Connect to server app in Windows VM from Mac while using VPN

Discussion in 'Installation and Configuration' started by edf1, Dec 11, 2007.

  1. edf1

    edf1

    Messages:
    8
    I am trying to connect to a server app running on windows from the Mac. I am using Shared Networking and it works correctly until I begin using Cisco VPN. At this point, I can no longer reach windows from the Mac, but windows still has network access and otherwise seems to be working normally.

    Any ideas on what I need to do?

    I am running build 5582, OS X 10.5.1 and Windows XP.
     
  2. MartinBear

    MartinBear

    Messages:
    26
    more details, please

    Not a very clear statement of the problem:

    1. Where is the Cisco VPN running, under Mac OS X or under Windows?

    2. Where is the "server app"? On the same Mac, running under Windows via Parallels? On some other machine?

    3. How is the access supposed to work (i.e. if all were OK, what would be happening)?

    4. Version numbers?: Mac, Windows, Cisco VPN

    ... and so forth.
     
  3. edf1

    edf1

    Messages:
    8
    I am a running a server based application on windows XP running under Parallels build 5582.

    I can connect to the application from the Mac (running Leopard 10.5.1) using Shared networking, everything operates as it should (meaning I can send requests and receive responses from the server app running on windows).

    When I connect to my client's network using Cisco VPN (v. 4.9.01) on the Mac, I can no longer reach the Windows VM. Windows can, however, still connect to the internet.

    Any ideas?

    Thanks
     
  4. MartinBear

    MartinBear

    Messages:
    26
    OK, a little more clear now.

    Unfortunately, I think you're stuck with the problem for the time being.

    I've just installed the latest Cisco VPN Mac client 4.9.01.100 (released on 6 Dec 2007). The release notes say this one has explicit support for Leopard, though I had no problems in Leopard with the previous 4.9.01.080.

    However, what I do see is that whenever the VPN is connected, there is no possibility to access shared machines via File Sharing or Screen Sharing. This seems to be more a Leopard problem than a Cisco problem because I count mount a NAS share via AFP with the VPN connected, but I can't use AFP to mount a share on another Mac on my local net. If a File Sharing share was already mounted before the VPN was connected, then it becomes inaccesible for the duration of the session.

    (I don't have any Windows systems to try out with SMB, but I assume this is similar to what you're reporting).

    There seem to be number of flaky problems with Sharing and with the Leopard Firewall that may be at the heart of the problem. For me, I'm hoping to see an improvement in 10.5.2, whenever that comes out.

    Some thoughts for your present situation:

    1. If it's possible _not_ to use VPN and your server app at the same time, that's the easiest.

    2. If you must use them together, is it an option to install the Cisco VPN client on the Windows VM instead?

    Sorry I can't be any more encouraging than that. If you get better advice from someone else, let me know.

    Regards,
    MartinBear
     
  5. edf1

    edf1

    Messages:
    8
    VPN on Windows VM

    Thanks Martin,

    Unfortunately, connecting via VPN on the Windows VM doesn't help. I'm able to connect the VPN, but again the Mac cannot reach the windows vm once I'm connected. Also, the Mac does not use the vpn connection, only the windows vm is.

    I'm confused as to why Windows can use Shared Networking while the Mac is connected via VPN. In order for Shared networking to work, windows has to reach the Parallels NAT server, right? So if that is working correctly, why can't the Mac reach windows?
     
  6. davidaf

    davidaf

    Messages:
    11
    You can try and edit the pcf file and change "EnableLocalLan=0" to "EnableLocalLan=1" this may work. Depending on the config on the Cisco end you may not be able to access you local network once you connect to the VPN no matter what you do. I have the same issue so i've created a VM for VPN connections that way my mac and other VMs are still able to talk.
     
  7. MartinBear

    MartinBear

    Messages:
    26
    I share your confusion.

    1. Before we go any further: have you enabled "Local LAN Access" on your VPN profile? (See the Transport tab when you Modify Profile). Also, does your VPN profile support Spit Tunneling?

    2. Can you explain exactly how the sharing is supposed to work? I.e. what process on the Mac connects to what process on the VM? What IP addresses and TCP ports are in use both on the Mac and on the VM? (An ipconfig/all result would be helpful here; from the Mac side, what are the IP addresses and masks for en0, en2 and en3?).
     
  8. Xenos

    Xenos Parallels Team

    Messages:
    1,547
    Hello all,

    Edf1, Mac can't reach Windows when Windows is connected to network through Parallels NAT server - such is current design limitation due to safety requirements.

    You should set Bridged Ethernet in Configuration Editor - Network Adapter. Make a virtual private network (VPN) connection. When VPN is created, right click the icon and choose Properties -> Advanced. Enable "Other network users to connect through this computer's Internet connection" and choose Home networking connections and other settings you wish. To learn more about Internet Connection Sharing overview, please have a look at this article.

    Best regards,
    Xenos
     
    Last edited: Dec 14, 2007
  9. edf1

    edf1

    Messages:
    8
    Martin,

    I have enabled local LAN access, but apparently the company I'm connecting to does not support it on their side.

    For the specifics, I'm running a webapp on Tomcat on the Mac that needs to connect to webservices that are available when connected to my customer's network via VPN. I am running Oracle on the windows VM. So I need the mac to connect to both windows and the vpn network at the same time.


    Xenos,

    Can you expand upon what you wrote in a little more detail?

    Thanks.
     
  10. Xenos

    Xenos Parallels Team

    Messages:
    1,547
    Hello Edf1,

    The steps proposed in #8 will let your Mac to connect to both windows and the VPN network.

    Best regards,
    Xenos
     
  11. edf1

    edf1

    Messages:
    8
    Works in VMWare but not in Parallels

    I've tried many different things and have not been able to get this to work. I've been able to avoid the problem for the past few weeks but this is serious problem for me. I need to be able to access the Windows VM while the Mac is connected via Cisco VPN. I have tried all the different networking options, port forwarding, etc. all to no avail.

    Everyone on the project that is using a Mac (there are now four of us and growing) all have the same issue. One of my colleagues finally decided to try VMWare instead, and it works? He can connect to the guest VM while the Mac is connected via Cisco VPN. So what is the difference between Parallels and VMWares networking options that allow this to work? This is a deal breaker for us.


    Macbook Pro (using Airport for network access)
    OS X 10.5.2
    Parallels Desktop build 5582
    Windows XP Professional in the VM
    Cisco VPN 4.9.01
     
  12. Xenos

    Xenos Parallels Team

    Messages:
    1,547
    Hello Edf1,

    We need more information to analyze the issue.
    Could you please set Bridged Ethernet in your VM, connect the Mac via Cisco VPN and do the following:

    a) On Windows side open Start menu, choose Run, type CMD, press Enter; in the CMD window run ipconfig /all command;
    b) In the CMD window run tracert www.parallels.com;
    c) In that same window again run ping www.parallels.com, then ping IP. Copy the IP from Mac System Preferences -> Network -> Ethernet -> Router.
    d) On Mac side open Terminal and run ifconfig command;
    e) Attach the outputs to your forum post.

    Thank you in advance!

    Best regards,
    Xenos
     
  13. edf1

    edf1

    Messages:
    8
    OK, Here are the results of ipconfig /all. I set networking to bridged (using Airport). However, I'm unable to reach the internet when I connect the Mac to VPN. I thought that bridged completely bypassed the Mac and used the bridged connection directly.



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : winmac

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Parallels Network Adapter

    Physical Address. . . . . . . . . : 00-1C-42-2F-2B-FB

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.101

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.0.1

    Lease Obtained. . . . . . . . . . : Monday, February 04, 2008 1:14:10 PM

    Lease Expires . . . . . . . . . . : Monday, February 11, 2008 1:14:10 PM
     
  14. edf1

    edf1

    Messages:
    8
    Here is the result of ifconfig.

    DevBook:sdk user$ ifconfig
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
    stf0: flags=0<> mtu 1280
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 00:1b:63:a8:74:ba
    media: autoselect status: inactive
    supported media: autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 10baseT/UTP <full-duplex,flow-control> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 100baseTX <full-duplex,flow-control> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> none
    fw0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 4078
    lladdr 00:1d:4f:ff:fe:74:8e:38
    media: autoselect <full-duplex> status: inactive
    supported media: autoselect <full-duplex>
    en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1356
    inet6 fe80::21c:b3ff:febf:1e8d%en1 prefixlen 64 scopeid 0x6
    inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255
    ether 00:1c:b3:bf:1e:8d
    media: autoselect status: active
    supported media: autoselect
    en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::21c:42ff:fe00:0%en2 prefixlen 64 scopeid 0x7
    inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255
    ether 00:1c:42:00:00:00
    media: autoselect status: active
    supported media: autoselect
    en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::21c:42ff:fe00:1%en3 prefixlen 64 scopeid 0x8
    inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255
    ether 00:1c:42:00:00:01
    media: autoselect status: active
    supported media: autoselect
     
  15. Xenos

    Xenos Parallels Team

    Messages:
    1,547
    Hello Edf1,

    Could you please tell if your VPN requires IPv6 support?

    Could you also let us see if config output when Shared Networking is set in your VM and VPN is enabled.

    Please check if Parallels NAT in Mas System Preferences -> Network is green when you are trying to get access to VPN from your VM (Shared Networking is set).

    We'd also appreciate if you could send the output of ping IP command from CMD. Copy the IP from Mac System Preferences -> Network -> Ethernet -> Router.

    Best regards,
    Xenos
     
  16. edf1

    edf1

    Messages:
    8
    No, IPv6 is not required by the VPN.

    Yes, both Paralles-NAT and Paralles-Host/Guest are green and connected.

    Here is ifconfig when connected to VPN (Paralles with Shared Networking)

    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
    stf0: flags=0<> mtu 1280
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 00:1b:63:a8:74:ba
    media: autoselect status: inactive
    supported media: autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 10baseT/UTP <full-duplex,flow-control> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 100baseTX <full-duplex,flow-control> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> none
    fw0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 4078
    lladdr 00:1d:4f:ff:fe:74:8e:38
    media: autoselect <full-duplex> status: inactive
    supported media: autoselect <full-duplex>
    en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1356
    inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255
    inet6 fe80::21c:b3ff:febf:1e8d%en1 prefixlen 64 scopeid 0x6
    ether 00:1c:b3:bf:1e:8d
    media: autoselect status: active
    supported media: autoselect
    en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::21c:42ff:fe00:0%en2 prefixlen 64 scopeid 0x7
    inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255
    ether 00:1c:42:00:00:00
    media: autoselect status: active
    supported media: autoselect
    en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    inet6 fe80::21c:42ff:fe00:1%en3 prefixlen 64 scopeid 0x8
    inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255
    ether 00:1c:42:00:00:01
    media: autoselect status: active
    supported media: autoselect

    Here is the ping. This is the IP address given by the VPN (I assume that is what you're looking for)

    DevBook:sdk user$ ping 65.73.204.55
    PING 65.73.204.55 (65.73.204.55): 56 data bytes
    64 bytes from 65.73.204.55: icmp_seq=0 ttl=255 time=39.667 ms
    64 bytes from 65.73.204.55: icmp_seq=1 ttl=255 time=38.892 ms
    64 bytes from 65.73.204.55: icmp_seq=2 ttl=255 time=37.772 ms
    64 bytes from 65.73.204.55: icmp_seq=3 ttl=255 time=37.893 ms
    64 bytes from 65.73.204.55: icmp_seq=4 ttl=255 time=38.048 ms
    64 bytes from 65.73.204.55: icmp_seq=5 ttl=255 time=39.276 ms
    64 bytes from 65.73.204.55: icmp_seq=6 ttl=255 time=37.432 ms
    ^C
     
  17. Xenos

    Xenos Parallels Team

    Messages:
    1,547
    Hello Edf1,

    Thank you very much for all the information provided. I've delivered your report to our developers. I hope I will be able to answer you in a few days and explain why you are having the issue.

    Best regards,
    Xenos
     

Share This Page