I am trying to use a VPN from work so I can do my work on my MBP. I have installed Shrew Soft and set up the VPN, and I am able to connect to it receiving the messages below. However I am still unable to SSH to any of the servers on the VPN getting errors like the ones below…
SSH Error:
macbook-pro:~ andre$ ssh root@prismweb5
ssh: Could not resolve hostname prismweb5: nodename nor servname provided, or not known
VPN Messages:
config loaded for site 'andre test'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
I am assuming that my traffic isn't being routed through the VPN, but since I am using a third party client, I'm not sure how to make sure. Has anyone else had any issues like this with Shrew Soft on Mac? If so, what did you do to resolve it?
Best Answer
You're referencing the SSH server with the name "prismweb5" - that name will likely only work if you have "search domains" setup for the network interface that you're using. The search domain would be appended to the hostname that you're referencing above, so if your search domain is "example.com", the FQDN would be prismweb5.example.com.
It's also possible that the DNS name "prismweb5" cannot be resolved from outside of the network. This setup may be referred to as "split-DNS", and the private name "prismweb5" may not be something that can be looked up on your 'normal' DNS servers (those provided by your home ISP).
A workaround for this would potentially be to set the DNS server that is at the remote office as the primary DNS server for the network interface (Ethernet, Wi-Fi) that you're using to connect. This will allow your machine to perform lookups of 'internal' names. I'm not sure about Shrewsoft, but many VPN clients allow DNS server settings to be changed to specific servers when the VPN connects.
Alternately, you can avoid using DNS names to connect to the server, and simply use the IP address to connect. However, this would require that you know what the IP address of the server "prismweb5" is (or be able to perform a lookup to retrieve that address).
If you are still not able to connect to the server using the IP address, see if your machine can ping that IP address (assuming prismweb5's IP is 192.168.1.5):
If the machine is responding to pings, you should be able to connect to it...However, if you're not seeing IMCP (ping) responses, it's possible that your machine doesn't know the route to that computer (i.e., the VPN interface.) See what 'route' reports for that IP:
The route should report an interface that is being used to connect to that device. Often, you'll see something like "ppp0" or "gif0" (or some other interface, other than en0/en1)
If the route for that device is not showing the correct interface, it may help to show all routes on the machine using netstat:
The output of netstat may include an IP range/Destination for your remote network (e.g., 192.168/16), and may show the interface that should be used (Netif) on the right.