#353250 - 14/07/2012 10:13
Networking problem on Mac
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
I've got a problem with my wife's Mac. Actually, the problem is not related to Mac 'cause I'm sure it would be the same problem on Windows, but she happens to use a Mac so I need a Mac solution (if there is one).
My wife works from home a lot, for this she logs into the company network (Cisco) via a dial-up application which sets up a secure VPN tunnel. As always, once the VPN tunnel has been built, her Mac becomes part of the company network (with regards to subnetting etc...)
There is one big downside to this. For one, she cannot control the Sonos music system any more because she's now on a different subnet. This is not that bad because she can always use the wireless controller. It's worse when it comes to printing. We have one printer in the house which is connected via LAN cable. Every computer in the house prints to this printer. But when her Mac becomes part of the company network, and thus becomes part of the company's subnet, printing also doesn't work anymore. This IS a problem because now and then she needs to print something for work.
Is there a solution for this. How can I let the Mac know that, when it comes to printing, it needs to use the home LAN and not the company's network when on VPN? (also, does Windows also have solution for this - I also see this problem popping up in the not-so-distant future for Windows as well)
Thanks!
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353251 - 14/07/2012 12:09
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
|
Custom routes based on destination IP. Look into "bypassing vpn" on Google for instructions for particular VPN implementations. I'm pretty sure friends had this setup using Cisco's VPN for Mac OS a few years ago. However, it would probably take me a lot longer to contact those friends and ask for details than it would to find instructions elsewhere.
|
Top
|
|
|
|
#353254 - 14/07/2012 14:42
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
You pretty much can't do it.
The policy is set by the company's VPN's administrators. If you try to get past it, the VPN application will detect that and disable the VPN connection.
However, it's possible that it's not a policy and it's just a default on the VPN application. I don't have either of the Cisco VPN applications on my Mac any more, so I can't give you precise instructions, but search in their configs for something like "split networking" or "split-tunnel networking" and see if you can enable that for the VPN connection.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#353259 - 15/07/2012 05:47
Re: Networking problem on Mac
[Re: wfaulk]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
After digging deep into the VPN application's settings, I found a setting called "allow connection to local LAN". Unfortunately, it's greyed out. As it seems, there's no write access for this specific application so the settings can only be read, not altered. Which I find strange since this is my wife's own Mac, well, it's a company Mac of course, but I've installed it myself from scratch since Cisco's policy is: "we allow Macs on our network, but IT won't support them". So I have no idea how this application could become "read only", unless (most likely) this can be determined remotely by the network admins of the network the VPN client connects to. I'll have my wife contact her IT department and ask if this can be changed. (I can already imagine the answer) Another option might be to use the Mac's built-in VPN application, but I'm reluctant to test this, since I know that, if I make one simple mistake, her VPN key token will stop working and will have to be re-initialised, something than cannot be done remotely. This would mean my wife would have to drive up to her office just to do this (and most likely I would have to as well since as said IT refuses to support Macs). Still, it's tempting to try. (but she won't let me )
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353261 - 15/07/2012 14:05
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
How does the iMac connect to the network for VPN? If its wired, try also turning on WiFi, and see if the VPN client leaves it alone. This may allow local access over wireless.
|
Top
|
|
|
|
#353262 - 15/07/2012 14:22
Re: Networking problem on Mac
[Re: drakino]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Won't work. It's a Macbook Pro and it's always connected wirelessly. Thanks for the suggestion though!
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353263 - 15/07/2012 15:31
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Another option might be to use the Mac's built-in VPN application That won't work, either. Cisco uses some extensions to IPsec that aren't supported in the native MacOS VPN client.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#353264 - 15/07/2012 15:49
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
|
Can you use "sneakernet" - that is, can she copy the file she wants to print onto a USB stick, and then have you print it from your computer? Ugly, I know, but easier than driving into work to pick up a page off the printer there.
tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"
|
Top
|
|
|
|
#353265 - 15/07/2012 16:01
Re: Networking problem on Mac
[Re: wfaulk]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
Another option might be to use the Mac's built-in VPN application That won't work, either. Cisco uses some extensions to IPsec that aren't supported in the native MacOS VPN client. It might work to connect, as OS X has specific "Cisco IPSec" as well as normal L2TP over IPSec. Works fine to connect to my work, however the OS X client also enforces the same split-tunneling restriction the Cisco client does.
|
Top
|
|
|
|
#353267 - 15/07/2012 21:18
Re: Networking problem on Mac
[Re: drakino]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
So it does. I could swear that didn't use to be there.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#353269 - 16/07/2012 00:57
Re: Networking problem on Mac
[Re: wfaulk]
|
carpal tunnel
Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
|
Muhammed must go to the mountain.
Forget networking, hook the very portable, lappy up to the USB port on the printer.
_________________________
Glenn
|
Top
|
|
|
|
#353271 - 16/07/2012 01:24
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
|
Isn't it possible to simply stop the VPN and have it connecting through your network?
I'm pretty sure that's what we do with my wife's laptop. But I might be wrong...
_________________________
Matt
|
Top
|
|
|
|
#353272 - 16/07/2012 03:43
Re: Networking problem on Mac
[Re: Dignan]
|
pooh-bah
Registered: 12/01/2002
Posts: 2009
Loc: Brisbane, Australia
|
The VPN *is* connecting through the network. The problem is the VPN software is effectively firewalling everything but the VPN endpoint to the rest of the system.
I assume you can't even ping the printer's IP?
I had a similar issue (on Windows) with a Nortel VPN client. My solution was a USB cable from the docking station to the printer (as Glenn suggested). Fortunately our new VPN software doesn't have this limitation (although I do have to kill the firewall to access my NAS).
_________________________
Christian #40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)
|
Top
|
|
|
|
#353276 - 16/07/2012 07:11
Re: Networking problem on Mac
[Re: wfaulk]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
So it does. I could swear that didn't use to be there. Yes, it can be done. Since Macs aren't supported officially by Cisco, a community has grown because of it. On their intranet there is a great forum with lots of answers on how to get your Mac working with the Cisco VPN network. The answer to this question was not there though, I checked. I did see a how-to of how to connect via VPN using the built-in Apple tools. I would link to it and show you, but I can't since it's on the intranet.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353277 - 16/07/2012 07:18
Re: Networking problem on Mac
[Re: gbeer]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Muhammed must go to the mountain.
Forget networking, hook the very portable, lappy up to the USB port on the printer. Yes, you'd think that would be the ideal solution and in some ways it is, but not all. I mean, it will work, no doubt, but on the other hand it would require me to move the family printer from downstairs to upstairs which would make it a hassle for all other tasks than printing. It's al all-in-one and I use it a lot to scan stuff. For this it's handy that the printer is nearby. If I move it to my wife's working space it would be located on the other end of the house, which would make it a drag for me to use when I want to scan something. My wife doesn't print as often as I scan things, so this doesn't look like a good deal to me. Another option would be to buy her a simple printer, but I'm reluctant to do that since she uses it only for work. A third option would be to hang an USB cable readily available from if and have my wife come downstairs with her portable every time she wants to print something. But this doesn't sound like an ideal solution to me either.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353278 - 16/07/2012 07:21
Re: Networking problem on Mac
[Re: Dignan]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Isn't it possible to simply stop the VPN and have it connecting through your network?
I'm pretty sure that's what we do with my wife's laptop. But I might be wrong... No. While this might work for something that's already on-screen (like a word document), it surely would create problems with printing emails because Outlook would have lost its connection to the server since the VPN is down. Oh, BTW, happy birthday!
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353279 - 16/07/2012 07:27
Re: Networking problem on Mac
[Re: Shonky]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
The VPN *is* connecting through the network. The problem is the VPN software is effectively firewalling everything but the VPN endpoint to the rest of the system. Exactly. I assume you can't even ping the printer's IP?
Correct. I had a similar issue (on Windows) with a Nortel VPN client. My solution was a USB cable from the docking station to the printer (as Glenn suggested). Fortunately our new VPN software doesn't have this limitation (although I do have to kill the firewall to access my NAS).
I'll have my wife contact her IT department and see what they say, though there's a big chance they'll brush her off with the big 'ol "sorry, macs are not supported" knockdown answer (which would be totally braindead since this clearly is not a mac problem, but I'm sure they'll try anyway). We'll see, I'll keep you guys informed.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353280 - 16/07/2012 07:33
Re: Networking problem on Mac
[Re: tanstaafl.]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Can you use "sneakernet" - that is, can she copy the file she wants to print onto a USB stick, and then have you print it from your computer? Ugly, I know, but easier than driving into work to pick up a page off the printer there.
tanstaafl. Sorry Doug, I somehow didn't see your reply. The way she now works is she'll email me the document or email and I'll print it our for her via my PC. And it's indeed an ugly solution which I would like to see resolved.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353281 - 16/07/2012 07:34
Re: Networking problem on Mac
[Re: BartDG]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
Would there be a way to put your printer out on the internet somehow. Then your wife could print out via her companies VPN over the internet back to your house to your printer.
Never tried this myself, but it could be worth a try ???
Cheers
Cris
|
Top
|
|
|
|
#353282 - 16/07/2012 07:36
Re: Networking problem on Mac
[Re: Cris]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Would there be a way to put your printer out on the internet somehow. Then your wife could print out via her companies VPN over the internet back to your house to your printer.
Never tried this myself, but it could be worth a try ???
Hmmm... that might work. I know there are services that do this, but I don't know any. Suggestions? I only hope those solutions wouldn't require me to open up certain ports in my firewall, which I would be reluctant to do. Edit: Ah, it seems Google has a Cloud Print service. I'll have a look at that! And here's another way: PrinterShare
Edited by Archeon (16/07/2012 07:45)
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353283 - 16/07/2012 08:31
Re: Networking problem on Mac
[Re: BartDG]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
I can't suggest anything myself, but I'm glad it got you thinking There would be 2 problems I imagine, having to either open up port or have a server app running on a local PC all the time and the corporate firewall might block traffic like that anyway? Hope you find something that works. Cheers Cris
|
Top
|
|
|
|
#353284 - 16/07/2012 09:21
Re: Networking problem on Mac
[Re: Cris]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Hmmm, this turn out to be difficult after all. The way I understand this works, with GooglePrint anyway, is you'll need to have Chrome on the computer and the printer connected to the computer, unless you've got one of those 'Google Cloud ready printers' (which I do not). Since our printer is not connected via USB to a PC, but via LAN, I'm not sure this will work. And even if it works, I'm pretty sure it won't work directly from my wife's Mac (again, because of the initial problem mentioned in this thread). It might work if I install it on my pc and my wife prints to that instead, but that means I would always have to turn my PC on before she could print. Even if I'm not at home. Sounds rather wasteful to me.
Also, you can only print stuff you upload to the Google cloud. It's not as easy as choosing 'print' in any application and then selecting "Google cloud print" as the printer or something.
Printershare might do better in that regard, but it might also have the same problem with regards to the PC having to be switched on. Also, it costs $10/month for this service which I'm not willing to pay because that would soon add up for a service that the one month might be used intensively and other months not at all.
I'll look further into this.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353287 - 16/07/2012 10:11
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
|
Another option would be to buy her a simple printer, but I'm reluctant to do that since she uses it only for work. You can find pretty good used B&W laser printers on eBay for less than $50, and having printer redundancy in the house might be helpful for you sometime, too, like if your printer runs out of toner or something... tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"
|
Top
|
|
|
|
#353291 - 16/07/2012 13:11
Re: Networking problem on Mac
[Re: Shonky]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12345
Loc: Sterling, VA
|
Isn't it possible to simply stop the VPN and have it connecting through your network?
I'm pretty sure that's what we do with my wife's laptop. But I might be wrong... No. While this might work for something that's already on-screen (like a word document), it surely would create problems with printing emails because Outlook would have lost its connection to the server since the VPN is down. Oh, BTW, happy birthday! Ah, that's true, I hadn't thought of Outlook. You could still save everything locally and disconnect from the VPN, couldn't you? I hadn't thought of Cloud Print as an option. Good idea. I wonder if there's a way around those problems you had with it. I use printershare on Android to print to a bluetooth printer I have. I wasn't aware of their monthly fee... Maybe there's some fine print somewhere that contradicts that? The VPN *is* connecting through the network. The problem is the VPN software is effectively firewalling everything but the VPN endpoint to the rest of the system. Yes yes, I know. I meant that he could disconnect from the VPN and be accessing his network in the same way the other machines in his home were. Sheesh!
_________________________
Matt
|
Top
|
|
|
|
#353292 - 16/07/2012 13:20
Re: Networking problem on Mac
[Re: Dignan]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Ah, that's true, I hadn't thought of Outlook. You could still save everything locally and disconnect from the VPN, couldn't you? I guess I could, but remember this is for my wife to use. The WAF of such a solution is WAY too high! I hadn't thought of Cloud Print as an option. Good idea. I wonder if there's a way around those problems you had with it.
I'll look further into it and let you know. I use printershare on Android to print to a bluetooth printer I have. I wasn't aware of their monthly fee... Maybe there's some fine print somewhere that contradicts that?
It seems printing from mobile devices is still possible for a fixed fee. All the desktop version are either recurring or offer too little pages to be of any use (like the "basic package", which offers you 20 pages...) See here for their rates.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353293 - 16/07/2012 13:22
Re: Networking problem on Mac
[Re: tanstaafl.]
|
old hand
Registered: 27/02/2003
Posts: 778
Loc: Washington, DC metro
|
My wife has a Senate issued mac and has the same vpn printing problem.
Her IT dept absolutely refuses to let the vpn down in any way for local network printing. IT also refused to let her install a driver for roundabout internet printing. I looked into adding a secondary networking device via usb, but that was locked out. And she can't attach a usb flash drive, either.
As best as I could figure, it was either email the docs to another computer or connect a USB printer. We have a b/w laser printer on USB for her mac, and networked for everyone else.
-jk
Edited by jmwking (16/07/2012 13:22)
|
Top
|
|
|
|
#353301 - 16/07/2012 16:22
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
|
But when her Mac becomes part of the company network, and thus becomes part of the company's subnet, printing also doesn't work anymore. This IS a problem because now and then she needs to print something for work. (...) After digging deep into the VPN application's settings, I found a setting called "allow connection to local LAN". Unfortunately, it's greyed out. Yup. You are describing the most common complaint about all VPNs. Every time I talk to someone and tell them that I work for a company that makes VPN software, they have exactly the same complaint. The setting you looked up, the "allow connection to local LAN", is the correct thing to be looking for. However, as you've also found, the company's VPN server has control over that feature. Their reasoning is this: If the company allowed you to communicate on your local LAN simultaneously with the company LAN, then suddenly your computer becomes a possible unprotected gateway, sort of a "back door", between the protected company network and the rest of the world, thus defeating the original purporse of the VPN's security. Since the company has no control over how secure your home LAN is, most companies don't allow this. You have three options here: - Convince the company to assign what's called a "policy" to that PC which allows it to connect to the local LAN for the purposes of printing. - Briefly bypass the VPN connection while you're printing, and reconnect to the VPN when you're done printing. I don't know how Cisco's VPN client handles it, but ours has a tray icon which lets you do this with a couple of clicks on its fly-out menu. Takes only a second. - Connect the computer directly to the printer via a USB cable.
|
Top
|
|
|
|
#353306 - 16/07/2012 18:42
Re: Networking problem on Mac
[Re: tfabris]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
OK, update. Google Cloud print doesn't work. Printer Share doesn't work. I'm guessing Cisco's network simply blocks it all. I'm giving up. As Tony says, I've only got a few options. The first, I don't see that happening. The second may be worth a try. And if all else fails, I'll simply try the third option. None of these options are perfect, but they'll have to do.
Thanks all!
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353322 - 17/07/2012 06:56
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
|
Ah, another thought... I still have a WiFi USB stick laying around. I wonder if I connect it to the MacBook, if I could then setup two different wireless connections (on different subnets): one for the VPN and one for the printing. I believe it's possible with Unix to tell which network traffic should use which adapter? (in Windows this isn't possible, I know that)
Jmwking's comments above make me doubt if the VPN won't also block that option, but it's worth a try I guess. My wife's notebook is also not nearly as locked down as his wife's seem to be. I can install all I want onto it and/or use any device with it. Only the company's VPN is mandatory.
This might be worth checking out, but I won't be able to until I home tomorrow. I'll keep you updated.
_________________________
Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
|
Top
|
|
|
|
#353323 - 17/07/2012 07:04
Re: Networking problem on Mac
[Re: BartDG]
|
carpal tunnel
Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
|
I believe it's possible with Unix to tell which network traffic should use which adapter? (in Windows this isn't possible, I know that) It certainly is possible in Windows, works pretty much the same as in Unix.
_________________________
Remind me to change my signature to something more interesting someday
|
Top
|
|
|
|
|
|