Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Global VPN not allowing internet or LAN access.

RageRage Newbie ✭
in Entry Level Firewalls

I have a TZ300 Firmware 6.5.4.7-83n

I did a factory reset, and configured the WAN connection for PPPOE.

Then set the unit IP address to my desired internal IP.

Adjusted the DHCP auto assignments range down to 101 - 154

Opened the Wizard/Quick Configure and added a Global VPN via the VPN Guide.

Added a local user for the VPN and gave them VPN access to WAN Remote Access/Default Gateway/WAN Subnets/ and LAN Subnets.

The user has Trusted User/SonicWALL Admin, and Everyone selected in groups.

I used an external PC/IP to connect via the GVPN Client 64 bit.

I was able to surf the web but did not have a local IP.

(The whole point was to get a local IP and access the web from this region, not with an IP relative to my real location...)

-----------------------------------------

So I changed the split tunnel to This Gateway and tried again.

It connected giving me an internal IP, and and I could ping the firewalls internal address.

But now no internet access and I cannot access with in the LAN other than the gateway.

I checked my IPCONFIG and it looks fine.

Even though it has the correct IP and Gateway it won't surf out?

What did I miss?


Connection-specific DNS Suffix . :

  Description . . . . . . . . . . . : SonicWALL Virtual NIC

  DHCP Enabled. . . . . . . . . . . : Yes

  Autoconfiguration Enabled . . . . : Yes

  IPv4 Address. . . . . . . . . . . : 10.34.253.110(Preferred)

  Subnet Mask . . . . . . . . . . . : 255.255.255.0

  Lease Obtained. . . . . . . . . . : Thursday, March 11, 2021 12:33:31 PM

  Lease Expires . . . . . . . . . . : Friday, March 12, 2021 12:33:32 PM

  Default Gateway . . . . . . . . . : 10.34.253.100

  DHCP Server . . . . . . . . . . . : 10.34.253.100

  DNS Servers . . . . . . . . . . . : 8.8.8.8

                     8.8.4.4

  NetBIOS over Tcpip. . . . . . . . : Enabled

-------------------

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    SaravananSaravanan Moderator
    Answer ✓

    HI @RAGE,

    Thank you for visiting SonicWall Community.

    Regarding the This Gateway setup scenario, you may be missing a NAT policy and VPN to WAN access rule.

    Navigate to MANAGE | Rules | NAT Policy to add the outbound NAT for GVC clients. Considering X1 is the primary WAN connection as well as the WAN you are connecting GVC to, the following NAT can be added.

    090170816749661.png

    Regarding the Split Tunnel setup, your GVC client should get an internal IP address from SonicWall. If its not, does your GVC client show "Connected" status even with no IP on it?

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Answers

  • RageRage Newbie ✭

    Interesting, I added that NAT policy and it seems to be allowing the use of a browser and pulling a local IP.

    Also when I requested an external IP check it reports the IP assigned by my ISP as expected.

    Nicely spotted.


    But I have a follow up question...

    How is this working if the sonicWALL Virtual NIC does not show a gateway?

      Description . . . . . . . . . . . : SonicWALL Virtual NIC

      DHCP Enabled. . . . . . . . . . . : Yes

      Autoconfiguration Enabled . . . . : Yes

      Link-local IPv6 Address . . . . . : fe80::fdab:6a48:488b:ab86%14(Preferred)

      IPv4 Address. . . . . . . . . . . : 10.34.253.144(Preferred)

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 0.0.0.0

      DHCP Server . . . . . . . . . . . : 10.34.253.100

    ...

     

  • SaravananSaravanan Moderator

    Hi @RAGE,

    Yes, there won't be any specific gateway's defined for VPN connections such as GVC or SSLVPN. This is because the clients are from remote places connecting to office resources on different location. The VPN traffic from the clients to the office resources cannot traverse if there is a gateway defined and for this reason the gateway is set to 0.0.0.0 and it points to whichever next hop available. When the clients are able to establish a successful VPN connection, the SonicWall firewall enforces a route to the client machines so that the they can send VPN traffic destined to remote resources via the VPN route and not via their usual LAN to Internet routes.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • GUSAGUSA Newbie ✭

    On kind of a side note on this, because I have also struggeled with this (while our old WatchGuard was much easier to setup VPN and get the function we wanted), it seems overly cumbersome that you have to create separate NAT rules for this which is not very intuitive. There should be simpler check boxes or menus to enable what for years now are common desired options, like to allow or disallow transversal, or to allow Internet access either from the remote user's ISP or force all Internet traffic through the router's ISP.,

Sign In or Register to comment.