Re: Win2k3 single NIC VPN routing problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Todd J Heron" <todd_heron(delete)@hotmail.com>
Date: Sat, 5 Nov 2005 11:23:21 -0500

You need to set apply static route to the VPN client so that it may gain
access to the internal network beyond the VPN server. Can be done via RRAS
or you can control it through Active Directory (Via the Dial-in tab of the
user object).

Run route print on the VPN client (not on the server - you gave us the
routing table from VPN server) when it's connected again. To access the
internal network beyond your VPN server, it needs to see this route:

192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"Christian Hewitt" <usenet@xxxxxxxxxxxxxxx> wrote in message
news:3t3r1eFr0vugU1@xxxxxxxxxxxxxxxxx
Hi,

I have an all-in-one standalone Win2k3 server (DNS, WINS, DHCP, no-AD,
Fileserver + Apache + other apps) that i've got RRAS installed on and
setup as a home VPN server. The server is an old laptop with a built-in
*single* NIC. I travel in various parts of the middle east where
internet access is more restricted and governments (or hotels) block a
variety of protocols and websites (not just for anti-Pr0n.. business
stuff too - e.g. anywhere in Israel) and I want to be able to VPN
connect to home, route all of my traffic through the tunnel, and thus
bypass some of the blocking hassles whenever possible.

I have a Netgear ADSL firewall/modem box that uses PAT mappings to
direct the required VPN ports from my single static public IP to the
VPN/Win2k3 server. I can connect remotely to the server over PPTP with
no problems and my VPN client is given an IP address on the same subnet
as the VPN server. I have a small 20-IP DHCP range for LAN connected
clients (other laptops and the odd server). The VPN server uses another
small group of addresses in the same subnet. When VPN connected I can
access any resources on the Win2k3 server, ping it, resolve DNS names
via the server.. but I can't access any other network resources (eg.
ping the Netgear router) or anything on the internet.

My VPN client is the native one built into OSX 10.4. This works fine at
a whole bunch of other places, so while it's not a Windows client, it's
not assumed to be part of the problem.

I strongly suspect this is a routing issue.. which is where my
knowledge falls short.

This is the routing table on the VPN server with my client dialled in:

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 d0 59 0c 80 10 ...... Intel(R) PRO/100+ MiniPCI -
SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.1 192.168.16.250 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20
192.168.16.100 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.16.102 255.255.255.255 192.168.16.100 192.168.16.100 1
192.168.16.250 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.16.255 255.255.255.255 192.168.16.250 192.168.16.250 20
207.237.44.80 255.255.255.255 192.168.16.1 192.168.16.250 20
224.0.0.0 240.0.0.0 192.168.16.250 192.168.16.250 20
255.255.255.255 255.255.255.255 192.168.16.250 192.168.16.250 1
Default Gateway: 192.168.16.1
===========================================================================
Persistent Routes:
None

Other info:

Netgear Router = 192.168.16.1
VPN server = 192.168.16.250
My VPN client IP = 192.168.16.102
My remote IP = 207.237.44.80
VPN DHCP range = 192.168.16.100 thru 109 (my client = 102)

Any ideas?

Christian

.

Follow-Ups:
- Re: Win2k3 single NIC VPN routing problem
  - From: Christian Hewitt

References:
- Win2k3 single NIC VPN routing problem
  - From: Christian Hewitt

Prev by Date: Setup VPN
Next by Date: Re: Setup VPN
Previous by thread: Win2k3 single NIC VPN routing problem
Next by thread: Re: Win2k3 single NIC VPN routing problem
Index(es):
- Date
- Thread

Relevant Pages

Re: Can only see VPN server
... I toyed with the idea of using L2TP on this server ... routing to happen on this server however carefully I held my tongue. ... never route whatever treatment I performed. ... I have great connectivity between the VPN client and the VPN ...
(microsoft.public.win2000.ras_routing)
Re: Win 2003 VPN: Cannot reach LAN
... Do route print on the VPN client machine and check that. ... no DNS suffix, wrong submnet mask, wrong WINS server ... I am presuming your LAN machines default gateway will be your NAT/firewall ...
(microsoft.public.win2000.ras_routing)
Re: Static route changes when vpn client connects
... If I understand the problem correct, you are saying the routes at the server ... gets changed when the vpn client connects. ... Could you give the route print at ...
(microsoft.public.isa.vpn)
Re: Question on VPN using static IP
... I thought your VPN server setup is working as ... -> What error is the VPN client giving, ... >I tried bypassing the router as advised by you. ...
(microsoft.public.win2000.ras_routing)
Re: Win 2003 VPN: Cannot reach LAN
... Looking at your routing table of VPN client, it seems like you are getting the default gateway address correctly. ... Also try the same for some LAN machine IP address ... Have you enabled forwarding on VPN server? ... Can you do "ipconfig /all" and "route print" on VPN server and send the output? ...
(microsoft.public.win2000.ras_routing)