• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1824
  • Last Modified:

Windows Server 2008 and VPN on Home Network

Hi all,

I have Windows Server 2008 loaded on to a machine at home and was trying to get it setup to allow VPN connections remotely.
I have a vanilla install of Windows Server 2008 and I created a few users and installed the Remote Access Role.

Info:
1x Wireless router (with VPN port forwarding pointing to the server's IP)
1x Home PC (running Vista 64bit SP1)
2x Laptop (both running Vista 32bit SP1)

I have been able to connect through the VPN on the home pc and one laptop(not on the home network) but I keep getting limited connectivity on both VPN connections (1 internal network and 1 external network).

The other laptop cannot establish any connection to the VPN at all

1. Does anyone know what I could do to fix the limited connectivity problem?
2. Any ideas about the laptop that cannot establish any VPN connection at all?

Router settings:
IP: 192.168.11.1
Subnet Mask: 255.255.255.0
DHCP: 192.168.11.5 <-> 192.168.11.50
Primary DNS (Router): 192.168.11.1
Windows 2008 Server IP: 192.168.11.69 (static)
Other machine on home network: 192.168.11.5



Any help would really be appreciated.

Thanks in advance
0
Seany84
Asked:
Seany84
  • 10
  • 7
1 Solution
 
MrJemsonCommented:
In your routing and remote access, you need to add a DHCP Relay Agent.

This is found under ServerName, IPv4, DHCP Relay Agent
0
 
Seany84Author Commented:
I have added the IP address of the router in the DHCP relay agent on the server (192.168.11.1).

I have been unable to test this VPN remotely today, however,

I am still having the problem of no internet connectivity once I VPN from my home machine into the server via the wireless router. I can VPN although as I said I still have no internet connectivity.

I will reply tomorrow as I will be able to test the VPN remotely then.

Any suggestions for resolving this loss of internet connectivity once the VPN is established?

Thanks
0
 
MrJemsonCommented:
Basically when the VPN comes up, it sets the VPN endpoint as the default gateway.

This can be overcome in a couple of ways.

You can either leave it as is, and turn on LAN Routing on the Server, and use the Server sides internet gateway.

OR

You can change your routes manually.

To do this, open up a command prompt.

Type 'route print'

You should see two destination networks as 0.0.0.0

Type 'route delete 0.0.0.0 mask 0.0.0.0 <LOCAL VPN IP>'
Then 'route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>'

You can also automate the above in a bat file for easy implementation.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Seany84Author Commented:
Thanks again for the reply MrJemson.

Before I make one of the changes you recommended above can I ask:
Will either of these solutions work for both VPN on the home network & when someone is connected externally? Which one would you recommend using? Max number of developers on the network will be myself + 1/2 others.

Also, the second approach you mentioned using the ROUTE ADD/DELETE commands.. Are they run from the server's command prompt or the connecting client's?
0
 
Seany84Author Commented:
this question is still awaiting a correct answer.

Thanks
0
 
MrJemsonCommented:
Sorry Seany84, I must have missed your reply there.

The add/delete route command is run on the client once the connection is made.

If it is yourself and 1 or 2 other developers, It would be easiest to just create the .bat file on your computer and the other developers computer. This way you will use your own internet connection, and only the VPN subnet will be routed across the VPN.

Open a new notepad file, type:

route delete 0.0.0.0 mask 0.0.0.0 <LOCAL VPN IP>
route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>

Go to File -> Save As
Select 'All File Types'
Call it 'VPN.bat' or something and save on desktop
Run whenever you connect to the VPN.

This will work no matter where the client connects from.
0
 
Seany84Author Commented:
Thanks for the info but I am just a little unsure about some of the IP's you mentioned. i.e. <VPN SUBNET> and <VPN MASK>
From the attached code snippet I presume that <LOCAL VPN IP> is 192.168.11.6 so what values should I use for the VPN SUBNET and MASK?
 
Thanks for the help.
PS.
The VPN connection listed below is from an external network.

PPP adapter VPN Home External:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Home External
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.11.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.11.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Description . . . . . . . . . . . : Atheros AR5006EX Wireless Network Adapt
 
   Physical Address. . . . . . . . . : 00-1B-9E-DD-F2-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c085:d319:c85c:6aa8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 03 September 2008 23:38:58
   Lease Expires . . . . . . . . . . : 04 September 2008 23:38:58
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

0
 
MrJemsonCommented:
No problem. Would be as follows:

route delete 0.0.0.0 mask 0.0.0.0 192.168.11.6
route add 192.168.11.0 mask 255.255.255.0 192.168.11.6
0
 
Seany84Author Commented:
Thanks,

I won't be able to test this until next Monday.
I will give you the points/feedback then.


0
 
Seany84Author Commented:
Hi,
I still have not been able to get this to work :(
I have noticed that on the Windows Server 2008 management console that the IP(static) is 192.168.11.4, which is what I set it to.
When I view the ethernet connection details with ipconfig /all it tells me that the lan IP is 192.168.11.7 (which is inside the DHCP range).
Should I be looking at getting another router at this point?
 
0
 
MrJemsonCommented:
You router would not be the issue.
You should have two interfaces listed in the ipconfig.
You should have your statically assigned IP, and also an IP on a PPP adapter within your DHCP range.

So the route remove/add did not work?
Did you substitute the correct IP address into the command?
0
 
Seany84Author Commented:
It's working! :)
I hold my hand up for this one.. Prior to getting it working I was attempting to run the 'route' command while the VPN was connected..
I just ran the 'route' add/delete commands and then connected to the VPN. As you can see I still have internet connectivity.
Thanks a million for the assistance.
On a side note:
As part of the original post I mentioned I had another developer attempting to connect via VPN to this network. He still cannot connect at all.

I gave him my external IP address and as soon as he tries to connect he is prompted straight away with an error message saying a connection could not be established.
I have eliminated the possibility of the hardware firewall/anti-virus blocking this connection on his end.
Would you have any ideas what might be causing this connection to fail? I am fairly sure it is on his end because as soon as he attempts to connect he is shown the error message instantaneously.
0
 
Seany84Author Commented:
Thanks for the assistance. Now I can finally get some development done :)
I have another question I hope you could help with as part of the original post..
Thanks again
0
 
MrJemsonCommented:
Correct Username and Password?
Is there a rule in the remote firewall only allowing connection from certain IP ranges?
0
 
Seany84Author Commented:
He definitely has the correct username/password as I have tried it myself.
I got him to turn off both his Windows firewall and his security suite firewall while we tried to establish a connection.
0
 
MrJemsonCommented:
Sorry, I meant the firewall at the server end?
0
 
Seany84Author Commented:
I have checked the server's firewall and it is set to allow RRAS.
There is no other firewall between the server and the remote VPN user.
 
I have some bad info to report on the VPN connection at home.
After being connected to the VPN locally, after 5-10mins I still lose internet connectivity. Internet connectivity can be regained by disconnecting the VPN connection.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 10
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now