Solved

VPN only one way

Posted on 2006-06-27
22
349 Views
Last Modified: 2010-03-18
Hi,
I've setup a Windows 2003 SBS server which works fine. Now I'm trying to connect my home-PC through a VPN connection.
Everything is setup with the standard wizards provided by SBS and connection works like a charm... but only one way.
When connected I can access all network resources from my home-pc on my server, but when I'm trying to access the client computer from the server even a simple ping fails.

I'm sure this is just a setting to be changed somewhere, but I've been unable to locate it.
Any help?

Regards,
Michel
0
Comment
Question by:mvdriel
  • 10
  • 4
  • 4
  • +1
22 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16991625
whats you IP address when you are connected via VPN, do you have any windows firewalls or other firewalls enabled?
0
 

Author Comment

by:mvdriel
ID: 16991651
The IP address is leased by the server's DHCP-service and is correct. It works from home to server but not the other way around.
When I'm trying to ping through the computers' name it returns the correct ip-address (so it's registered fine as well), but no answer is given.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16991800
did you check the firewalls for me?
0
 

Author Comment

by:mvdriel
ID: 16992077
Yes, I even turned off the firewall on my home pc, but no change...
I didn't expect this, because a ping-request is usually allowed in a firewall.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16992243
What IP are you using? You need to connect to the IP assigned to the virtual IP not the computer's local IP.

Jay_Jay70, is dead right. Firewall will definitely block, including the ping.
If you are wanting to connect to other than the one PC, you will have to make a series of changes. Connection is really intended for client to host, but will work in reverse.
0
 

Author Comment

by:mvdriel
ID: 16992372
Ofcourse I've tried to connect to the IP given by the DHCP-server, and not the local IP used by the pc at home... And I'm able to connect to the complete network over VPN, but not in reverse which, as you stated, should work...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16992528
Is the assigned IP in the same subnet as the office network? It is possible to set it up otherwise.
Any other software firewalls enabled at home, such as Symantec, Wingate, Zone Alarm ?
If using Symantec's Virus scan disable "Internet Worm Sharing"
Verify no port forwarding at home set up for 1723.
If an option try enabling PPTP pass-through on the home router.
0
 

Author Comment

by:mvdriel
ID: 16994353
Let's break that one down:
The subnet is the same as in the office. It is assigned by the office DHCP server, and I've double checked it...
There are no other firewalls at home, it is a clean install with only office and NOD32 virusscanner.
No port forwarding at all
PPTP passthrough cannot be enabled (my modem doesn't have this option and I'm not able to replace the modem, since it is a special modem provided by the telco), but that doesn't seem the problem, because the VPN connection is made and works (one way).
I have the same problem at another location where I've tested to make a connection... The server is reachable ok, but i'm not able to reach the computer from the server... same setup, all ip-numbers are correct.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16994654
On the server, at a command line, when the VPN client is connected, run:
route print
As an example, assuming your subnet is 192.168.123.0 , there should be a line in there:
192.168.123.x   255.255.255.255   192.168.123.y   192.168.123.y
Where x = the IP of the home machine's PPP/Virtual adapter, and y= the IP of the server's PPP adapter

If not try adding a route to the server:
route  add  192.168.123.x  mask  255.255.255.255  192.168.123.y
substituting the appropriate x & y IP's

This will only work as a test, assuming the remote user gets a dynamic IP, but may help to narrow down the problem.
To remove the route enter:
route  delete  192.168.123.x

If in doubt, post the results of route print here. If your public IP is shown, please mask the address for security reasons such as  66.22.xx.xx
0
 

Author Comment

by:mvdriel
ID: 16995164
Hi,
the route is there, the home pc's vpn-ip is 192.168.16.15
My server uses 192.168.16.2 to contact the internal network and 192.168.1.11 to contact the internet
The VPN-ip for the server is 192.168.16.16 as is shown below.

The network at the office is setup as instructed by windows sbs:
Server connects to the internet through one NIC and connects to the internal network through another.
The client pc-s at work have no direct internetconnection, but connect to the internet through the server.

This works like a charm

===========================================================================
Actieve routes:
Netwerkadres             Netmasker          Gateway        Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11      1
   85.147.204.200  255.255.255.255      192.168.1.1     192.168.1.11      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.11     192.168.1.11     20
     192.168.1.11  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255     192.168.1.11     192.168.1.11     20
     192.168.16.0    255.255.255.0     192.168.16.2     192.168.16.2     20
     192.168.16.2  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.16.15  255.255.255.255    192.168.16.16    192.168.16.16      1
    192.168.16.16  255.255.255.255        127.0.0.1        127.0.0.1     50
   192.168.16.255  255.255.255.255     192.168.16.2     192.168.16.2     20
        224.0.0.0        240.0.0.0     192.168.1.11     192.168.1.11     20
        224.0.0.0        240.0.0.0     192.168.16.2     192.168.16.2     20
  255.255.255.255  255.255.255.255     192.168.1.11     192.168.1.11      1
  255.255.255.255  255.255.255.255     192.168.16.2     192.168.16.2      1
Standaard-gateway:       192.168.1.1
===========================================================================
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 16996046
Looks good. I really don't know what the problem is.
You are trying to connect directly from the server I assume. With this configuration it will not work from a workstation.
The only other thing I can think of is SBS by default enables several security features. Perhaps we are missing one that is blocking the outgoing traffic. I don't have a SBS with which to compare.
0
 

Author Comment

by:mvdriel
ID: 17026843
Sorry about the delay in answering, but I'll keep looking for some hidden setting somewhere...
Thanks for your help though!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17027433
It looks as though you are not using the Small Business Server Connection Manager as downloaded from Remote Web Workplace?  Because this would force your Gateway to be 192.168.16.16.

Jeff
TechSoEasy
0
 

Author Comment

by:mvdriel
ID: 17032448
I'm not sure if I understand you correctly... The Remote Web Workplace is a remote management tool to access the server. right? I'm trying to configure my VPN... If I'm wrong, where do I download this connection manager?

Thanks!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17033072
No, RWW is not a remote management tool to access the server, it's for users to be able to access Network resources, including their own desktops through Internet Explorer without the need for VPN.  It also includes a few links to special items like the VPN Client download.  You would access this via https://<serverfqdnORip>/remote.  More info on that is available at http://sbsurl.com/rww and http://sbsurl.com/rwwppt.

Jeff
TechSoEasy
0
 

Author Comment

by:mvdriel
ID: 17033974
Now I see... I thought it was just a remote management website, but I missed the links.
I'll try the links when I'm back and I'll let you know. This will propably not be today or tomorrow...

Tanks!
Michel
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17035084
Since you are just using your home PC, you don't have to use the VPN if you don't want... you can just use RWW to log into your desktop machine at the office.

Generally, with SBS, the VPN is useful for those who have laptops.

Jeff
TechSoEasy
0
 

Author Comment

by:mvdriel
ID: 17207040
The problem still is not solved, but a solution seems far away... Please delete the question with a refund...

Michel
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17207082
Why would you do that when you have the opportunity to resolve it?  I offered you a solution, and you didin't reply back with an answer as to whether it worked or not.  Also, you have never provided any detail about WHAT firewall you are using on your home PC, is it the Windows XP one? or something else?  

Do you have a router at home?  If so, what is the make and model of it?  What is the make and model of the router in your office?

I'm more than willing to help you out here... but you need to communicate back.

Jeff
TechSoEasy
0
 

Author Comment

by:mvdriel
ID: 17291282
I'm sorry for not answering sooner, but I've been on assignment abroad and have had a vacation. It was my understanding that a question that was marked for cleanup could not be continued... So, sorry again and I am very greatfull for your efforts.
The problem has been solved, I've re-installed the server after a crash AND re-installed my home computer to be certain this was not the problem.
After removing the windows firewall from the VPN-connection (on my home computer) it suddenly worked like a charm two ways.
I'm going to give you the full 500 point for trying to help me, and sorry again for not answering more often...

Michel
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now