asked on
VPN connection not browseable
I've googled this extensively and found many discussions of the problem, but the specific steps to resolve it are unclear. CompanyX has 2003 SBS Server with Routing and Remote Access configured and running properly for VPN access. Server is 192.168.1.100
Pointy Haired Boss has laptop and uses it at Tennis Club and Home. At Tennis Club, router DHCP's him 10.0.0.x and life is good. VPN connects with no problem, in Windows Explorer he can browse network neighborhood and server shares, etc. PHB is happy.
At home, his router DHCP's him 192.168.1.101 and life is not good. VPN session actually connects, but because laptop is now in the same IP space as the server we have problems. Basically all requests from laptop to 192.168.0.100 (which is *supposed* to hit server on the OTHER end of the VPN) end up going to oblivion as laptop thinks it's trying to contact a *local* server on the SAME side of the VPN (which does not exist.)
Lots of people have seen this problem. Very common since small offices and homes very often are set up with routers from belkin/linksys/netgear all using a common 192.168.1.x space.
One common answer to this problem is: "tough luck. Reassign one of the networks to a different private IP space." Bummer Pointy Haired Boss doesn't want his office changed or his home changed. (Can't really blame him: "The VPN works fine from the Tennis Club to the office server, and our other telecommuters can get in from all kinds of other outside networks, so there's clearly nothing wrong with the server itself. Don't mess with the server." "OK, then I gotta change the addresses at your house." "Why?!? That's absurd! My computer works fine! I get internet, email, my wife's works, the kids' works! You've gotta be stupid or something! I may not be a tech, but I know enough to be sure there is nothing wrong with my home network. Don't go messing with all my home systems (and potentially get me in a whole lot of trouble with Mrs. Pointy Haired Boss when somethign goes wrong...) blah, blah, blah" PBH is sure (and correct) that office server VPN is fine. PBH is sure (and, in a sense correct) that home network is fine. PHB wants VPN working from home without tweaking home IP space. Not-negotiable.
OK, so second common answer is: "this can be fixed by configuring a static route through the VPN." However, the several times I saw this second option mentioned, no details were provided. (Not even enough to make it clear if that route is to be added on the XP client side or the 2003 SBS server side.) And there certainly were no specific steps about where this magical happy solution called a "static route" is to be configured. Command line on XP client? Wizard on 2003 SBS? Routing and Remote Access MMC snap-in on 2003 SBS?
Pointy Haired Boss has laptop and uses it at Tennis Club and Home. At Tennis Club, router DHCP's him 10.0.0.x and life is good. VPN connects with no problem, in Windows Explorer he can browse network neighborhood and server shares, etc. PHB is happy.
At home, his router DHCP's him 192.168.1.101 and life is not good. VPN session actually connects, but because laptop is now in the same IP space as the server we have problems. Basically all requests from laptop to 192.168.0.100 (which is *supposed* to hit server on the OTHER end of the VPN) end up going to oblivion as laptop thinks it's trying to contact a *local* server on the SAME side of the VPN (which does not exist.)
Lots of people have seen this problem. Very common since small offices and homes very often are set up with routers from belkin/linksys/netgear all using a common 192.168.1.x space.
One common answer to this problem is: "tough luck. Reassign one of the networks to a different private IP space." Bummer Pointy Haired Boss doesn't want his office changed or his home changed. (Can't really blame him: "The VPN works fine from the Tennis Club to the office server, and our other telecommuters can get in from all kinds of other outside networks, so there's clearly nothing wrong with the server itself. Don't mess with the server." "OK, then I gotta change the addresses at your house." "Why?!? That's absurd! My computer works fine! I get internet, email, my wife's works, the kids' works! You've gotta be stupid or something! I may not be a tech, but I know enough to be sure there is nothing wrong with my home network. Don't go messing with all my home systems (and potentially get me in a whole lot of trouble with Mrs. Pointy Haired Boss when somethign goes wrong...) blah, blah, blah" PBH is sure (and correct) that office server VPN is fine. PBH is sure (and, in a sense correct) that home network is fine. PHB wants VPN working from home without tweaking home IP space. Not-negotiable.
OK, so second common answer is: "this can be fixed by configuring a static route through the VPN." However, the several times I saw this second option mentioned, no details were provided. (Not even enough to make it clear if that route is to be added on the XP client side or the 2003 SBS server side.) And there certainly were no specific steps about where this magical happy solution called a "static route" is to be configured. Command line on XP client? Wizard on 2003 SBS? Routing and Remote Access MMC snap-in on 2003 SBS?
SBSWindows Server 2003
Last Comment
alexmiby
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
What I forgot to add is that you could add this route as a persistent one, i.e. with /p switch. This means it won't be lost after rebooting or after the VPN is gone. Maybe this could help.
The only thing I will note for anyone's future reference is that if you connect to the VPN and then apply this solution everything works fine. If, however, you then disconnect from the VPN for some reason and later attempt to reconnect to the VPN (without rebooting) it seems that you cannot make the VPN connection. However, rebooting resolves that.