Solved

Cannot access shared drives over VPN using Windows XP

Posted on 2006-11-17
6
716 Views
Last Modified: 2008-02-26
Hi Folks:

   I am trying to set up a simple VPN with Windows XP Pro at each end.
 
   I have configured the VPN server and created a TestVPN user account. On the client machine I have set up the VPN connection and specified the correct IP address for the router attached to the VPN server computer. I have set the router to allow PPTP through to the VPN server.

  I can make the connection, but I cannot seem to access any shared folders on the VPN server. I have searched through the articles here and although they seem to address the issue, they always seems to be something which is unclear.

  I tried "net use x: \\Fileserver\testshare" where Fileserver is the name of the computer hosting the VPN, I also tried using the statric IP address of the Fileserver computer - i.e. 192.168.0.2, and I also tried using the IP address of the router which passes PPTP traffic to the fileserver computer - all to no avail.

Using an LMhosts file - could someone give me a clear example? Does this file have to be on the VPN host system - i.e. fileserver or just on the client system?

Do I have to install any other protocols on the systems other than TCP/IP and File and Printer sharing and CLient for Microsoft networks

Ideally I want to be able to map the shares / drives so that files can be accessed by the remote client - such as quickbook files - so that the files are updated on the VPN host server system and not simply copied to the remote client.

Thanks in advance.

Best regards, Dave Melnyk




0
Comment
Question by:d_melnyk
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17967998
Dave, one of the first things to check is both ends should be using a different subnet. If the office uses IP's belonging to the 192.168.1.x subnet , then the remote site needs to use something else such as 192.168.2.x
Also on your router you need to enable PPTP pass-through, as well as forward port 1723 to the VPN "server" computer.
Finally, does your router's WAN/Internet/Public interface have a true public IP ? In other words is it assigned the IP to which you are trying to connect, or is that assigned to your modem? If the latter, the modem needs to be put in bridge mode.
0
 

Author Comment

by:d_melnyk
ID: 17968164
RobWill:

   Thanks for the reply - the subnet thing may be an issue - the remote site is using the same subnet and providing me an IP address with 192.168.0.xxx.

  The subnet thing may be a bit of a problem to overcome as the two networks are already set up and starting to change things at either one would involve a fair amount of work - and probably grief! I guess there may be no way past that problem short of using an ssl based VPN.

  The router has PPTP forwarded to port 1723 on the VPN server

   The router at the office is assigned 192.168.0.1 and the modem has the true IP address - i.e. standard DLINK DI-524 - i.e. the router is lan address 192.168.0.1 and WAN is 70.xxx.xxx.xxx

How does one put the "modem" in bridge mode?

Best regards, Dave Melnyk
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 17968746
>>"standard DLINK DI-524 - i.e. the router is lan address 192.168.0.1 and WAN is 70.xxx.xxx.xxx"
Is the 70.x.x.x address the WAN of the D-Link? If so your in good shape for that part but if it's WAN is 192.168.0.1 you have 2 problems.

However, not sure how familiar you are with this so let me explain the problem first, and there may be ways around it. Routing directs packets to different networks, if 2 networks use the same subnet, the routing devices do not know to which subnet to send the packets. Thus the problem with the home and office network being the same. Does a packet destined for the 192.168.0.x network get kept local, or sent to the remote network, thus often gets lost. The second problem mentioned above, is the same issue. Routers separate networks. If  above the WAN and the LAN of the D-Link both use 192.168.0.x then you have 3 locations the same. I'm not sure that is what you are saying, maybe we can clarify that.

Resolutions:
Bridge mode; If the WAN port (     not LAN) of the D-Link has a 192.168.0.1 IP, then the modem is performing NAT (network address translation), basically acting as another router. Many are not like this by the way. I might me able to be specific as to how to change if I knew the make and model. Only NAT modems can be put in bridge mode, but it is often as simple as changing an option from NAT or router mode to Bridge mode. Bridge mode effectively makes it a simple modem. Once that is done then you need to configure the WAN section of the D-Link router with the ISP connection information. If you have a dynamic connection, you probably don't have to do anything, if static you have to enter IP, subnet mask, gateway and dns, and if PPPoE you need to enter user name and password. Once done the router will have the 70.x.x.x WAN address.

Duplicate subnets; though the local and remote subnets need to be different, the Windows PPTP VPN will "usually" work if you enable the remote gateway option on the client. There is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. It is usually enabled by default, but make sure that it is enabled.   Network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
When this is enabled, it "should" force all traffic to the office network, eliminating the possibility of a routing conflict.

Bt the way the client should obtain an IP in the same subnet as the office LAN, it will have a subnet mask of 255.255.255.255, and the gateway will be the VPN virtual adapter itself, in other words the same IP as the assigned VPN client IP address.

Perhaps some of that will help. If any doubts about the modem let us know the make and model.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:d_melnyk
ID: 17990431
Hi RobWill:

   Sorry I did not respond earlier - have been extremely busy. The issue is now no longer as pressing as we have opted to go with the netOp Remote Controlsolution which is dead simple to set up and thouroughly reliable for our needs.

   The router does indeed have the "public" or WAN address "70.xxx.xxx.xxx" and the router LAN address is 192.168.0.1.

The setup did have the "use default gateway on remote network" enabled, but there was still no ability to 'browse" for network shares.Could this be because the client machine also had a netbeui protocol installed as well as TCP/IP (netbeui was installed to use on another network when connected locally)?

Best regards, Dave Melnyk

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17990945
>>"Could this be because the client machine also had a netbeui protocol installed as well as TCP/IP "
No that is fine. NetBEUI is not routable, so it doesn't help with VPN name resolution or browsing, but it will not interfere.

I suspect the problem is the subnets being identical. One of the primary rules of a VPN is they must be different. As pointed out above, it will "usually" work, but not always and it is not proper procedure.

Cheers Dave,
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18043137
Thanks Dave,
--Rob
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Sonicwall Site-to-Site VPN and NAT 19 87
Use VPN with local DHCP settings 17 100
AnyConnect 3 59
VPN protocal 18 68
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now