SecureClient-OfficeMode-Routing

[Spacetrucker]

R60-HFA03-Splat; Enforcement and Management modules on a single server; we only have one gateway: SecureClient R60 HFA02 also SecureClient R60 client on some laptops. All laptops are running XP SP2, firewall is turned off.
I've just installed the licenses for SecureClient and gotten OfficeMode to work, that is to say it pushes out the ip address and resolves dns. All works well when connected via vpn, whether I'm inside the gateway or outside the gateway.

The problem:
When the client is running but not connected I cannot ping by name or ip address when connected to our internal network. Initially I thought it was a dns problem because I could not ping by name, now I've discovered I can't ping by ip address either, so it's got be routing. I'm not running in Hub Mode. All works well when the client is stopped. My setup worked when using SecureRemote. Everything was configured using the Smart Dashboard, I've not manually edited any files on the gateway or the clients.

Any quick fixes for this problem? If you need additional info let me know.

Other details:
I don't see a difference in the routing tables when the client is running or stopped on the laptops. I'm going through the threads and I see a lot of messages regarding SC and routing.

[Danielpb]

I could be barking up the wrong tree but have you tried this when you have disabling the local security policy on the client.

Right click Secure Client select Tools> Disable Security Policy.

Then try again....I apologizes if you have already done this.


Cheers

Dan

[mcnallym]

You need to ensure that your Desktop Policy allows you to connect to the internal network with an unencrypted connection. At the moment your desktop policy won't.

There is an option in the Secure Client Packaging Tool for

Allow clear connections for Encrypt Action when inside the Encryption Domain.

You need to enable this so that your Encrypt Action on your desktop policy will accept an unencrypted connection when you are inside the encryption domain.

[Spacetrucker]

Is the Secure Client packaging tool different from running the .msi file? I just ran the .msi file. I have a global property setting, Remote Access | VPN - Advanced | SR/SC behavior while disconnected:
When disconnected, traffic to the encryption domain will be 'Sent in clear'.

How can I enable the option to 'Allow clear connections for Encrypt Action when inside the Encryption Domain'?

[Spacetrucker]

Regarding enabling that option. Aren't you just editing some lines in the userc.c file? If so, do you know what lines?

[Spacetrucker]

Thanks to both of you for replying. I think I have it solved, or at least SecureClient is working the way we need it too at the moment.
I edited a line in the userc.c file. "allow_clear_in_enc_domain" the default value is false. I changed it to true. This seems to have done the trick.

I do have a question about the Secure Client packaging tool. Will it work with an .msi file?
I couldn't get it to work with one. I noticed that it says to choose an installation folder where the client install files have been upzipped. And, I was also prompted to provide the userc.c file off of the original install cd's.
I didn't have a problem creating the package or installing it. But, when I rebooted the laptop after the install. I got a message popup that said "SecureClient failed to start due to an internal error". I tried using a couple of SecureClient .msi files and different laptops with the same result.
Would someone clue me in?

[lammbo]

Quote:

Originally Posted by Spacetrucker

I do have a question about the Secure Client packaging tool. Will it work with an .msi file?
I couldn't get it to work with one.
----
Would someone clue me in?

Click here...

[Spacetrucker]

Many thanks Lammbo, I'm most grateful for such a detailed post from you and the comments of the other forum members. I'll give it a go and see what shakes out. I'm sure to be back with another question.

[Spacetrucker]

I ran into a hitch, I was able to create the base.msi file, and the "allow_clear_in_enc_domain" is set to true. But, Office Mode is not working and the option is grayed out when I checked the client. I need Office Mode. Can you help me out?

[ldgunnink]

Quote:

Originally Posted by Spacetrucker

I ran into a hitch, I was able to create the base.msi file, and the "allow_clear_in_enc_domain" is set to true. But, Office Mode is not working and the option is grayed out when I checked the client. I need Office Mode. Can you help me out?

Spacetrucker,

Do you have SecureClient or SecuRemote installed? I have seen this behavior (office mode option grayed out) when SecuRemote is installed.

Loren