Cannot access shared drives over VPN using Windows XP

Posted on 2006-11-17
Medium Priority
Last Modified: 2008-02-26
Hi Folks:

   I am trying to set up a simple VPN with Windows XP Pro at each end.
   I have configured the VPN server and created a TestVPN user account. On the client machine I have set up the VPN connection and specified the correct IP address for the router attached to the VPN server computer. I have set the router to allow PPTP through to the VPN server.

  I can make the connection, but I cannot seem to access any shared folders on the VPN server. I have searched through the articles here and although they seem to address the issue, they always seems to be something which is unclear.

  I tried "net use x: \\Fileserver\testshare" where Fileserver is the name of the computer hosting the VPN, I also tried using the statric IP address of the Fileserver computer - i.e., and I also tried using the IP address of the router which passes PPTP traffic to the fileserver computer - all to no avail.

Using an LMhosts file - could someone give me a clear example? Does this file have to be on the VPN host system - i.e. fileserver or just on the client system?

Do I have to install any other protocols on the systems other than TCP/IP and File and Printer sharing and CLient for Microsoft networks

Ideally I want to be able to map the shares / drives so that files can be accessed by the remote client - such as quickbook files - so that the files are updated on the VPN host server system and not simply copied to the remote client.

Thanks in advance.

Best regards, Dave Melnyk

Question by:d_melnyk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 77

Expert Comment

by:Rob Williams
ID: 17967998
Dave, one of the first things to check is both ends should be using a different subnet. If the office uses IP's belonging to the 192.168.1.x subnet , then the remote site needs to use something else such as 192.168.2.x
Also on your router you need to enable PPTP pass-through, as well as forward port 1723 to the VPN "server" computer.
Finally, does your router's WAN/Internet/Public interface have a true public IP ? In other words is it assigned the IP to which you are trying to connect, or is that assigned to your modem? If the latter, the modem needs to be put in bridge mode.

Author Comment

ID: 17968164

   Thanks for the reply - the subnet thing may be an issue - the remote site is using the same subnet and providing me an IP address with 192.168.0.xxx.

  The subnet thing may be a bit of a problem to overcome as the two networks are already set up and starting to change things at either one would involve a fair amount of work - and probably grief! I guess there may be no way past that problem short of using an ssl based VPN.

  The router has PPTP forwarded to port 1723 on the VPN server

   The router at the office is assigned and the modem has the true IP address - i.e. standard DLINK DI-524 - i.e. the router is lan address and WAN is 70.xxx.xxx.xxx

How does one put the "modem" in bridge mode?

Best regards, Dave Melnyk
LVL 77

Accepted Solution

Rob Williams earned 1000 total points
ID: 17968746
>>"standard DLINK DI-524 - i.e. the router is lan address and WAN is 70.xxx.xxx.xxx"
Is the 70.x.x.x address the WAN of the D-Link? If so your in good shape for that part but if it's WAN is you have 2 problems.

However, not sure how familiar you are with this so let me explain the problem first, and there may be ways around it. Routing directs packets to different networks, if 2 networks use the same subnet, the routing devices do not know to which subnet to send the packets. Thus the problem with the home and office network being the same. Does a packet destined for the 192.168.0.x network get kept local, or sent to the remote network, thus often gets lost. The second problem mentioned above, is the same issue. Routers separate networks. If  above the WAN and the LAN of the D-Link both use 192.168.0.x then you have 3 locations the same. I'm not sure that is what you are saying, maybe we can clarify that.

Bridge mode; If the WAN port (     not LAN) of the D-Link has a IP, then the modem is performing NAT (network address translation), basically acting as another router. Many are not like this by the way. I might me able to be specific as to how to change if I knew the make and model. Only NAT modems can be put in bridge mode, but it is often as simple as changing an option from NAT or router mode to Bridge mode. Bridge mode effectively makes it a simple modem. Once that is done then you need to configure the WAN section of the D-Link router with the ISP connection information. If you have a dynamic connection, you probably don't have to do anything, if static you have to enter IP, subnet mask, gateway and dns, and if PPPoE you need to enter user name and password. Once done the router will have the 70.x.x.x WAN address.

Duplicate subnets; though the local and remote subnets need to be different, the Windows PPTP VPN will "usually" work if you enable the remote gateway option on the client. There is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. It is usually enabled by default, but make sure that it is enabled.   Network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
When this is enabled, it "should" force all traffic to the office network, eliminating the possibility of a routing conflict.

Bt the way the client should obtain an IP in the same subnet as the office LAN, it will have a subnet mask of, and the gateway will be the VPN virtual adapter itself, in other words the same IP as the assigned VPN client IP address.

Perhaps some of that will help. If any doubts about the modem let us know the make and model.
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.


Author Comment

ID: 17990431
Hi RobWill:

   Sorry I did not respond earlier - have been extremely busy. The issue is now no longer as pressing as we have opted to go with the netOp Remote Controlsolution which is dead simple to set up and thouroughly reliable for our needs.

   The router does indeed have the "public" or WAN address "70.xxx.xxx.xxx" and the router LAN address is

The setup did have the "use default gateway on remote network" enabled, but there was still no ability to 'browse" for network shares.Could this be because the client machine also had a netbeui protocol installed as well as TCP/IP (netbeui was installed to use on another network when connected locally)?

Best regards, Dave Melnyk

LVL 77

Expert Comment

by:Rob Williams
ID: 17990945
>>"Could this be because the client machine also had a netbeui protocol installed as well as TCP/IP "
No that is fine. NetBEUI is not routable, so it doesn't help with VPN name resolution or browsing, but it will not interfere.

I suspect the problem is the subnets being identical. One of the primary rules of a VPN is they must be different. As pointed out above, it will "usually" work, but not always and it is not proper procedure.

Cheers Dave,
LVL 77

Expert Comment

by:Rob Williams
ID: 18043137
Thanks Dave,

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month7 days, 23 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question