Solved

Windows Server 2008 and VPN on Home Network

Posted on 2008-09-29
17
1,808 Views
Last Modified: 2012-05-05
Hi all,

I have Windows Server 2008 loaded on to a machine at home and was trying to get it setup to allow VPN connections remotely.
I have a vanilla install of Windows Server 2008 and I created a few users and installed the Remote Access Role.

Info:
1x Wireless router (with VPN port forwarding pointing to the server's IP)
1x Home PC (running Vista 64bit SP1)
2x Laptop (both running Vista 32bit SP1)

I have been able to connect through the VPN on the home pc and one laptop(not on the home network) but I keep getting limited connectivity on both VPN connections (1 internal network and 1 external network).

The other laptop cannot establish any connection to the VPN at all

1. Does anyone know what I could do to fix the limited connectivity problem?
2. Any ideas about the laptop that cannot establish any VPN connection at all?

Router settings:
IP: 192.168.11.1
Subnet Mask: 255.255.255.0
DHCP: 192.168.11.5 <-> 192.168.11.50
Primary DNS (Router): 192.168.11.1
Windows 2008 Server IP: 192.168.11.69 (static)
Other machine on home network: 192.168.11.5



Any help would really be appreciated.

Thanks in advance
0
Comment
Question by:Seany84
  • 10
  • 7
17 Comments
 
LVL 8

Expert Comment

by:MrJemson
ID: 22602567
In your routing and remote access, you need to add a DHCP Relay Agent.

This is found under ServerName, IPv4, DHCP Relay Agent
0
 

Author Comment

by:Seany84
ID: 22610230
I have added the IP address of the router in the DHCP relay agent on the server (192.168.11.1).

I have been unable to test this VPN remotely today, however,

I am still having the problem of no internet connectivity once I VPN from my home machine into the server via the wireless router. I can VPN although as I said I still have no internet connectivity.

I will reply tomorrow as I will be able to test the VPN remotely then.

Any suggestions for resolving this loss of internet connectivity once the VPN is established?

Thanks
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22611240
Basically when the VPN comes up, it sets the VPN endpoint as the default gateway.

This can be overcome in a couple of ways.

You can either leave it as is, and turn on LAN Routing on the Server, and use the Server sides internet gateway.

OR

You can change your routes manually.

To do this, open up a command prompt.

Type 'route print'

You should see two destination networks as 0.0.0.0

Type 'route delete 0.0.0.0 mask 0.0.0.0 <LOCAL VPN IP>'
Then 'route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>'

You can also automate the above in a bat file for easy implementation.
0
 

Author Comment

by:Seany84
ID: 22612731
Thanks again for the reply MrJemson.

Before I make one of the changes you recommended above can I ask:
Will either of these solutions work for both VPN on the home network & when someone is connected externally? Which one would you recommend using? Max number of developers on the network will be myself + 1/2 others.

Also, the second approach you mentioned using the ROUTE ADD/DELETE commands.. Are they run from the server's command prompt or the connecting client's?
0
 

Author Comment

by:Seany84
ID: 22658840
this question is still awaiting a correct answer.

Thanks
0
 
LVL 8

Accepted Solution

by:
MrJemson earned 500 total points
ID: 22664350
Sorry Seany84, I must have missed your reply there.

The add/delete route command is run on the client once the connection is made.

If it is yourself and 1 or 2 other developers, It would be easiest to just create the .bat file on your computer and the other developers computer. This way you will use your own internet connection, and only the VPN subnet will be routed across the VPN.

Open a new notepad file, type:

route delete 0.0.0.0 mask 0.0.0.0 <LOCAL VPN IP>
route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>

Go to File -> Save As
Select 'All File Types'
Call it 'VPN.bat' or something and save on desktop
Run whenever you connect to the VPN.

This will work no matter where the client connects from.
0
 

Author Comment

by:Seany84
ID: 22676831
Thanks for the info but I am just a little unsure about some of the IP's you mentioned. i.e. <VPN SUBNET> and <VPN MASK>
From the attached code snippet I presume that <LOCAL VPN IP> is 192.168.11.6 so what values should I use for the VPN SUBNET and MASK?
 
Thanks for the help.
PS.
The VPN connection listed below is from an external network.

PPP adapter VPN Home External:
 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : VPN Home External

   Physical Address. . . . . . . . . :

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv4 Address. . . . . . . . . . . : 192.168.11.6(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.255

   Default Gateway . . . . . . . . . : 0.0.0.0

   DNS Servers . . . . . . . . . . . : 192.168.11.1

   NetBIOS over Tcpip. . . . . . . . : Enabled
 

Wireless LAN adapter Wireless Network Connection:
 

   Description . . . . . . . . . . . : Atheros AR5006EX Wireless Network Adapt
 

   Physical Address. . . . . . . . . : 00-1B-9E-DD-F2-8A

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::c085:d319:c85c:6aa8%11(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : 03 September 2008 23:38:58

   Lease Expires . . . . . . . . . . : 04 September 2008 23:38:58

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22682950
No problem. Would be as follows:

route delete 0.0.0.0 mask 0.0.0.0 192.168.11.6
route add 192.168.11.0 mask 255.255.255.0 192.168.11.6
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Seany84
ID: 22683055
Thanks,

I won't be able to test this until next Monday.
I will give you the points/feedback then.


0
 

Author Comment

by:Seany84
ID: 22809934
Hi,
I still have not been able to get this to work :(
I have noticed that on the Windows Server 2008 management console that the IP(static) is 192.168.11.4, which is what I set it to.
When I view the ethernet connection details with ipconfig /all it tells me that the lan IP is 192.168.11.7 (which is inside the DHCP range).
Should I be looking at getting another router at this point?
 
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22809959
You router would not be the issue.
You should have two interfaces listed in the ipconfig.
You should have your statically assigned IP, and also an IP on a PPP adapter within your DHCP range.

So the route remove/add did not work?
Did you substitute the correct IP address into the command?
0
 

Author Comment

by:Seany84
ID: 22810173
It's working! :)
I hold my hand up for this one.. Prior to getting it working I was attempting to run the 'route' command while the VPN was connected..
I just ran the 'route' add/delete commands and then connected to the VPN. As you can see I still have internet connectivity.
Thanks a million for the assistance.
On a side note:
As part of the original post I mentioned I had another developer attempting to connect via VPN to this network. He still cannot connect at all.

I gave him my external IP address and as soon as he tries to connect he is prompted straight away with an error message saying a connection could not be established.
I have eliminated the possibility of the hardware firewall/anti-virus blocking this connection on his end.
Would you have any ideas what might be causing this connection to fail? I am fairly sure it is on his end because as soon as he attempts to connect he is shown the error message instantaneously.
0
 

Author Closing Comment

by:Seany84
ID: 31501392
Thanks for the assistance. Now I can finally get some development done :)
I have another question I hope you could help with as part of the original post..
Thanks again
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22810289
Correct Username and Password?
Is there a rule in the remote firewall only allowing connection from certain IP ranges?
0
 

Author Comment

by:Seany84
ID: 22813062
He definitely has the correct username/password as I have tried it myself.
I got him to turn off both his Windows firewall and his security suite firewall while we tried to establish a connection.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22817437
Sorry, I meant the firewall at the server end?
0
 

Author Comment

by:Seany84
ID: 22827071
I have checked the server's firewall and it is set to allow RRAS.
There is no other firewall between the server and the remote VPN user.
 
I have some bad info to report on the VPN connection at home.
After being connected to the VPN locally, after 5-10mins I still lose internet connectivity. Internet connectivity can be regained by disconnecting the VPN connection.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now