Browse Website / Internet  over Virtual Private Network

enkay18
enkay18 used Ask the Experts™
on
I have a remote  Windows 2003 Server which has 20 IP addresses assigned to it.

My home computer (Windows XP ) is connected to the internet through a DSL line.

I want to connect my home computer to the remote server and obtain a new IP address, subnet mask, default gateway so that I'm able to browse the internet through my Windows 2003 server.

Is there any solution possible? Maybe through VPN ??


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
VPN will allow that. Following is instructions for server 2003. If you are running Small Business Server 2003, please advise as the proper way to configure is different.

The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\192.168.1.111\SharenName.

Author

Commented:
Hi - I followed the steps and setup the VPN on the server and my XP client. When i click the connection to the VPN it shows connecting.....verifying username and password.....registering your computer on the network.....and then it shows an error saying "TCP/IP reported error 733. A connection to remote computer could not be completed"
Top Expert 2013

Commented:
733 error most often indicates the VPN client is not assigned an IP address by the server.
Did you create a static address pool as under "Assigning the IP Address Range for the Clients" in the first link?
If so , on the same 'page' that you set the static address pool, at the bottom of the page you can choose the adapter to associate with the VPN.  "Allow RRAS to select adapter" is the default, which usually works, but try changing to the WAN adapter. If you are only using 1 network adapter this will not be an option.

Another possible cause, but less common with 733 errors: did you choose "allow access" on the dial-up tab of the user's profile in active directory users and computers?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok i'm able to connect to the VPN now, but i'm not able to browse the internet.

Top Expert 2013

Commented:
On the client machine go to: control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | make sure "Use default gateway on remote network", is checked. It is by default

The subnets at the local and remote site must be different, i.e they cannot both use something like 192.168.1.x or you will be able to connect but not "communicate"

Can you ping the router at the server site, by IP?
If so can you ping Google, by IP   64.233.187.99 ?

Author

Commented:
Yes the default gateway on remote network option is checked.

When I do IP Config, following is the info I get :

Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1

PPP adapter VPN:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.2.7
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.2.7

I'm not able to ping 64.233.187.99 ( Google ), the request times out.

I'm not sure but it seems like the Default Gateway assignment on the VPN seems wrong as it says 192.168.2.7 which is the IP address assigned to the client, shouldn't it be the IP address of the server which is showing up as 192.168.2.5.

Author

Commented:
Not sure if I did this correct, but under my DSL Router settings  I added the following NAT -- Virtual Servers Setup

Server Name : VPN
External Port Start : 1723
External Port End : 1723
Protocol : TCP/UDP
Internal Port Start : 1723
Internal Port End : 1723
Server IP Address : 192.168.2.5

Top Expert 2013

Commented:
Your IPconfig results are normal, but I know they do not look as you would expect. The default gateway to the remote network, from your network, is the virtual/PPP adapter itself. Because it encompasses only one IP it uses a 255.255.255.255 subnet mask, which probably looks odd as well, but is typical.

Your port forwarding looks correct as well.
Can you access shares on the remote network, such as:
\\192.168.2.5\ShareName

Author

Commented:
Yeah I'm able to access the shares.
Top Expert 2013
Commented:
Does the VPN server have 2 network adapters?
If so, is 192.168.2.x the LAN subnet or the WAN subnet?
If it is the WAN you can either add a route or change the RRAS static address pool to assign an IP in the same subnet as the LAN. If you wanted to add a route, assuming the LAN were 192.168.123.x you would use, on the client machine:
route add 192.168.123.0 mask 255.255.255.0 192.168.2.7

Author

Commented:
Yes the server has 2 network adapters but the second adapter is disabled and even when its enabled its IP address is not a local address but it is like :
IP Address : 209.X.X.X
Subnet :255.255.255.0
Gateway is 209.X.X.X

So should i still do wut you asked in the previous post?
Also I didn't quiet understand how to add the route, can you please explain. Thank you.

Top Expert 2013

Commented:
No, in that case you should not need to add a route, assuming the VPN clients are using the same subnet as the LAN. Is the VPN server's LAN using 192.168.2.x like the VPN client?

Author

Commented:
No the Server is assigned like 20 live IP addresses like 209.X.X.X

Author

Commented:
Do i need to install DHCP Server on the server?
Top Expert 2013

Commented:
>>"No the Server is assigned like 20 live IP addresses like 209.X.X.X "
Different, but OK. So there is no private IP address (192.168.x.x, 10.x.x.x) and no router. Sorry I should not have assumed.

>>"Do i need to install DHCP Server on the server?"
No. RRAS will provide DHCP addresses for the client/s and seems to be working fine.

@ methods to try:
1) on the VPN client at a command prompt (DOS window) try adding a route by entering the following line, while the VPN is connected:
route  add  209.x.x.x  mask  255.255.255.255  192.168.2.7
where 209.x.x.x is the server's gateway IP, and also make sure 192.168.2.7 is still the current VPN/PPP adapter's IP
DNS may not work at this point so test by seeing if you can ping an Internet IP such as Google  64.233.187.99
If that works we can carry on from there, with DNS
To remove the route if needed:
route  delete  209.x.x.x

2) I haven't done this, but you can try configuring the server as a proxy. On the VPN client machine open Internet explorer and go to tools : Internet options | Connections | LAN Settings | check Use a proxy server for your LAn... | Next to address insert the server's IP and apply.

Author

Commented:
I tried both the methods, none worked :(
Here is the info from the ping and tracert commands :

ping 64.233.18.99
Pinging 64.233.18.99 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 64.233.18.99:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

tracert 64.233.18.99
Tracing route to 99.18.233.64.transedge.com [64.233.18.99]
over a maximum of 30 hops:
  1   395 ms   396 ms   391 ms  192.168.2.5
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.

Author

Commented:
The second adaparter on the server is disabled, does the following article apply in my case?
http://howtonetworking.com/casestudy/vpnbrowsing1.htm

Author

Commented:

Author

Commented:
Hey Man it worked with the second article, i had to setup VPN + NAT.
Top Expert 2013

Commented:
Excellent. I will have to read up on that. I am not familiar with doing so where, as in #2, you have "One static public IP on the outside NIC", or 20 in your case.
tigermattSite Reliability Engineer
Most Valuable Expert 2011

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:

          Accept RobWill's comment as answer.

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tigermatt
Experts Exchange Cleanup Volunteer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial