VPN Problems

Once i connect to a VPN i cannot acces the interent, im connecting to the VPN using SBSPackage.exe. If i connect any other way then I cant browse to the company website.
jmkbrownAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan Huseyin KayahanCommented:
                          *Make sure that in TCP/IP properties>advanced (networking tab) "Use default gateway on remote network" is NOT chosen. If it is ticked, please empty its box and apply.
0
jmkbrownAuthor Commented:
i dont have that option since im connecting with SBSPackage i read on microsofts website that i need enable split tunneling or change the routing but im not sure how to do either
0
Alan Huseyin KayahanCommented:
I hope this helps
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22063856.html?sfQueryTermInfo=1+sb+split+tunnel+vpn

If you can't do split tunnelling, you would define routes to sbs clients by route command "route add ....."
 
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jmkbrownAuthor Commented:
i have to use the SBS connection becuase if i dont then the company website cant be accessed
0
jmkbrownAuthor Commented:
ok so i need to add a route... but what im i routeing from and to?
0
jmkbrownAuthor Commented:
ok i did the add route and for the IP of my gateway it told me it was a bad argument
0
Alan Huseyin KayahanCommented:
            *Please post me what you ve typed.
             *Make sure VPN connection is established while adding route.
0
jmkbrownAuthor Commented:
route add 192.168.10.0 255.255.255.0 192.168.10.1 -p

0
Alan Huseyin KayahanCommented:
write it as following
             route add 192.168.10.0 mask 255.255.255.0 192.168.10.1 -p
0
jmkbrownAuthor Commented:
ok the route add worked, but i still cannot browse the internet :-(
0
Alan Huseyin KayahanCommented:
       so you now need default route
              I assume that 192.168.10.0 is vpn network and lets say that 10.5.10.0 is your local network that you conenct to internet by 10.5.10.1 gateway. Then you ve to type the following default route.
              route add 0.0.0.0 mask 0.0.0.0 10.5.10.1 -p
0
Rob WilliamsCommented:
Are you sure the default gateway option does not exist on your virtual/VPN connection. I understand you need to use the SBS connection software, but it should automatically create the same VPN adapter, but with more complete connection information. Double check:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
Rob WilliamsCommented:
ps-  this is on the connecting client computer
0
jmkbrownAuthor Commented:
I'm going to re-explain our situation if you don't mind.  Our local gateway is 192.168.10.1 and the remote gateway is 192.168.1.1.  I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network.  What commands do I need to run to acheive this??  Thanks in advance.
0
Alan Huseyin KayahanCommented:
                *First, delete routes if you ve created any by typing same line with route delete instead route add.
                 *Now type route print then make sure None writes under Persistant routes.
                 *If you ve assigned manual gateways, remove them from TCP/IP properties of every connection.
                 *In their respective order type the following commands
                  route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 -p
                  route add 0.0.0.0 mask 0.0.0.0 192.168.10.1
                   
0
jmkbrownAuthor Commented:
Rob, those options dont exist when using an SBS conenction, it doest create anything like you are talking about
0
Alan Huseyin KayahanCommented:
              forgot to add -p to the last route.
               route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 -p
               route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p
            * When you type route print, you should see the default route (the one with 0.0.0.0) at the bottom in persistants.
0
Rob WilliamsCommented:
>>"it doest create anything like "
How do you connect then? You would need an icon to click on which should be the VPN/Virtual adapter.
However, the default gateway is not what you want. Sorry. That is exactly the opposite. That allows remote network access and local Internet access simultaneously. You want both remote, which should be the default configuration, with no routing re-configuration at all.
Was the VPN created on the SBS using the wizard [ server management | Internet and e-mail | create remote access] ?  If so this is supposed to create the necessary routing on the SBS and firewall exceptions. The client by default forces ALL traffic to the SBS.
0
jmkbrownAuthor Commented:
MrHusy, i tried that and the first one failed it siad something about the gateways not being on the same network, and yes, i am connected to the VPN
0
Alan Huseyin KayahanCommented:
           *You are adding these routes for clientside right?
            *.Would you please post the output of ipconfig /all and route print commands?
0
Alan Huseyin KayahanCommented:
         *Please run the commands while you are connected by VPN and cant access internet.
0
jmkbrownAuthor Commented:
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : test
        Primary Dns Suffix  . . . . . . . : PCCSInc.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : PCCSInc.local
                                            lights.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
        Physical Address. . . . . . . . . : 00-03-47-CA-BA-FF
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 4.2.2.1
                                            4.2.2.2
                                            4.2.2.1
        Lease Obtained. . . . . . . . . . : Thursday, April 05, 2007 10:50:10 AM

        Lease Expires . . . . . . . . . . : Friday, April 06, 2007 10:50:10 AM

PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : lights.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.106
        DNS Servers . . . . . . . . . . . : 192.168.1.35
        Primary WINS Server . . . . . . . : 192.168.1.35

C:\DOCUME~1\ADMINI~1>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 03 47 ca ba ff ...... Intel(R) PRO/100 VE Network Connection - Packet
Scheduler Miniport
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.106   192.168.1.106       1
          0.0.0.0          0.0.0.0     192.168.10.1  192.168.10.100       21
      66.14.125.5  255.255.255.255     192.168.10.1  192.168.10.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.1.106  255.255.255.255        127.0.0.1       127.0.0.1       50
    192.168.1.255  255.255.255.255    192.168.1.106   192.168.1.106       50
     192.168.10.0    255.255.255.0   192.168.10.100  192.168.10.100       20
   192.168.10.100  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.10.255  255.255.255.255   192.168.10.100  192.168.10.100       20
        224.0.0.0        240.0.0.0   192.168.10.100  192.168.10.100       20
        224.0.0.0        240.0.0.0    192.168.1.106   192.168.1.106       1
  255.255.255.255  255.255.255.255    192.168.1.106   192.168.1.106       1
  255.255.255.255  255.255.255.255   192.168.10.100  192.168.10.100       1
Default Gateway:     192.168.1.106
===========================================================================
Persistent Routes:
  None

C:\DOCUME~1\ADMINI~1>
0
Alan Huseyin KayahanCommented:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.106   192.168.1.106       1

      Route above routing the whole traffic to VPN gateway since it has metric of 1. And has no use. Please delete it by typing the following
            route delete 0.0.0.0 mask 0.0.0.0 192.168.1.106
And delete the one with metric 21
            route delete 0.0.0.0 mask 0.0.0.0 192.168.10.1


PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : lights.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No                <----------------!!!
        IP Address. . . . . . . . . . . . : 192.168.1.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.106
        DNS Servers . . . . . . . . . . . : 192.168.1.35
        Primary WINS Server . . . . . . . : 192.168.1.35


IP config is configured manually which means you typed the gateway of 192.168.1.106 manually somewhere. You should delete it and leave blank. (skip this phase if you dont kow how to)

now add the following routes
                 route add 192.168.1.0 mask 255.255.255.0 192.168.1.106 -p
                 route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
My apologies jmkbrown. Though I have set up dozens of PPTP VPN's I have never actually done one with SBS. So I though it was time I did <G>. It does create the virtual/VPN adapter, called "connect to SBS", but as you stated, you have none of those options. It forces you to use the defaults. Good to know.

>>"I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network"
MrHusy, though your routing recommendations are what one would normally request, will they not direct Internet access to the local gateway rather than the remote as jmkbrown asked ??
Looks like the default configuration would meet that request, in which case the problem may exist on the SBS end.
0
jmkbrownAuthor Commented:
works GREAT thanks!
0
jmkbrownAuthor Commented:
say i wanted to do this on other computers, what would i change on each computer?
0
Alan Huseyin KayahanCommented:
My pleasure jmkbrown.
0
Alan Huseyin KayahanCommented:
         Create a batch file and write following into it

      route delete 0.0.0.0 mask 0.0.0.0 192.168.1.106
      route delete 0.0.0.0 mask 0.0.0.0 192.168.10.1
      route add 192.168.1.0 mask 255.255.255.0 192.168.1.106 -p
      route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p

Save the batch file in a shared directory. And just double-click in other clients :) .



0
Rob WilliamsCommented:
A couple of things I did notice earlier:
>>"I need to connect via VPN and be able to access BOTH the internet and the intranet on the remote network"
This is the default configuration, Internet access through the SBS network. MrHusy's work around with the "route add 0.0.0.0 mask 0.0.0.0 192.168.10.1 -p" will no doubt give you Internet acces,s but through the local gateway not the SBS. You can confirm this with tracert. Though this works well, it is not what you were asking, but may be what you were trying to achieve. Keep in mind there are security risks with this.

Also, the server hands out IP's to the VPN client using DHCP. The IPconfig result showing "Dhcp Enabled. . . . : No ". is normal, even though DHCP is enabled, when using a PPP adapter. Because of this, the IP for the client may change and you have built static routes based on the current IP. There is no guarantee after the DHCP lease expires, that your route will still work. If you would like to use this method, again not recommended, you will need to assign static IP's to the VPN clients using Active Directory under the dial-in tab of the user's properties.

As Jeff has also pointed out, it looks like the client was properly configured with the defaults but the SBS may not have been, and therefore blocking Internet access through the SBS network.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.