Windows Server 2008 and VPN on Home Network

Posted on 2008-09-29
Last Modified: 2012-05-05
Hi all,

I have Windows Server 2008 loaded on to a machine at home and was trying to get it setup to allow VPN connections remotely.
I have a vanilla install of Windows Server 2008 and I created a few users and installed the Remote Access Role.

1x Wireless router (with VPN port forwarding pointing to the server's IP)
1x Home PC (running Vista 64bit SP1)
2x Laptop (both running Vista 32bit SP1)

I have been able to connect through the VPN on the home pc and one laptop(not on the home network) but I keep getting limited connectivity on both VPN connections (1 internal network and 1 external network).

The other laptop cannot establish any connection to the VPN at all

1. Does anyone know what I could do to fix the limited connectivity problem?
2. Any ideas about the laptop that cannot establish any VPN connection at all?

Router settings:
Subnet Mask:
DHCP: <->
Primary DNS (Router):
Windows 2008 Server IP: (static)
Other machine on home network:

Any help would really be appreciated.

Thanks in advance
Question by:Seany84
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7

Expert Comment

ID: 22602567
In your routing and remote access, you need to add a DHCP Relay Agent.

This is found under ServerName, IPv4, DHCP Relay Agent

Author Comment

ID: 22610230
I have added the IP address of the router in the DHCP relay agent on the server (

I have been unable to test this VPN remotely today, however,

I am still having the problem of no internet connectivity once I VPN from my home machine into the server via the wireless router. I can VPN although as I said I still have no internet connectivity.

I will reply tomorrow as I will be able to test the VPN remotely then.

Any suggestions for resolving this loss of internet connectivity once the VPN is established?


Expert Comment

ID: 22611240
Basically when the VPN comes up, it sets the VPN endpoint as the default gateway.

This can be overcome in a couple of ways.

You can either leave it as is, and turn on LAN Routing on the Server, and use the Server sides internet gateway.


You can change your routes manually.

To do this, open up a command prompt.

Type 'route print'

You should see two destination networks as

Type 'route delete mask <LOCAL VPN IP>'
Then 'route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>'

You can also automate the above in a bat file for easy implementation.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22612731
Thanks again for the reply MrJemson.

Before I make one of the changes you recommended above can I ask:
Will either of these solutions work for both VPN on the home network & when someone is connected externally? Which one would you recommend using? Max number of developers on the network will be myself + 1/2 others.

Also, the second approach you mentioned using the ROUTE ADD/DELETE commands.. Are they run from the server's command prompt or the connecting client's?

Author Comment

ID: 22658840
this question is still awaiting a correct answer.


Accepted Solution

MrJemson earned 500 total points
ID: 22664350
Sorry Seany84, I must have missed your reply there.

The add/delete route command is run on the client once the connection is made.

If it is yourself and 1 or 2 other developers, It would be easiest to just create the .bat file on your computer and the other developers computer. This way you will use your own internet connection, and only the VPN subnet will be routed across the VPN.

Open a new notepad file, type:

route delete mask <LOCAL VPN IP>
route add <VPN SUBNET> mask <VPN MASK> <LOCAL VPN IP>

Go to File -> Save As
Select 'All File Types'
Call it 'VPN.bat' or something and save on desktop
Run whenever you connect to the VPN.

This will work no matter where the client connects from.

Author Comment

ID: 22676831
Thanks for the info but I am just a little unsure about some of the IP's you mentioned. i.e. <VPN SUBNET> and <VPN MASK>
From the attached code snippet I presume that <LOCAL VPN IP> is so what values should I use for the VPN SUBNET and MASK?
Thanks for the help.
The VPN connection listed below is from an external network.

PPP adapter VPN Home External:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Home External
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
   Description . . . . . . . . . . . : Atheros AR5006EX Wireless Network Adapt
   Physical Address. . . . . . . . . : 00-1B-9E-DD-F2-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c085:d319:c85c:6aa8%11(Preferred)
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : 03 September 2008 23:38:58
   Lease Expires . . . . . . . . . . : 04 September 2008 23:38:58
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window


Expert Comment

ID: 22682950
No problem. Would be as follows:

route delete mask
route add mask

Author Comment

ID: 22683055

I won't be able to test this until next Monday.
I will give you the points/feedback then.


Author Comment

ID: 22809934
I still have not been able to get this to work :(
I have noticed that on the Windows Server 2008 management console that the IP(static) is, which is what I set it to.
When I view the ethernet connection details with ipconfig /all it tells me that the lan IP is (which is inside the DHCP range).
Should I be looking at getting another router at this point?

Expert Comment

ID: 22809959
You router would not be the issue.
You should have two interfaces listed in the ipconfig.
You should have your statically assigned IP, and also an IP on a PPP adapter within your DHCP range.

So the route remove/add did not work?
Did you substitute the correct IP address into the command?

Author Comment

ID: 22810173
It's working! :)
I hold my hand up for this one.. Prior to getting it working I was attempting to run the 'route' command while the VPN was connected..
I just ran the 'route' add/delete commands and then connected to the VPN. As you can see I still have internet connectivity.
Thanks a million for the assistance.
On a side note:
As part of the original post I mentioned I had another developer attempting to connect via VPN to this network. He still cannot connect at all.

I gave him my external IP address and as soon as he tries to connect he is prompted straight away with an error message saying a connection could not be established.
I have eliminated the possibility of the hardware firewall/anti-virus blocking this connection on his end.
Would you have any ideas what might be causing this connection to fail? I am fairly sure it is on his end because as soon as he attempts to connect he is shown the error message instantaneously.

Author Closing Comment

ID: 31501392
Thanks for the assistance. Now I can finally get some development done :)
I have another question I hope you could help with as part of the original post..
Thanks again

Expert Comment

ID: 22810289
Correct Username and Password?
Is there a rule in the remote firewall only allowing connection from certain IP ranges?

Author Comment

ID: 22813062
He definitely has the correct username/password as I have tried it myself.
I got him to turn off both his Windows firewall and his security suite firewall while we tried to establish a connection.

Expert Comment

ID: 22817437
Sorry, I meant the firewall at the server end?

Author Comment

ID: 22827071
I have checked the server's firewall and it is set to allow RRAS.
There is no other firewall between the server and the remote VPN user.
I have some bad info to report on the VPN connection at home.
After being connected to the VPN locally, after 5-10mins I still lose internet connectivity. Internet connectivity can be regained by disconnecting the VPN connection.

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA5508-X vs Barracuda X200 2 79
Dedicated I.P., VPN, both, neither, or what? 12 60
SSIS with VPN COnnection 2 121
Routing certain SSLVPN Traffic to CDN 1 22
One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question