• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Share access on VPN

I have setup a VPN to a network using AD for authentication. I can dial into the VPN fine.
I can ping all servers by ip and name
i can remote desktop the server

When I  attempt to connect to a share using \\servername\share from the run command the only thing I get is an authentication dialog but it will not connect to the share. I have tried all of the following combination username, server\username, domain\username, ip\username. it just returns back to the dialog box.

I have set the permissions on the share to the
VPN group,myusername (I am an enterprise admin), as well as the everyone group.
0
sti-tech
Asked:
sti-tech
  • 5
  • 4
1 Solution
 
Rob WilliamsCommented:
Try adding the DNS suffix, such as MyDomain.local to the client's VPN adapter configuration under advanced TCP/IP properties on the DNS page/tab.
Also make sure the VPN client points to the internal DNS server IP, for DNS and not the ISP.
0
 
sti-techAuthor Commented:
Robwill, Thanks for the possiblities. How do I make sure the client is getting the DNS IP and not the ISP. I am using DHCP to assign the client IP from the server but is still shows the ISP. Also will the subnet always be 255.255.255.255. My internal subnet is 255.255.255.128 and I didn't know if this mattered? I don't understand why I can remote desktop. I seemed like a permissions thing but DSN was suggested by a colleague but with no spicific way to tune.
Thanks,
sti-tech
0
 
Rob WilliamsCommented:
How is your VPN configured? i.e are you using the Windows VPN or a 3rd party router solution?

Assuming it is the Windows VPN; connect to the server using the VPN from the client machine and run  ipconfig  /all.
Under the PPP adapter configuration it will show the DNS server being used. If it is not your server the problem is 1 of 2 things:
1) if your are using a DHCP relay agent in the VPN configuration (another server or router) that device is handing out the ISP's DNS rather than your server, which is wrong not only just for the VPN but also the LAN clients.
2) if using DHCP within the RRAS configuration, or a static address pool, the VPN client gets it's DNS IP from the network adapter of the server. Again this should be the server itself, so it would seem it has the ISP's DNS rather than itself, which is wrong and can cause name resolution delays.

As for the subnet mask, it may seem odd but 255.255.255.255 is correct for the VPN client and the gateway will be the same as the virtual adapter's assigned DHCP address.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sti-techAuthor Commented:
Robwill,
I tried your first suggestion to put the DNS suffix in the client settings (I am using the Windows client). The VPN would not connect - Error "691 Access denied because the username and/or password was invalid on the domain"

I also check my IP settings and it does returns the following
IP Address = private address from DHCP
subnet mask 255.255.255.255
Default gateway = same as adapter Ip address
DNS server = IP address of my internal DNS server
 Thanks for any help,
Sti-tech
0
 
Rob WilliamsCommented:
Interesting. You would more often get the 691 error without the suffix. It is a domain I assume, and you are sure it is the correct suffix, and inserted as per the following link?
http://www.lan-2-wan.com/Added%20Images/Blog/DNS.jpg

The IP configuration looks good.

There are options such as the LMHosts file and such, But DNS is the better solution. The others can be reviewed on my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
 
sti-techAuthor Commented:
RobWill, Well After working on this problem for some time I connected to the server via VPN on another machine and everything worked fine. I was able to see the share and move files around. So I have determined that the problem is with with my laptop. I have checked all of the setting, turned off firewall,  and still cannot see the share on my laptop. Any ideas on that.

Thanks a bunch for confirming all of the settings and the blog link. Great link I learned a lot.
Matt
0
 
Rob WilliamsCommented:
It is possible it is related to too high an MTU value, assuming you get the logon dialog box, and then get no further. Usually you can get to the share but not transfer a file. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1260, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm
0
 
sti-techAuthor Commented:
Thanks for all of your help you have helped me expand my VPN knowledge to a more comfortable level.
mw
0
 
Rob WilliamsCommented:
Thanks sti-tech.
Cheers !
--Rob
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now