geo_rge
asked on
VPN setup in small office using netgear router and 2003 server - worth 750 Points
I have been trying to get this working for a while now with no luck. I am having problems configuring the server with 2 network cards so that the addresses are routed. I have set up NIC1 which is the internal ip range and NIC2 which is supposed to be the external adapter which you connect to via VPN. The VPN is working but the internal network is a mess. I can only configure internal clients to connect to NIC2 so they will be capable of accessing the inet and printing. If they are getting DHCP using the NIC1 address, then I cant get inet access etc. It must be something small but I cant figure it out.
The router appears configured as its passing requests thru to NIC2 on the server and allowing me to connect remotely.
I have a 2nd question open which linked below worth 250 points, totalling 750 points. If you would like to read some history into this problem.
Below is configuration currently: (Taken from 2nd question)
NIC 1: Internal addresses - 192.168.0.99 (Server)
255.255.255.0
Default Gateway - None specified
Preferred DNS server - 192.168.0.99
NIC 2: WAN adapters IP address: 192.168.1.8 (SERVER)
Subnet Mask: 255.255.255.0
Default Gateway - 192.168.1.1 - Netgear Router
Pref DNS Server - 192.168.0.99 (1st NIC on server)
--------------------------
netgear routers ip address: - 192.168.1.1
--------------------------
clients ip address: 192.168.0.15
dns and wins address: 192.168.0.99
router/default gateway: 192.168.1.1
NOTE: when Im on thse server, I CAN NOT ping the router - 100% packet loss
When I am on the cleient I can ping the router, however still can NOT access the interent
If I make the following changes on the local PC with the ip addresses, I can connect to the internet from clients
NEW IP addres on W/S: 192.168.1.20
Default Gateway: 192.168.1.1
DNS: 192.168.1.1 *************** Would not work with DNS server or 192.168.0.99
VPN still works but I have set this IP temporary so I can use internet. I have done as much testing as I could. Can you see where Im going wrong. To me it appears the problem is that NIC1 is not routing to NIC2 when the clients request data. Do I need a manual entry somewhere??
thanks for your help
Link to the other question for the extra 250 points:
https://www.experts-exchange.com/questions/21157727/VPN-tweaking-under-Server-2003.html#12277089
The router appears configured as its passing requests thru to NIC2 on the server and allowing me to connect remotely.
I have a 2nd question open which linked below worth 250 points, totalling 750 points. If you would like to read some history into this problem.
Below is configuration currently: (Taken from 2nd question)
NIC 1: Internal addresses - 192.168.0.99 (Server)
255.255.255.0
Default Gateway - None specified
Preferred DNS server - 192.168.0.99
NIC 2: WAN adapters IP address: 192.168.1.8 (SERVER)
Subnet Mask: 255.255.255.0
Default Gateway - 192.168.1.1 - Netgear Router
Pref DNS Server - 192.168.0.99 (1st NIC on server)
--------------------------
netgear routers ip address: - 192.168.1.1
--------------------------
clients ip address: 192.168.0.15
dns and wins address: 192.168.0.99
router/default gateway: 192.168.1.1
NOTE: when Im on thse server, I CAN NOT ping the router - 100% packet loss
When I am on the cleient I can ping the router, however still can NOT access the interent
If I make the following changes on the local PC with the ip addresses, I can connect to the internet from clients
NEW IP addres on W/S: 192.168.1.20
Default Gateway: 192.168.1.1
DNS: 192.168.1.1 *************** Would not work with DNS server or 192.168.0.99
VPN still works but I have set this IP temporary so I can use internet. I have done as much testing as I could. Can you see where Im going wrong. To me it appears the problem is that NIC1 is not routing to NIC2 when the clients request data. Do I need a manual entry somewhere??
thanks for your help
Link to the other question for the extra 250 points:
https://www.experts-exchange.com/questions/21157727/VPN-tweaking-under-Server-2003.html#12277089
ASKER
just confirming. I should reassign the router an ip of 192.168.0.1?? And the default gateway on the clients will be that also? Ill give that a try. That was my original config but was aksed to change it. Will let u know how it goes. thanks
ASKER
Ok I have changed the router config to .0.1 and the NIC 1 default gateway and the LAN is back to the way it was. But not I cant access the VPN. I have tried to remove and re add with no luck. When it asks me which NIC interface to connect to internet, I select NIC 2 which has the IP of 192.168.1.8. In my router, the rules are set to forward requests to IP 192.168.1.8.
Note if I re-run the VPN wizard and select the NIC which connects to the internet as the one being with IP 192.168.0.99 (NIC1) no clients can connect to the server or ping the server- as well as the server unable to ping any clients until the VPN setup is removed or changed to NIC2 adapter.
Current Server NIC configurations:
NIC1: IP server - 192.168.0.99
Subnet - 255.255.255.0
Def Gateway 192.168.0.1
DNS1 192.168.0.99
NIC2: IP Server - 192.168.1.8
Subnet - 255.255.255.0
DNS1 - 192.168.0.99
(No default gateway set on NIC2 - is that correct?)
Note if I re-run the VPN wizard and select the NIC which connects to the internet as the one being with IP 192.168.0.99 (NIC1) no clients can connect to the server or ping the server- as well as the server unable to ping any clients until the VPN setup is removed or changed to NIC2 adapter.
Current Server NIC configurations:
NIC1: IP server - 192.168.0.99
Subnet - 255.255.255.0
Def Gateway 192.168.0.1
DNS1 192.168.0.99
NIC2: IP Server - 192.168.1.8
Subnet - 255.255.255.0
DNS1 - 192.168.0.99
(No default gateway set on NIC2 - is that correct?)
I'm a bit lost here... how do things look - is it like this -
Internet
|
Netgear
192.168.1.1
|
192.168.1.8 (NIC2)
Server
192.168.0.99 (NIC1)
|
192.168.0.15
Client
Do you want your Server to route as well ?
Is your Netgear router capable of being a DHCP server (like mine is) ?
Is your VPN Server NATted to the outside world so that VPN Clients can see it ?
I would recommend something like this:
Internet
|
Netgear
192.168.1.1---------------
| |
192.168.1.8 (NIC2) 192.168.1.200
Server Client
..so connect the server and client directly to the Netgear hub, and give the client an IP address that can route outwards (192.168.1x). Or do you have too many clients to do this? In which case do you have an additional hub ?
Internet
|
Netgear
192.168.1.1
|
192.168.1.8 (NIC2)
Server
192.168.0.99 (NIC1)
|
192.168.0.15
Client
Do you want your Server to route as well ?
Is your Netgear router capable of being a DHCP server (like mine is) ?
Is your VPN Server NATted to the outside world so that VPN Clients can see it ?
I would recommend something like this:
Internet
|
Netgear
192.168.1.1---------------
| |
192.168.1.8 (NIC2) 192.168.1.200
Server Client
..so connect the server and client directly to the Netgear hub, and give the client an IP address that can route outwards (192.168.1x). Or do you have too many clients to do this? In which case do you have an additional hub ?
ASKER
the diagram you drew was what I had originally, but you told me to change the Netgear to be on the same IP range as the clients, thereofre it looks like this:
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client
My Netgear router is capable of being DHCP server - but would prefer the Server to do it all if possible. I am setting this up in a very small environment, but will be taking this theory into a larger environment which has over 300PCs so I dont want to create too much work if I can avoid it.
I do have an additional HUB-Switch if required, and one is in use connected to the network.
I think the current config I have is what you recommended except I have the .0.1 instead of .1.1.
"Is your VPN Server NATted to the outside world so that VPN Clients can see it ?" - Im not sure what you mean. I could log into my server from the outside world before I changed my settings and I ran the VPN setup wizard, but caused probs as explained earlier with inet not working etc. etc. due to the 2 NICs or something else?
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client
My Netgear router is capable of being DHCP server - but would prefer the Server to do it all if possible. I am setting this up in a very small environment, but will be taking this theory into a larger environment which has over 300PCs so I dont want to create too much work if I can avoid it.
I do have an additional HUB-Switch if required, and one is in use connected to the network.
I think the current config I have is what you recommended except I have the .0.1 instead of .1.1.
"Is your VPN Server NATted to the outside world so that VPN Clients can see it ?" - Im not sure what you mean. I could log into my server from the outside world before I changed my settings and I ran the VPN setup wizard, but caused probs as explained earlier with inet not working etc. etc. due to the 2 NICs or something else?
ASKER
Im at the stage where I can reconfigure anything - so long as it all works in the end.
I would stick with this:
Internet
|
Netgear
192.168.1.1---------------
| |
192.168.1.8 (NIC2) 192.168.1.200
Server Client
You don't need an extra NIC for the server as far as I can make out - one NIC is enough for VPN, DHCP, Internet access...
I wouldn't trust the server as a router either - their MTBF is too low, and besides, it's going to be busy doing other things and may end up being a vulnerable, single point of failure for your network.
Internet
|
Netgear
192.168.1.1---------------
| |
192.168.1.8 (NIC2) 192.168.1.200
Server Client
You don't need an extra NIC for the server as far as I can make out - one NIC is enough for VPN, DHCP, Internet access...
I wouldn't trust the server as a router either - their MTBF is too low, and besides, it's going to be busy doing other things and may end up being a vulnerable, single point of failure for your network.
ASKER
The only thing is the VPN wizard specifies you need 2 nics and wont let u continue if u only have one, thats why I installed it in the server? should I just ignore the 2nd NIC?
Have you tried the Netgear ProSafe VPN client instead ?
If the Netgear can be your DHCP and VPN server, then it will cut down your deployment costs.... ;)
Can I also take you back a few steps to this diagram you drew:
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client
This would NOT work.
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.1.15
Client
..but this would (both client and NIC2 are on the SAME subnet). Client in this case would need default gateway of 192.168.1.8.
If the Netgear can be your DHCP and VPN server, then it will cut down your deployment costs.... ;)
Can I also take you back a few steps to this diagram you drew:
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client
This would NOT work.
Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.1.15
Client
..but this would (both client and NIC2 are on the SAME subnet). Client in this case would need default gateway of 192.168.1.8.
Here are instructions on how to set your VPN server up with a single NIC -
http://www.pctechnicians.ca/help/singlenic.html
http://www.pctechnicians.ca/help/singlenic.html
ASKER
Thanks for the info. Ill have a play tomorrow and let you know. I tried setting up the Netgear as VPN server but I had a lot of trouble getting the client to connect... the config. was very involved, unless there is an easier way to do this.
Ill be i touch. Not worried how its set up as long as it works OK in the end
Ill be i touch. Not worried how its set up as long as it works OK in the end
ASKER
Sorry for the time taken to get back to you. The VPN using the document as posted does work, but still gives me the original problem I had - the internal network is not the same. I cant browse the internal Network via Net. Neighbourhood, and if I need to access the server, I have to do so using IP address rather than the name of the server. This is why I thought using 2 NICs would solve the problem, unless theres something else I can do with the 1 NIC method. thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
clients ip address: 192.168.0.15
router/default gateway: 192.168.1.1
The default gateway needs to be on the same subnet as the client.
When you renumber the client to 192.168.1.20, thing work as these clients can see the default gateway.