with api request from linux

Bounty: 50

I have issue with http bearer auth json post to api.

Used apps or and php methods

  • wget
  • console curl
  • php curl
  • file get contents

Sucessfull scenarios – post request

  1. Computer connected to same network as server.
  • request from wsl1 Debian
  • request from xammp php curl
  • request with empty json payload or payload only with id from:
    • virtual box Debian
    • wsl2 Debian
    • server
  • request with form encoded payload from all typem of connections
  1. Computer connected to vpn
  • request from xammp php curl
  • request from virtual box Debian with vpn connection
  • request from wsl1 and wsl2 Debian

Sucessfull scenarios – get request

All typem of connections

Fail scenarios

  1. Computer connected to same network as server
  • request from server with complete payload
  • request from virtual box Debian with full payload
  • request from wsl2 Debian with full payload

Fail symptoms

Sucessfull handshake and http post request. Response from server about window scalling. Eny response after first ack tcp request from server. Few retransmissions and api close connection

Api configuration

  • iis 8.5
  • ASP.net
  • http 1.1
  • auth bearer
  • encoding chunked

Client configuration

  • windows, Apache, php 7.0 – all types of connections work
  • Debian 9, curl – connections work only from a other network or by vpn

Any suggestions?

Edit 1

I have made some screenshots from wireshark. All machines are in same netwrok as tested server – not api.

Successfull

Fail

Edit 2

I have done some research and i discovered that it does not work also from other hosting provider. FreeBSD os and console curl. Maybe that information will be helpfull.


Get this bounty!!!

#StackBounty: #networking #network-manager #dns #vpn OpenConnect can ping but can't resolve company websites

Bounty: 50

Using network-manager-openconnect & network-manager-openconnect-gnome I have set-up a Palo-Alto Networks GlobalProtect VPN to connect to my company network.

This works fine and I can access all internal company websites. However I would like this VPN to only be active for company domains and addresses so I’ve tried setting up routes like this
Route configuration
But when I apply these changes and connect to the VPN I can’t navigate to any of the company pages. When I try I get a This site can't be reached with DNS_PROBE_FINISHED_NXDOMAIN error in chromium. Oddly enough I can ping the IP addresses of these sites. Just the IP’s, domains do not work.

This brought me to believe that there’s a problem with DNS resolving so I tried adding the DNS server addresses to the DNS field and switching Automatic to off but that did not help.

What could I do to diagnose this issue? I feel like I am close to have it working but I am stuck.


Get this bounty!!!

#StackBounty: #networking #network-manager #dns #vpn OpenConnect can ping but can't resolve company websites

Bounty: 50

Using network-manager-openconnect & network-manager-openconnect-gnome I have set-up a Palo-Alto Networks GlobalProtect VPN to connect to my company network.

This works fine and I can access all internal company websites. However I would like this VPN to only be active for company domains and addresses so I’ve tried setting up routes like this
Route configuration
But when I apply these changes and connect to the VPN I can’t navigate to any of the company pages. When I try I get a This site can't be reached with DNS_PROBE_FINISHED_NXDOMAIN error in chromium. Oddly enough I can ping the IP addresses of these sites. Just the IP’s, domains do not work.

This brought me to believe that there’s a problem with DNS resolving so I tried adding the DNS server addresses to the DNS field and switching Automatic to off but that did not help.

What could I do to diagnose this issue? I feel like I am close to have it working but I am stuck.


Get this bounty!!!

#StackBounty: #networking #network-manager #dns #vpn OpenConnect can ping but can't resolve company websites

Bounty: 50

Using network-manager-openconnect & network-manager-openconnect-gnome I have set-up a Palo-Alto Networks GlobalProtect VPN to connect to my company network.

This works fine and I can access all internal company websites. However I would like this VPN to only be active for company domains and addresses so I’ve tried setting up routes like this
Route configuration
But when I apply these changes and connect to the VPN I can’t navigate to any of the company pages. When I try I get a This site can't be reached with DNS_PROBE_FINISHED_NXDOMAIN error in chromium. Oddly enough I can ping the IP addresses of these sites. Just the IP’s, domains do not work.

This brought me to believe that there’s a problem with DNS resolving so I tried adding the DNS server addresses to the DNS field and switching Automatic to off but that did not help.

What could I do to diagnose this issue? I feel like I am close to have it working but I am stuck.


Get this bounty!!!

#StackBounty: #networking #network-manager #dns #vpn OpenConnect can ping but can't resolve company websites

Bounty: 50

Using network-manager-openconnect & network-manager-openconnect-gnome I have set-up a Palo-Alto Networks GlobalProtect VPN to connect to my company network.

This works fine and I can access all internal company websites. However I would like this VPN to only be active for company domains and addresses so I’ve tried setting up routes like this
Route configuration
But when I apply these changes and connect to the VPN I can’t navigate to any of the company pages. When I try I get a This site can't be reached with DNS_PROBE_FINISHED_NXDOMAIN error in chromium. Oddly enough I can ping the IP addresses of these sites. Just the IP’s, domains do not work.

This brought me to believe that there’s a problem with DNS resolving so I tried adding the DNS server addresses to the DNS field and switching Automatic to off but that did not help.

What could I do to diagnose this issue? I feel like I am close to have it working but I am stuck.


Get this bounty!!!