[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VPN causing POP3 and SMTP to not work!  500 POINTS!

Posted on 2005-04-21
61
Medium Priority
?
680 Views
Last Modified: 2013-11-21
Hi,

I have setup VPN and can successfully connect to it.  I use remote desktop connection and tightvnc through it.

When I am connected to the VPN, I notice that some employees on the LAN cannot use POP3 or SMTP with their outlook express applications.  This doesn't happen all the time.  They simply get an error stating that they can't connect to the server.  They are able to connect to the internet but not email.

I am pretty sure its an IP address or subnet configuration.  The IP Scheme for the server is 192.168.1.x and I have the DHCP assign IP addresses to the clients from the VPN such as 192.168.1.x.  Since I am having it address it that way, would that cause a problem.  The subnet mask of the server is 255.255.255.0 but the subnet mask of the VPN client is 255.255.255.255.

The only way I am able to get the employees desktop to use email again is by restarting it sometimes multiple times.

I have posted multiple postings about this issue but no one seems to know what the problem is with VPN.

Someone please help.

Thanks.
0
Comment
Question by:NAPSR
  • 27
  • 22
  • 5
  • +4
60 Comments
 

Expert Comment

by:tksbronco
ID: 13838051
Hello,

First a couple of clarification questions:
Are you connecting via VPN into the network? Are you saying that while you are connected via VPN other users cannot access the pop/smtp server?

A couple of troubleshooting items:
Is the pop/smtp server on your local network or on the internet?

When you are experiencing connectivity issues, try this:
Open a command prompt (I presume you are using windows since you referenced Outlook xpress).
Try to ping the pop/smtp server name: ping server
The ping command should at least resolve to the correct IP address of the server. This will tell you whether it may be a resolution problem or network routing problem.

I have experienced issues while I am connected to my corporate network from home. My windows box will change routing tables while connected via VPN. Which I have security devices that will disallow certain traffic. This may be happening to you, also.

Cheers,

tk

0
 
LVL 3

Expert Comment

by:xrok
ID: 13838066
Change VPN IP Address to different Subnet
Also You need to look at RAS Configuration
0
 

Author Comment

by:NAPSR
ID: 13838211
Thanks for your help.

I am connecting to my network via a VPN.  Some employees cannot use pop3 or smtp with their outlook express applications.  This problem just doesn't happen while I am connected via a VPN.  Even after the VPN connection has been disconnected, they still cannot use email until they restart their computer.  Some users can access and some cannot.  I have tried restarting the server and router but it only works when I restart the persons desktop.  We host our own mail server and it runs windows server 2003 and exchange server 2003.

Someone told me about the routing table issue but I didn't know how to correct it.

The emails are working now so ping would not be effective.

Can you please tell me how I fix the routing table problems?

Thanks
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:NAPSR
ID: 13838231
xrok,

Thanks for helping again.  Can you give me step-by-step instructions?
0
 
LVL 3

Expert Comment

by:xrok
ID: 13838326
On Client Uncheck "use default gateway on remote network" .  Go to your vpn connection properties ==> Networking tab ==> Tcp/IP properties ==> advanced

Right Click My Computer on Server -.> Manage -> RAS (right CLick -> Property) -> check Router, select LAN and Demmand Dial Routing
and Remote Access Server shoul be checked.
Under Ip Tab enable all and create static pool
0
 
LVL 3

Expert Comment

by:xrok
ID: 13838350
Under Ip Tab enable all and create static pool
Use different Subnet
0
 

Author Comment

by:NAPSR
ID: 13838781
"Under Ip Tab enable all and create static pool
Use different Subnet"

It doesn't give me a place to choose the subnet.  Can you tell me how I do this?

Thanks
0
 
LVL 3

Expert Comment

by:xrok
ID: 13838819
Under IP Tab
Select Static IP Address radio button
Click add below
type range of ip address you want VPN user to be assign to


0
 

Author Comment

by:NAPSR
ID: 13838848
I am using 192.168.1.130 to 192.168.1.140.  The subnet mask says 255.255.255.240.  Is this correct?

0
 
LVL 3

Expert Comment

by:xrok
ID: 13838865
How about use
192.168.2.130 to 192.168.2.140 mask 255.255.255.0
0
 
LVL 3

Expert Comment

by:xrok
ID: 13838875
ignore mask
my bad
0
 

Author Comment

by:NAPSR
ID: 13838892
I don't have the option to change the subnet mask.  It still says 255.255.255.240.  I just tried connecting and the VPN connected but remote desktop connection didn't work because the chose static IP range is not in the DHCP pool.

0
 
LVL 3

Expert Comment

by:xrok
ID: 13838903
what was ip you get?
are you doing this from LAN or WAN
0
 

Author Comment

by:NAPSR
ID: 13838913
"what was ip you get?"

Can you please explain what you mean?


I am doing from a client on a separate internet connection.
0
 

Author Comment

by:NAPSR
ID: 13838964
So can I just use 192.168.1.130 to 192.168.1.140?  Its in the DHCP addess pool.

0
 
LVL 3

Expert Comment

by:xrok
ID: 13839549
I was asking IP assign to VPN

If POP3 and SMTP Works with your IP Range, I guess you can leave at that range.



0
 
LVL 4

Expert Comment

by:Gen2003
ID: 13840896
What is IP address of mail server? Hope it is not between .130 and .140. As mentioned by xrok use another subnet for VPN connection like 192.168.2.X not 192.168.1.X

Regards.
0
 

Expert Comment

by:tksbronco
ID: 13842234
It appears you have 2 issues occurring possibly related:
VPN assigning IP addr to remote user(you).
LAN clients connection issues to the server.

More questions:
If you disable the VPN device on your LAN, does your LAN client POP/SMTP connection issue go away?

Is it possible, the LAN clients experiencing problems have the been assigned an IP address in your VPN DHCP range? (overlapping DHCP ranges?) This can happen if you use DHCP for your LAN 192.168.1.x/24 without configuring exclusion addresses for the VPN IP range. Possibly, your clients have conflicting addresses on the LAN. After several reboots, the client will request a new DHCP lease which could change the IP address.

Is your POP/SMTP server configured for a static IP? this should not matter, but since you are experiencing intermittent network loss is could be a factor.

If your POP server is static, you could add a line to the hosts file on the clients. This will help in name resolution. Also, verify your DNS is configured properly. I cannot help you with the dns because I don't have much experience with that.

cheers
0
 

Author Comment

by:NAPSR
ID: 13843537
I am just going to open the ports for remote desktop and tightvnc.  This VPN stuff is causing a lot of problems.  Only about 2 people are going to use RDC and tightvnc now so I won't need to worry about security too much as long as they keep their passwords secure.

thanks for your help.
0
 
LVL 3

Expert Comment

by:xrok
ID: 13843631
Great!

0
 

Author Comment

by:NAPSR
ID: 13843896
Even though I am not going to use VPN right now, I would still like to figure out the correct way of using incase I ever have to use it in the future.

"What is IP address of mail server? Hope it is not between .130 and .140. As mentioned by xrok use another subnet for VPN connection like 192.168.2.X not 192.168.1.X"

The IP address of the mail server is not between 130-140.  In the DHCP address pool, I have the address to use as 192.168.1.100 to 192.168.1.150.  It won't let me use the IP addresses 192.168.2.x.  


"If you disable the VPN device on your LAN, does your LAN client POP/SMTP connection issue go away?"

The POP/SMTP only works after I reset the clients machine.



"Is your POP/SMTP server configured for a static IP?"
Yes..we have a static IP.


Should I set the IP addresses 192.168.1.130 to 192.168.1.140 on the exclusion list of the DHCP server?


We host our own DNS server so it is configured properly.

Thanks
0
 
LVL 3

Expert Comment

by:xrok
ID: 13843955
Rule of VPN is to use Different subnet.

and RAS should able to assign different subnet for VPN
After VPN Connection, make sure client POP3/SMTP is working

Then look at roting table
It should give you a idea, where is the problem with RDC
Then You can figure out from there.

Let me know
0
 

Author Comment

by:NAPSR
ID: 13844512
I read everywhere on the internet that using tightvnc without VPN is not secure at all.  I have been working on this for days now and the email still keeps crashing.  How can I create a different subnet for the VPN IP addresses.  

Can you please give me step -by -step instrucitons?

Thanks
0
 
LVL 3

Accepted Solution

by:
xrok earned 1500 total points
ID: 13844804
Right Click My Computer on Server -.> Manage -> RAS (right CLick -> Property) -> check Router, select LAN and Demmand Dial Routing
and Remote Access Server shoul be checked.
Under Ip Tab enable all and create static pool

Under IP Tab
Select Static IP Address radio button
Click add below
type range of ip address you want VPN user to be assign to

What kind of Router do you have?
0
 

Author Comment

by:NAPSR
ID: 13844901
I use a linksys router.  I opened port 1723 and let pptp pass through.

Under IP tab, I created the addresses 192.168.2.10 to 192.168.2.20.
The IP address given is 192.168.2.0
The subnet mask is 258.258.258.224.

Is this correct?  Anthing else I need to do?  I need to have the "use defualt gateway.." button unchecked on the client..right?

Thanks for your help.
0
 
LVL 3

Expert Comment

by:xrok
ID: 13844958
What is the model number on Linksys

>I need to have the "use defualt gateway.." button unchecked on the client..right?
This is cause client you use there default gateway rather than using VPN IP default gateway.
They should able to access Internet,POP3 and SMTP

Now after you should able to ping RDC Server Ip (192.168.1.x)
RDC that ip, see if you can use RDC to access Server or TightVNC




0
 
LVL 3

Expert Comment

by:xrok
ID: 13844976
>This is cause client you use there default gateway rather than using VPN IP default gateway.
Not sure what iwas trying here :)

Correction:
This will use client default Gateway, Not VPN IP Gateway
0
 

Author Comment

by:NAPSR
ID: 13844993
my router is a Linksys BEFSR41 ver2.

So you are saying "YES" right...that on the client computer, I should uncheck "use default gateway"


Regarding pinging, can you provide the steps?  Do i do it from the client computer after I have connected to the vpn?

Thanks
0
 
LVL 3

Expert Comment

by:xrok
ID: 13845039
Yes, If you want client to access POP3 and SMTP and Internet

After VPN is Connected, Client Side
Ping Server Ip (192.168.1.x)

Then use same IP to RDC

0
 

Author Comment

by:NAPSR
ID: 13845091
I tried to ping the server from the client computer which is on a different internet connection and it gave me a "request timed out" error.

0
 

Author Comment

by:NAPSR
ID: 13845199
The IP address assigned to the client is 192.168.2.11.

The Ip address of the server is 192.168.1.21.

Since its on a different subnet, its not even seeing the server so RDC or tightVNC will not work.

Any suggestions?
0
 

Author Comment

by:NAPSR
ID: 13845314
Are you still there?
0
 
LVL 3

Expert Comment

by:xrok
ID: 13846050
Do you know how to route ip from RAS
0
 

Author Comment

by:NAPSR
ID: 13846187
No I don't...can you please instruct me?

Thanks
0
 
LVL 3

Expert Comment

by:xrok
ID: 13846222
Can you tell me, if Client can access pop3, smtp and internet?
After connected to VPN
0
 

Author Comment

by:NAPSR
ID: 13846247
do you mean the vpn client or the local LAN clients?

The problem just doesn't arise right after I connect to the VPN.  It always happens a few hours later.  We send out newsletters and sometimes it doesn't go out because it can't connect to the smtp server.

0
 
LVL 3

Expert Comment

by:xrok
ID: 13846427
Client side

And Now for RDC

Use ip address VPN Server address to connect
Right click on Client side network connection Icon on TaskBar Tray ..> Detail

It Should give you a server IP Address
Use it to access RDC

You can also Access  Share Files and Folders on server using same address
0
 
LVL 3

Expert Comment

by:xrok
ID: 13846452
Yes, If you want client to access POP3 and SMTP and Internet

After VPN is Connected, Client Side
Type Error> Ping Server Ip (192.168.1.x)
Should be Ping Server IP (192.168.2.x)

Then use same IP to RDC
0
 

Author Comment

by:NAPSR
ID: 13846547
Ok..it worked!!

This should definitely solve my email problems?

0
 

Author Comment

by:NAPSR
ID: 13846558
When I type in 192.168.2.10....how does it know to go to my server IP 192.168.1.21?

Thanks for your help.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13846645
Ok, I'll post this here as have come here from the other thread you started!!

If you are using RRAS on Windows 2003 (or 2000) to handle your VPN, it should be distributing an IP address using your LAN subnet, not another subnet.  if it distributes an IP address for another subnet, all your VPN client will see is the server - and this is assuming that the server has been given an IP address on the VPN range, otherwise the client won't even see the server.

There is a fundamental difference between using RRAS to allow remote access and creating a VPN between two networks (which would require different subnets to allow the routing to work).

Your RRAS server should be obtaining addresses from your DHCP server for distribution to VPN clients.  All your LAN clients should also be obtaining IP addresses from this server, so there is no chance that an IP address will be issued twice (unless you are not using Windows DHCP, or are using static IPs on some machines).

It is very strange that a client dialling into your network should affect users on your LAN.  It would imply that RRAS is treating the connection as a demand-dial interface, not a VPN.  Without more information, I am not sure what would be causing this.

The "Use default gateway on remote network" will only affect the VPN client, it will categorically not affect any LAN clients.  The LAN clients will always use the default gateway given them by their DHCP server.

What I would suggest you do is disable routing and remote access and recreate it from scratch.  Before recreating it, ensure your DHCP server is correctly configured on your LAN and that all clients are set to DHCP.  Then when you reinstall RRAS, it will be automatically configured to obtain addresses from the DHCP server - you won't have to exclude ranges, or anything like that.  Configure the DHCP server for a single range (e.g. 192.162.1.x) - DO NOT declare extra subnets.

If there is any information missing from your description (e.g. there is another DHCP server on the network), then please post it here.
0
 

Author Comment

by:NAPSR
ID: 13846714
purplepomegranite,

Thank you very much for taking the time to write all that.

I AM COMPLETELY CONFUSED!  I have people telling me to use a different subnet and others not to.  

I don't even know what to do now.  I want to use VPN but employees on the LAN cannot use their pop3 or smtp.  This doesn't happen when I am connected to the VPN or soon afterwards but when I come back in the morning, they cannot access their emails.

Thank You
0
 

Author Comment

by:NAPSR
ID: 13846725
I connected to the VPN and then tried the RDC with the different subnet ip address and I was able to connect successfully.

Should i not do that?
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13846791
I apologise for the confusing information.  I wrote that because I have set up many RRAS servers, and many VPNs, and I wanted to make clear that there is a difference.

While for RRAS the client is connecting via VPN, it is essentially a remote client - so it must have an IP address that allows it to see local resource i.e. an IP address within the range of your LAN.

It may be that you have two different issues you are trying to solve, which would add to the confusion.  If you say the POP/SMTP problems do not occur as soon as you connect via VPN, then I very much doubt they are connected.

If you have now set up your RRAS with different subnets, and it is working, to save confusion leave as is.  It is possible to use this configuration, but if setting up from scratch it is unnecessary and unusual - however, it isn't really bad practise.

What we need to do is to establish what the problems actually are you are having, and tackle them individually.

Is your VPN now working?  When you VPN in, you have access to LAN resources?

And is it that your LAN users seem not to be able to access their POP/SMTP servers in the morning?  Or is it just some mornings?  Do they turn their computers off at night?
0
 

Author Comment

by:NAPSR
ID: 13846907
Thanks for the info.

I am able to connect to the VPN connection and then to remote desktop connection and tightvnc.  

It is some of the LAN users that are having trouble with their emails.  On Tuesday night, I logged into the VPN from my house and accessed remote desktop connection and tightvnc to access my desktop and on wednesday morning is the first time that the email problems started.  So naturally i figured it had something to do with VPN or tightvnc.

Last night, I logged again to VPN, RDC and tightvnc, and this morning it was the same problem.  We send out newsletters every night and the two nights whenever I have logged into the vpn, the newsletters do not go out because desktop cannot connect to the mail server.

They do not turn off their computers at night.

Thank you for taking the time to help me.
0
 

Author Comment

by:NAPSR
ID: 13847038
xrok,

I am able to connect to RDC but I can't connect using tightvnc.  Maybe its tighvnc thats causing all the problems.  What IP address do i enter to connect to my office desktop using tightvnc?  

Thanks
0
 

Author Comment

by:NAPSR
ID: 13847087
Anybody there?
0
 

Author Comment

by:NAPSR
ID: 13847198
hello...

Can you please tell me how I access my office desktop using tighvnc?

Thanks
0
 
LVL 3

Expert Comment

by:xrok
ID: 13847355
Hmmmm.

At this VPN Setup, You will not able to access desktop.
I recommanded this setup for testing LAN POP3/SMTP access, make sure default gateway causing a problem.

Why don't you install vnc client on server and access from there to your desktop for now.
Once we found a problem, I will show you way to connect.

0
 
LVL 3

Expert Comment

by:xrok
ID: 13848434
purplepomegranite statement is very correct about VPN Setup.

One I was trying to figure out was " NAPSR>When I am connected to the VPN, I notice that some employees on the LAN cannot use POP3 or SMTP with their outlook express applications.  "
VPN Connection can not access LAN Side.

If my step does not help with LAN User, then set back to same subnet (RAS) and enable client side "use default gateway on remote network" .  Go to your vpn connection properties ==> Networking tab ==> Tcp/IP properties ==> advanced

After all, You think VPN is still causing a problem then check your PC for bug.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13849104
Sorry, I am on UK time here, hence had to go to bed after my last post!!

When your clients cannot access POP/SMTP, have you tried a ping test and a tracert?  It would be interesting to see the results of these to find out where the connection is failing.
0
 
LVL 3

Expert Comment

by:xrok
ID: 13849971
NAPSR>>We host our own mail server and it runs windows server 2003 and exchange server 2003.

NAPSR>>it only works when I restart the persons desktop.

Make sure you do not have more than one DHCP server is running on your LAN




0
 

Author Comment

by:NAPSR
ID: 13851040
Thanks for getting back to me!

Yesterday, the same thing happened after I connected to the VPN.  My office desktop could not connect to the mail server and also could not connect to the internet either.  It was completely cut off from the server.  I had to restart it 3 times to get it to work again.  Its definitely the VPN connection.  Now each time I restarted it, the IP address of the desktop was the same.  Finally on the third restart, it worked correctly.  I am positive that I have only the server DHCP handing out IPs and not the router.  I cannot understand why its cutting off the LAN users.  I even unchecked the "use default gateway.." and it still did the same thing.  I have anti-virus and symantec mail scanner so its not a virus.  Its definitely the DHCP setup thats causing the problem.

I have not tried a ping test but since they can't even connect to the server, I am assuming it will give a timeout error.

When I go back to the office, I will try to uninstall RRAC and just start over with one subnet.  The only cause of problem I can think of is that DHCP is assigning the same IP addresses to the VPN clients.  I will try to setup exclusions or assign the VPN clients only static IPs that are in the range of the DHCP address pool.

The server IP is 192.168.1.21 and the router is 192.168.1.1.
The DHCP address pool is from 192.168.1.100 to 192.168.1.150.

I will try to reserve the VPN clients to the address pool 192.168.1.140 to 192.168.1.150.
I will also set exclusions in DHCP by excluding the IP addresses of the desktop computers so that they don't get reused again.

Please offer any other suggestions you might have.


Thank you for taking the time to assist me.

0
 
LVL 3

Expert Comment

by:xrok
ID: 13851180
Here is what I would do now,

Set Server Static IP
Look at server and router and disable all DHCP
Enbale DHCP on Server (I would use static IP to LAN PC)
RAS - Use Same Subnet for VPN

Make sure you do not have more than 1 DHCP Server running.

Good Day!




0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13851666
Yes, I agree with xrok that that is the best thing to do.

You say you have a router... what router is it?  And how is your VPN being handled... is the router forwarding VPN traffic to your server, or have you declared your server to be DMZ (i.e. all internet traffic is forwarded to it)?

It is important to do a tracert when the mail isn't working to establish where the problem may be.  It could be DNS, it could be a problem with the routing, it could be many things and a tracert will set us on the right path to the solution.  Same with ping... if the ping times out, it doesn't tell us much, but if it can't resolve the hostname it tells us the problem is DNS.  It is always better not to assume when troubleshooting!

Anyway, let us know how you get on!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13858786
>The server IP is 192.168.1.21 and the router is 192.168.1.1.
>The DHCP address pool is from 192.168.1.100 to 192.168.1.150.

have not seen this addressed yet... is your home LAN IP subnet also 192.168.1.x ? The vast majority of home offices with a broadband router have this as their own local IP subnet. It really confuses the PC with the same subnet supposedly on both sides of the VPN tunnel..

0
 
LVL 4

Expert Comment

by:Gen2003
ID: 13865874
Well...

Let us see more info on your net. I guess that will eliminate a lot of misunderstandings here.

-What is address of mail server?
-What is address of RRAS server?
-What is address of server you are connecting via RDP?
-What is address of server running tightvnc?
-What is address of server running DHCP?
-Where VPN session terminates? I mean what address of VPN server?
-What address is assigned to you when you VPN to the server?
-What addresses are on problem clients? Are theese clients are permanent or sometime it is some group of clients and sometime they are another people?

Then... some things to do but knowing all this info.

Regards.
0
 

Author Comment

by:NAPSR
ID: 13867828
Thank you all for your input.

I am currently out of town and will answer as soon as I get back to the office.


Thank You
0
 

Expert Comment

by:yuribud
ID: 15136921
I got exact the same problem. I've been using VPN for a year and have been able to send and receive email thru Outlook no porblems. A few days ago I had to re-install my W2K Pro and that's when hell started. I'm not able to send my email any long from Outlook. Tried everything possible to no avail. Any ideas?

Thx,
Yuri
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 15137453
Hi Yuri,

This question has been closed, so you'll want to start another to get help with your problem.  When you post a new question, include as much info as possible (e.g. are you getting SMTP errors,  are other network services working ok, etc.).

Thanks.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Make the most of your online learning experience.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question