Link to home
Start Free TrialLog in
Avatar of WineGeek
WineGeek

asked on

Routing problem across VPN

This is a Windows SBS 2003 network with 7 workstations. DHCP is being served by the Linksys router (not my choice and Im going to move DHCP to the server tomorrow).

Nancys Office Network
Server: 10.0.12.2
Nancys workstation (static IP): 10.0.12.202
LAN Gateway at office: 10.0.12.254

Nancys Home Network
PC: 192.168.1.102
LAN Gateway: 192.168.1.1
Comcast ISP

Her VPN was working but suddenly stopped working so my co-worker replaced her home Linksys router a month ago but still no go. So now I get called in.

Problem: when I tried to RDP to her workstation at her office from her home, I could establish the VPN connection successfully but once connected to the VPN I cannot ping or RDP to her workstation, which is at 10.0.12.202.

But, I could ping and RDP into the server, which is on the same subnet. They only have a single subnet at the office. And then while RDPd onto their server from Nancys home I could RDP from the server to her office PC at 10.0.12.202.

So, Im concluding that this is some sort of a route/routing problem. Tomorrow Im moving their office DHCP from their Linksys router to their SBS 2003 server for starters, the way it should have been set up. And then continue troubleshooting once thats in place.

Troubleshooting this on her home PC Ive tried watching tracert and adding a static route in her Windows XP Home PC but I have yet to fix the problem. Ive got to go re-learn how to work with routes in Windows XP tonight  been too long.

Ive also verified her user account has all the appropriate permissions and remote dial-in access and is a member of:

Mobile Users
Remote Desktop Users
Remote Web Workplace Users

Any ideas what might be causing us to be unable to RDP to her office PC across the VPN?

Thanks.
Avatar of dauman
dauman
Flag of United States of America image

probably a firewall on her PC at work.
disable her firewall and see if that works. I know nortons you can approve one subnet and because of the VPN the other is not approved by default.

also if you could show your VPN info (without ip's or passwords/phrases) would be helpful if that doesn't fix the issue.

Avatar of WineGeek
WineGeek

ASKER

Thanks, I'll check that. Her home PC is grabbing a local LAN IP on the VPN connection. Don't know if that matters. She'd got McAfee on the work PC. Her Windows firewall was off so I turned it on and enabled Remoted Desktop in the Exceptions list. I cannot find a firewall in McAfee.... anywhere..... so far..... but I've heard tales of vast open spaces in McAfee where countless settings abound... we're going back in next spring.... after the rivers thaw...
Avatar of Rob Williams
Three thoughts:
1) as dauman mentioned, possibly the firewall. Windows creates a firewall exception for RDP connections when you enable it on a PC, however, it usually only allows access from the same LAN/subnet. Either disable the firewall or edit the exception to allow the remote subnet as per following instructions:
http://www.lan-2-wan.com/RD-FW.htm

2) I assume she is using a VPN client. When she connects to the VPN does she get a PPP IP in the same subnet as the office; 10.0.12.x ? If so ignore the following. If not try assigning a static route to her machine.
With a VPN client the IP assigned to the client will change each time, but to narrow down if it is a routing issue you can do the following ,at least as a test. If it works we can find out your network and VPN configuration and create a permanent solution.
-on the connecting client machine connect the VPN
-at a command line run IPConfig and locate the IP for the VPN adapter under PPP connection. Lets assume this is 10.10.10.101
-from the command line enter the following route
route add 10.0.12.0  mask  255.255.255.0  10.10.10.101

3) If the VPN/PPP adapter is assigned an IP in the 192.168.1.x (same as her home network) she will not be able to connect. You will have to change the home network to use a subnet such as 192.168.2.x
I'm remoted into their server right now from home. I think this might be an IP address conflict on the LAN. Right now, they have their Linksys router (the gateway for the LAN) doing DHCP and the DHCP Client List shows 10.0.12.112 as being assigned to the server. When I run IPCONFIG on the server, it shows the PPP Adapter as having this same address of 10.0.12.112. That's the IP address, I"m pretty sure, her home PC was being assigned on the VPN connection from her home. But for all I know that's how it's supposed to be...
Perhaps would help to have more information.

-What are you using for a VPN solution? Sounds like the Windows built-in VPN (Routing and Remote Access)?
-What IP range is assigned to VPN clients?
-What IP range is used at the server site? I assume 10.0.12.x with 255.255.255.0 ?

The server should be running the DHCP service, not the router, for numerous reasons. As a result it is possible there is an overlap between the router's DHCP assignments and the VPN service's DHCP assignments.
VPN Client is the built-in Windows client. The server is not serving DHCP, which I think is the problem. There is no IP address pool assigned to VPN clients that I can find. So the server is serving Routing and Remote Access but not DHCP. ya gotta love it.

tomorrow I'll configure the server as the DHCP server for the LAN instead of the Linksys router doing it, and configure some IPs for RRA and I bet this problem will go away.
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Excellent. Thanks Rob.
Thanks WineGeek.
Cheers !
--Rob
After movign DHCP to their server I ended up having to also remove the DHCP Relay Agent from RRAS. After that things worked ok. RRAS was just never set up properly.
Yes DHCP relay agent won't work if it's the same server as RRAS.
Glad to hear you were able to resolve, and thanks for updating.
--Rob