Solved

VPN Problems

Posted on 2007-04-05
31
366 Views
Last Modified: 2011-09-15
Once i connect to a VPN i cannot acces the interent, im connecting to the VPN using SBSPackage.exe. If i connect any other way then I cant browse to the company website.
0
Comment
Question by:jmkbrown
  • 13
  • 12
  • 5
31 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857504
                          *Make sure that in TCP/IP properties>advanced (networking tab) "Use default gateway on remote network" is NOT chosen. If it is ticked, please empty its box and apply.
0
 

Author Comment

by:jmkbrown
ID: 18857563
i dont have that option since im connecting with SBSPackage i read on microsofts website that i need enable split tunneling or change the routing but im not sure how to do either
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857611
I hope this helps
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22063856.html?sfQueryTermInfo=1+sb+split+tunnel+vpn

If you can't do split tunnelling, you would define routes to sbs clients by route command "route add ....."
 
0
 

Author Comment

by:jmkbrown
ID: 18857672
i have to use the SBS connection becuase if i dont then the company website cant be accessed
0
 

Author Comment

by:jmkbrown
ID: 18857697
ok so i need to add a route... but what im i routeing from and to?
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857721
0
 

Author Comment

by:jmkbrown
ID: 18857791
ok i did the add route and for the IP of my gateway it told me it was a bad argument
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857814
            *Please post me what you ve typed.
             *Make sure VPN connection is established while adding route.
0
 

Author Comment

by:jmkbrown
ID: 18857829
route add 192.168.10.0 255.255.255.0 192.168.10.1 -p

0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857844
write it as following
             route add 192.168.10.0 mask 255.255.255.0 192.168.10.1 -p
0
 

Author Comment

by:jmkbrown
ID: 18857863
ok the route add worked, but i still cannot browse the internet :-(
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18857899
       so you now need default route
              I assume that 192.168.10.0 is vpn network and lets say that 10.5.10.0 is your local network that you conenct to internet by 10.5.10.1 gateway. Then you ve to type the following default route.
              route add 0.0.0.0 mask 0.0.0.0 10.5.10.1 -p
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18857940
Are you sure the default gateway option does not exist on your virtual/VPN connection. I understand you need to use the SBS connection software, but it should automatically create the same VPN adapter, but with more complete connection information. Double check:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18857943
ps-  this is on the connecting client computer
0
 

Author Comment

by:jmkbrown
ID: 18857987
I'm going to re-explain our situation if you don't mind.  Our local gateway is 192.168.10.1 and the remote gateway is 192.168.1.1.  I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network.  What commands do I need to run to acheive this??  Thanks in advance.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858051
                *First, delete routes if you ve created any by typing same line with route delete instead route add.
                 *Now type route print then make sure None writes under Persistant routes.
                 *If you ve assigned manual gateways, remove them from TCP/IP properties of every connection.
                 *In their respective order type the following commands
                  route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 -p
                  route add 0.0.0.0 mask 0.0.0.0 192.168.10.1
                   
0
 

Author Comment

by:jmkbrown
ID: 18858059
Rob, those options dont exist when using an SBS conenction, it doest create anything like you are talking about
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858082
              forgot to add -p to the last route.
               route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 -p
               route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p
            * When you type route print, you should see the default route (the one with 0.0.0.0) at the bottom in persistants.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18858108
>>"it doest create anything like "
How do you connect then? You would need an icon to click on which should be the VPN/Virtual adapter.
However, the default gateway is not what you want. Sorry. That is exactly the opposite. That allows remote network access and local Internet access simultaneously. You want both remote, which should be the default configuration, with no routing re-configuration at all.
Was the VPN created on the SBS using the wizard [ server management | Internet and e-mail | create remote access] ?  If so this is supposed to create the necessary routing on the SBS and firewall exceptions. The client by default forces ALL traffic to the SBS.
0
 

Author Comment

by:jmkbrown
ID: 18858109
MrHusy, i tried that and the first one failed it siad something about the gateways not being on the same network, and yes, i am connected to the VPN
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858136
           *You are adding these routes for clientside right?
            *.Would you please post the output of ipconfig /all and route print commands?
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858160
         *Please run the commands while you are connected by VPN and cant access internet.
0
 

Author Comment

by:jmkbrown
ID: 18858230
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : test
        Primary Dns Suffix  . . . . . . . : PCCSInc.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : PCCSInc.local
                                            lights.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
        Physical Address. . . . . . . . . : 00-03-47-CA-BA-FF
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 4.2.2.1
                                            4.2.2.2
                                            4.2.2.1
        Lease Obtained. . . . . . . . . . : Thursday, April 05, 2007 10:50:10 AM

        Lease Expires . . . . . . . . . . : Friday, April 06, 2007 10:50:10 AM

PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : lights.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.106
        DNS Servers . . . . . . . . . . . : 192.168.1.35
        Primary WINS Server . . . . . . . : 192.168.1.35

C:\DOCUME~1\ADMINI~1>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 03 47 ca ba ff ...... Intel(R) PRO/100 VE Network Connection - Packet
Scheduler Miniport
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.106   192.168.1.106       1
          0.0.0.0          0.0.0.0     192.168.10.1  192.168.10.100       21
      66.14.125.5  255.255.255.255     192.168.10.1  192.168.10.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.1.106  255.255.255.255        127.0.0.1       127.0.0.1       50
    192.168.1.255  255.255.255.255    192.168.1.106   192.168.1.106       50
     192.168.10.0    255.255.255.0   192.168.10.100  192.168.10.100       20
   192.168.10.100  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.10.255  255.255.255.255   192.168.10.100  192.168.10.100       20
        224.0.0.0        240.0.0.0   192.168.10.100  192.168.10.100       20
        224.0.0.0        240.0.0.0    192.168.1.106   192.168.1.106       1
  255.255.255.255  255.255.255.255    192.168.1.106   192.168.1.106       1
  255.255.255.255  255.255.255.255   192.168.10.100  192.168.10.100       1
Default Gateway:     192.168.1.106
===========================================================================
Persistent Routes:
  None

C:\DOCUME~1\ADMINI~1>
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 18858366
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.106   192.168.1.106       1

      Route above routing the whole traffic to VPN gateway since it has metric of 1. And has no use. Please delete it by typing the following
            route delete 0.0.0.0 mask 0.0.0.0 192.168.1.106
And delete the one with metric 21
            route delete 0.0.0.0 mask 0.0.0.0 192.168.10.1


PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : lights.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No                <----------------!!!
        IP Address. . . . . . . . . . . . : 192.168.1.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.106
        DNS Servers . . . . . . . . . . . : 192.168.1.35
        Primary WINS Server . . . . . . . : 192.168.1.35


IP config is configured manually which means you typed the gateway of 192.168.1.106 manually somewhere. You should delete it and leave blank. (skip this phase if you dont kow how to)

now add the following routes
                 route add 192.168.1.0 mask 255.255.255.0 192.168.1.106 -p
                 route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p


0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18858438
My apologies jmkbrown. Though I have set up dozens of PPTP VPN's I have never actually done one with SBS. So I though it was time I did <G>. It does create the virtual/VPN adapter, called "connect to SBS", but as you stated, you have none of those options. It forces you to use the defaults. Good to know.

>>"I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network"
MrHusy, though your routing recommendations are what one would normally request, will they not direct Internet access to the local gateway rather than the remote as jmkbrown asked ??
Looks like the default configuration would meet that request, in which case the problem may exist on the SBS end.
0
 

Author Comment

by:jmkbrown
ID: 18858453
works GREAT thanks!
0
 

Author Comment

by:jmkbrown
ID: 18858478
say i wanted to do this on other computers, what would i change on each computer?
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858486
My pleasure jmkbrown.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18858537
         Create a batch file and write following into it

      route delete 0.0.0.0 mask 0.0.0.0 192.168.1.106
      route delete 0.0.0.0 mask 0.0.0.0 192.168.10.1
      route add 192.168.1.0 mask 255.255.255.0 192.168.1.106 -p
      route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p

Save the batch file in a shared directory. And just double-click in other clients :) .



0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18860259
A couple of things I did notice earlier:
>>"I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network"
This is the default configuration, Internet access through the SBS network. MrHusy's work around with the "route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p" will no doubt give you Internet acces,s but through the local gateway not the SBS. You can confirm this with tracert. Though this works well, it is not what you were asking, but may be what you were trying to achieve. Keep in mind there are security risks with this.

Also, the server hands out IP's to the VPN client using DHCP. The IPconfig result showing "Dhcp Enabled. . . . : No ". is normal, even though DHCP is enabled, when using a PPP adapter. Because of this, the IP for the client may change and you have built static routes based on the current IP. There is no guarantee after the DHCP lease expires, that your route will still work. If you would like to use this method, again not recommended, you will need to assign static IP's to the VPN clients using Active Directory under the dial-in tab of the user's properties.

As Jeff has also pointed out, it looks like the client was properly configured with the defaults but the SBS may not have been, and therefore blocking Internet access through the SBS network.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now