Solved

Share access on VPN

Posted on 2008-11-01
9
323 Views
Last Modified: 2010-04-21
I have setup a VPN to a network using AD for authentication. I can dial into the VPN fine.
I can ping all servers by ip and name
i can remote desktop the server

When I  attempt to connect to a share using \\servername\share from the run command the only thing I get is an authentication dialog but it will not connect to the share. I have tried all of the following combination username, server\username, domain\username, ip\username. it just returns back to the dialog box.

I have set the permissions on the share to the
VPN group,myusername (I am an enterprise admin), as well as the everyone group.
0
Comment
Question by:sti-tech
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22860004
Try adding the DNS suffix, such as MyDomain.local to the client's VPN adapter configuration under advanced TCP/IP properties on the DNS page/tab.
Also make sure the VPN client points to the internal DNS server IP, for DNS and not the ISP.
0
 

Author Comment

by:sti-tech
ID: 22861470
Robwill, Thanks for the possiblities. How do I make sure the client is getting the DNS IP and not the ISP. I am using DHCP to assign the client IP from the server but is still shows the ISP. Also will the subnet always be 255.255.255.255. My internal subnet is 255.255.255.128 and I didn't know if this mattered? I don't understand why I can remote desktop. I seemed like a permissions thing but DSN was suggested by a colleague but with no spicific way to tune.
Thanks,
sti-tech
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22861683
How is your VPN configured? i.e are you using the Windows VPN or a 3rd party router solution?

Assuming it is the Windows VPN; connect to the server using the VPN from the client machine and run  ipconfig  /all.
Under the PPP adapter configuration it will show the DNS server being used. If it is not your server the problem is 1 of 2 things:
1) if your are using a DHCP relay agent in the VPN configuration (another server or router) that device is handing out the ISP's DNS rather than your server, which is wrong not only just for the VPN but also the LAN clients.
2) if using DHCP within the RRAS configuration, or a static address pool, the VPN client gets it's DNS IP from the network adapter of the server. Again this should be the server itself, so it would seem it has the ISP's DNS rather than itself, which is wrong and can cause name resolution delays.

As for the subnet mask, it may seem odd but 255.255.255.255 is correct for the VPN client and the gateway will be the same as the virtual adapter's assigned DHCP address.
0
 

Author Comment

by:sti-tech
ID: 22863515
Robwill,
I tried your first suggestion to put the DNS suffix in the client settings (I am using the Windows client). The VPN would not connect - Error "691 Access denied because the username and/or password was invalid on the domain"

I also check my IP settings and it does returns the following
IP Address = private address from DHCP
subnet mask 255.255.255.255
Default gateway = same as adapter Ip address
DNS server = IP address of my internal DNS server
 Thanks for any help,
Sti-tech
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 22863548
Interesting. You would more often get the 691 error without the suffix. It is a domain I assume, and you are sure it is the correct suffix, and inserted as per the following link?
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg

The IP configuration looks good.

There are options such as the LMHosts file and such, But DNS is the better solution. The others can be reviewed on my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 

Author Comment

by:sti-tech
ID: 22890676
RobWill, Well After working on this problem for some time I connected to the server via VPN on another machine and everything worked fine. I was able to see the share and move files around. So I have determined that the problem is with with my laptop. I have checked all of the setting, turned off firewall,  and still cannot see the share on my laptop. Any ideas on that.

Thanks a bunch for confirming all of the settings and the blog link. Great link I learned a lot.
Matt
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 125 total points
ID: 22891193
It is possible it is related to too high an MTU value, assuming you get the logon dialog box, and then get no further. Usually you can get to the share but not transfer a file. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1260, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 

Author Closing Comment

by:sti-tech
ID: 31512321
Thanks for all of your help you have helped me expand my VPN knowledge to a more comfortable level.
mw
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22917701
Thanks sti-tech.
Cheers !
--Rob
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now