Re: PPTP Site-to-Site VPN problem
- From: "Sergio Ricci" <name@xxxxxxxxxx>
- Date: Thu, 6 Oct 2005 10:04:00 +0100
Hi Stephen,
I tried your suggestion using the 'route add 192.168.31.0 mask 255.255.255.0
192.168.30.3' and carried out a test from a client on the 192.168.30.0
subnet. The result is the same and is what I expected.
I'm still convinced the issue is to do with the fact that the PPP adapters
created when the site-to-site VPN link is established aren't configured with
the default gateway.
Thanks for your post.
Sergio
"Stephen Santos" <ssantos@xxxxxxxxxxxxxxxxx> wrote in message
news:%23g%23sw6hyFHA.596@xxxxxxxxxxxxxxxxxxxxxxx
> How about adding a route on the clients to the other subnet through the
> server on its own subnet?
>
> Stephen
> "Ian" <gruntyonline@xxxxxxxxxxx> wrote in message
> news:e0eoAEgyFHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
>> Sergio Ricci wrote:
>>> Ian,
>>>
>>> Yes the routers are able to support VPN connections natively (no
>>> problems with client to server VPNs and indeed VPN connections between
>>> the servers themselves). The routers are basic no NAT DSL routers.
>>> NATing is done by the RRAS service on the servers (Windows 2003 with
>>> SP1).
>>>
>>> The additional NIC's (1 in each server) have static public IP addresses.
>>> These NIC's have the default gateways set to the IP address of the DSL
>>> routers. Clients behind the servers have their default gateways set to
>>> the private IP address of the severs.
>>>
>>> I'm pretty sure that the issue I'm experiencing is as a result of the
>>> fact that the PPP adapters created when the VPN tunnels are established
>>> do not have (or do not get configured with) a default gateway.
>>>
>>> Thanks for replying.
>>> Sergio
>>>
>>> "Ian" <gruntyonline@xxxxxxxxxxx> wrote in message
>>> news:u6BrHDfyFHA.2540@xxxxxxxxxxxxxxxxxxxxxxx
>>>
>>>>Sergio Ricci wrote:
>>>>
>>>>>Wendel,
>>>>>
>>>>>Pls see the output below. The trace was carried out from a client on
>>>>>the 192.168.31.0 subnet who's default g/w points to the LAN NIC of the
>>>>>RRAS server on the same subnet. NB: I've abbreviate the output to 4
>>>>>hops. The complete output continues giving "Request timed out".
>>>>>
>>>>>Tracing route to 192.168.30.5 over a maximum of 30 hops
>>>>>
>>>>>1 <1 ms <1 ms <1 ms 192.168.31.4
>>>>>2 7 ms 7 ms 7 ms 192.168.31.110
>>>>>3 * * * Request timed out.
>>>>>4 * * * Request timed out.
>>>>>
>>>>>192.168.31.110 is the IP address obtained by the RRAS servers PPP
>>>>>adapter that is on subnet 192.168.30.0, so it appears to get as far as
>>>>>the RRAS router on the other side of the VPN link but gets stuck there.
>>>>>I note also that there is *no* default gateway set for the PPP adapter
>>>>>and so could this be the cause?
>>>>>
>>>>>I confirm that both servers are multi-homed with each having 1x NIC
>>>>>facing the LAN with no default gateway set and the other NIC connected
>>>>>to the DSL router with a static IP address and default gateway set.
>>>>>
>>>>>Funnily enough, I am able to configure a VPN connection on a client on
>>>>>the 192.168.31.0 subnet to connect to the RRAS server on the
>>>>>192.168.30.0 subnet and it works fine.
>>>>>
>>>>>Please let me know if you need any further info and thank you also for
>>>>>you help so far.
>>>>>
>>>>>Sergio
>>>>>
>>>>>
>>>>>"Wendel Hamilton" <WendelHamilton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>>message news:47D20B6B-F0E2-4F81-B9DC-7D51E883799F@xxxxxxxxxxxxxxxx
>>>>>
>>>>>
>>>>>>Sergio,
>>>>>>Ok I think it is a routing problem.
>>>>>>use tracert -d to the remote server and workstations and see where it
>>>>>>fails.
>>>>>>Could you post the results?
>>>>>>I assume that both servers are multi-homed servers. (2 NICs)
>>>>>>
>>>>>>"Sergio Ricci" wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Yes. Deafult g/w points to the the internal NIC of the RRAS server.
>>>>>>>
>>>>>>>One thing I didn't mention if that both servers are DC's.
>>>>>>>
>>>>>>>Thanks for replying.
>>>>>>>Sergio
>>>>>>>
>>>>>>>"Wendel Hamilton" <WendelHamilton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>>>>>>>message news:0F15E7AE-11C1-4B7A-8476-5A85144B857D@xxxxxxxxxxxxxxxx
>>>>>>>
>>>>>>>
>>>>>>>>Sergio,
>>>>>>>>Does your clients default gateway point to your RRAS servers?
>>>>>>>>
>>>>>>>>
>>>>>>>>"Sergio Ricci" wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Hi,
>>>>>>>>>
>>>>>>>>>I've setup (or tired to) a site to site VPN using RRAS in Windows
>>>>>>>>>2003
>>>>>>>>>SP1
>>>>>>>>>but have a few issues that I hope you may be able to help me
>>>>>>>>>resolve:
>>>>>>>>>
>>>>>>>>>Subnet
>>>>>>>>>192.168.30.0/24<------------------------------------------>Subnet
>>>>>>>>>192.168.31.0/24
>>>>>>>>>
>>>>>>>>>ClientsA-------Server1----Router1--------Internet--------Router2---Server2-----ClientsB
>>>>>>>>>
>>>>>>>>>I have setup demand dial connections on both servers (windows
>>>>>>>>>2003+SP1)
>>>>>>>>>and
>>>>>>>>>they appear to work OK. Note that there are demand dial connections
>>>>>>>>>on
>>>>>>>>>both
>>>>>>>>>servers pointing to the other server. The servers can ping each
>>>>>>>>>other.
>>>>>>>>>The
>>>>>>>>>clients can ping the servers on their subnets but cannot ping any
>>>>>>>>>host on
>>>>>>>>>the other subnet.
>>>>>>>>>
>>>>>>>>>All this has led me to think (from other posts I have read) that
>>>>>>>>>there
>>>>>>>>>may
>>>>>>>>>be an issue with the user account and demand dial interface name
>>>>>>>>>but I
>>>>>>>>>believe I have go them correct.
>>>>>>>>>
>>>>>>>>>Essentially I would like clients on one subnet to be able to
>>>>>>>>>transparently
>>>>>>>>>access and connect to servers/clients/hosts on the other subnet.
>>>>>>>>>
>>>>>>>>>I'm probably missing something quite obvious but at this moment
>>>>>>>>>just
>>>>>>>>>can't
>>>>>>>>>see what it is.
>>>>>>>>>
>>>>>>>>>Some other bit's of info that you may need: when I originally
>>>>>>>>>configured
>>>>>>>>>RRAS on both servers I did a custom configuration and selected:
>>>>>>>>>NAT,
>>>>>>>>>Demand
>>>>>>>>>Dial, Firewall, LAN Routing (from memory). All clients have
>>>>>>>>>internet
>>>>>>>>>access.
>>>>>>>>>
>>>>>>>>>If you require any further info, please let me know.
>>>>>>>>>
>>>>>>>>>Thanks in advance for any help/pointers.
>>>>>>>>>
>>>>>>>>>Kind regards,
>>>>>>>>>Sergio
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>Sergio - A bit off topic to start!! - Are your router capable of VPN
>>>>natively?
>>>>
>>>>What IP addresses are on the additional cards? Are the cards in the DMZ
>>>>of your routers or are you using port-forwarding, if so, what ports are
>>>>you forwarding.
>>>>
>>>>Ian
>>>
>>>
>>>
>> Have you tried temporarily disabling firewall on RRAS?
>>
>> I don't think the PPP adaptors need to have default gateways as the ip
>> addresses issued will be in the same virtual network.
>>
>> Ian
>
>
.
- References:
- PPTP Site-to-Site VPN problem
- From: Sergio Ricci
- Re: PPTP Site-to-Site VPN problem
- From: Sergio Ricci
- Re: PPTP Site-to-Site VPN problem
- From: Wendel Hamilton
- Re: PPTP Site-to-Site VPN problem
- From: Sergio Ricci
- Re: PPTP Site-to-Site VPN problem
- From: Ian
- Re: PPTP Site-to-Site VPN problem
- From: Sergio Ricci
- Re: PPTP Site-to-Site VPN problem
- From: Ian
- Re: PPTP Site-to-Site VPN problem
- From: Stephen Santos
- PPTP Site-to-Site VPN problem
- Prev by Date: Re: PPTP Site-to-Site VPN problem
- Next by Date: Monitoring Bandwidth
- Previous by thread: Re: PPTP Site-to-Site VPN problem
- Next by thread: Re: PPTP Site-to-Site VPN problem
- Index(es):
Relevant Pages
|
