[pptp-server] Windows XP, and it's inability to Browse HTML pages when on VPN.

Fri Aug 2 00:34:03 CDT 2002

Hi,
My replies below :)

>Hi Brent, thanx for your reply... answers inline.
No probs...

>> Although you don;t mention it, are you using an HTTP proxy like squid?
>> If so, try an explicit exception in your proxy setup for the IP of the
>> Intranet.
>Interesting, will look at that. It works for Windows 2000/NT4/9x, and I
have not touched
>the firewall for months. So I would assume it is a requirement of XP only.
Strangely no. It's one of those "mystical" win probs I am sure everyone has
experienced.
Note that it's difficult to get to the root of the cause here and we are
still working on what the problem actually is...I hate offering that sort of
crap but I have to be honest..:)

>> Can you ping the Intranet servers IP from the XP box?
>I can ping and telnet to any of the hosts. I can even telnet to them on
port 80. It is
>just IE that is having a fit.
>> If so, can you ping by FQDN?
>Yes.
>> If so, is there a proxy inbetween?
>No.
>> Is the poptop server on a Firewall configed for proxy access but not
http?
>The poptop server has no firewall, but their is a Cisco in between them and
http is
>enabled.
Hmm, couple o things (no need to answer jus thinking aloud.:):
- Could the Cisco Ext ACLs for http be blocking your host/network range for
PopTop connections?
  (I hate Cisco ACLs...especially that last line they recommend..."permit ip
any any")

- Has your XP box correctly picked up the right Name server for the LAN
where you Intranet resides...(have assumed you have a split DNS and that the
Intranet is on a "reserved/private" subnet)

- How about the proxy settings for the VPN interface setup on the XP box.
These appear under tools|options on IE. Each network interface can be
configed to work with different proxies....I think by default that IE sets
"automatically detect" by default. If that is set on the box in question and
there is no proxy, then that may be it...try unchecking this option and
restarting the browser.

The fundamentals, seem A1 due to the relevant ping and name resolution
tests.

If all else fails, I have found running tcpdump during a connection attempt
will almost always point to the cause. Generally, if the XP box is doing
it's thing properly, and if there is an issue in your network design, then
this will show it up. If tcpdump doesn;t see ANY of the relevant traffic
then the prob will lie with the box.
something like:
"tcpdump -i <poptop interface name> host <ip address of the host with the
prob> and port 80"
would do it....changing the host IP to the Intranet server IP in this
command allows you to look at the same traffic from a different
perspective....

I know this ain't much but hope it helps....:)
Brent

>> PS: Is there a reason for the public IPs being used for PopTop
connections?

>I can't believe I did not edit those out, I normally 203.x.x.x them. Not
happy about that.
>The server is in a DMZ, We have a Class C and using the 203 subnet which
helps with smtpd
>rules and a number of other firewall variables.
I had my eyes closed..|-)