?
Solved

VPN Disables Internet & Email

Posted on 2008-11-06
14
Medium Priority
?
529 Views
Last Modified: 2012-05-05
My partner uses his laptop (running Microsoft Windows XP Professional SP3) to connect remotely (from his home office) to our firm server (running Microsoft Small Business Server 2003, SP2), which lives in my home office.  He has access to firm files located on the server by way of the Virtual Private Network / VPN function that is built into SBS 2003 and which we enabled on his laptop.

Here's the problem:  Whenever he's using the VPN connection, he CAN'T also use his laptop to browse the Internet or to send or receive email.  As soon as he terminates the VPN connection, his laptop can surf and handle email traffic again, but those functions will not work simultaneously with VPN.  (This "either / or" dynamic imposes burdens and inefficiencies too tedious to describe here.)

I suspect that the VPN connection that SBS 2003 provides is somehow blocking my colleague's normal access to the Internet from his LAN, but since I'm the administrator of the server, so I'm hoping there's some way to alter that constraint.  Please advise.

NOTE:  I'm not too tech savvy, so I'd ask that in offering suggestions, you assume I don't know much jargon and need simple, step-by-step instructions.  Thanks much.

~ David K.
0
Comment
Question by:dkatzen
  • 7
  • 4
  • 3
14 Comments
 
LVL 6

Assisted Solution

by:dathho
dathho earned 1600 total points
ID: 22898701
When you set up the VPN you have the option of enabling filtering on the interface assigned to the VPN connection.  When filtered, only the VPN traffic is permitted back out this interface and nothing else.  If this interface is also your Internet access point it's gateway setting is also the default route for the VPN server to reach the internet.  

You can do one of two things.  Turn off this filtering, or from the client side do not use the default route from the VPN (SBS) server.  From the client you can clear "use default gateway on remote server" under advanced TCP/IP settings. On the server you can adjust the filtering under routing and remote access,  IP routing, general, outside interface...
0
 

Author Comment

by:dkatzen
ID: 22899174
Thanks for the feedback, dathho, but I'm afraid that (as I feared) I can't really tell how to employ your guidance, because of my limited foundational knowledge.  If possible, please tell me what specifically--in step-by-step mode--I or my partner would do to alter settings on the SBS server or on his laptop.  

More on my ignorance:  I just can't tell what novice-friendly "clicks" we would execute to make needed changes.  I understand things like: (a) On the laptop, press the "Start" button; (b) double-click "Control Panel"; (c) double-click "Network Connections"; (d) right-click "Local Area Network," then click "Properties" . . . .

Also, as between adjusting the server or my partner's client laptop, can you steer me to some way to evaluate the pros and cons of each approach?  For example, what are the security risks, and what other functionality might be affected on each end?

I appreciate your help, and I'm sorry I'm so dense.    ~ David
0
 
LVL 1

Assisted Solution

by:raigj
raigj earned 400 total points
ID: 22899540
Hello dkatzen
Has our friend dathho was seying to clear the check mark to use your default gateway..meanining that when you VPN you are going to use the traffic from you LAN connection and not where the SBS is..Do do this you have to go in the client VPN settings..
-Right click on the VPN connection the the client computer> select properties> go to netwrok tab>under (this connection uses the following items:> click on Internet protocols>then properties>advance> then on the general tab uncheck the box..click ok..then close vpn properties..try to VPN again an let me know if this work for you..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dkatzen
ID: 22900108
Thanks for the input, raiqi.  Unfortunately, I'm not able to find my way to the adjustments you propose.  On the client computer, there are two ways to get to some sort of dialog box for the VPN connection, neither of which affords access to the kind of network protocol properties you reference.  Here's what I see:

If I go to the desktop icon labeled "Shortcut to Connect to Small Business Server," I can right-click and get a "Properties" dialog box.  I'm attaching a pdf file with screen shots of the different tab views available through that box, which I've named "Screenshot--Desktop Icon Props."

If I go to "Network Connections" through the Control Panel, there's an item labeled "Connect to Small Business Server," which yields a different properties dialog box.  Again, I'm attaching a screen shot of those tab views, which I've called "Screenshot--Network Item Props."

If there's another path to the adjustments you describe, please tell me how to get there.  Thanks much for any assistance you can provide.

~ David
Screenshot--Desktop-Icon-Props.pdf
Screenshot--Network-Item-Props.pdf
0
 
LVL 1

Expert Comment

by:raigj
ID: 22900406
attach are the direction to change this properties..let me know if that help
vpn.pdf
0
 
LVL 6

Accepted Solution

by:
dathho earned 1600 total points
ID: 22900568
From the client.
Rt click on the connection.
Properties.
Select Networking tab.
Select Internet Protocol (TCP/IPv4)
Properties.
Select Advanced Button
Uncheck "Use Default Gateway on Remote Network"

This should allow the remote client to use it's own gateway setting.


From the VPN Server
Open Routing and Remote Access
Expand IP Routing
Select General
Select Your outside interface
Rt button
Properties
outbound filters button
delete all the filters and select at the top transmit all packets except those below

I can't remember if you need to do the inbound filters also.

This is perfectly safe if you have a firewall between the VPN server and the internet that is only permitting inbound traffic on L2TP, PPTP,  & IKE ports. 1721, 1723, & 500.  If you don't then I would not expose the SBS server like this.  Alternately you can add the ports you need outbound...
http - 80
https - 443
pop3 - 110
smtp - 25

both udp and tcp.


Good luck.  Sorry for the delay.  Busy at the real job this afternoon.  

~David
0
 

Author Comment

by:dkatzen
ID: 22900599
Raiqi--In my last post, I sent files showing the dialog boxes that appear when I access the "properties" for our VPN connections on the laptop clients.  As you will see, UNLIKE the exemplar you sent, there is NO tab called "Networking"--just isn't there.  Maybe that's because the VPN connection was imported/created by the SBS 2003 server.  I'm clueless, other than to say that (as shown in the previously attached screen shots) there is no "Networking" tab in the properties dialog box for our client-side VPN item under the "Network Connections" window accessed via "Control Panel"--we've just got "Options" and "Advanced" (the latter offering info about "Internet Connection Sharing," which I don't think figures in the VPN issue).

So, I remain stumped.  How do I get to a place the actually affects how the client's VPN works--the settings that affect gateways and filtering?  We just don't seem to have those settings to adjust.
0
 
LVL 1

Assisted Solution

by:raigj
raigj earned 400 total points
ID: 22900629
what about if you create another vpn connection from scratch...do you know you vpn ip address..
0
 
LVL 6

Expert Comment

by:dathho
ID: 22900647
dkatzen
don't look at the shortcut.
If XP rt button on network -> properties
then manage network connections
choose your SBS connection
then rt button properties again.
0
 

Author Comment

by:dkatzen
ID: 22901028
Thanks, guys.  Here's what I can report:

On the client side, the "Network Connections" window (via Control Panel) has an item called "Connect to Small Business Server," but its properties just don't have a "Networking" tab, only "Options" and "Advanced" as shown in the prior screenshot file.

I don't know how to create another VPN connection on the client.  The one that is there was created automatically when the client was joined to the SBS domain, based on the attributes I said the client computer or its user should have--I think this comes as part of the "Mobile Users" package.  Or else it's part of the "Remote Connection" feature that's either installed when the client computer is added or via a disk one can have the server generate using a feature called "Create Remote Connection Disk."  

(If it matters, I suspect the VPN address is tied to how one gets to the server over the Internet, and I do know how the system routes that.  We don't have a static IP address, but there's a service that keeps track of what our dynamic address is at the server from time to time, and then redirects traffic that is addressed to us sort of "care of" the redirection service on over to the server.)

On the server-side adjusments that dathho suggested, I was able to get to Routing and Remote Access>IP Routing>General, where there are three items called "Server Local Area Connection," "Loopback," and "Internal."  The first and last items have a properties dialog, both of which include (under a "General" tab) buttons for "Inbound Filters" and "Outbound Filters."  HOWEVER, for "Internal" those buttons are greyed out, and for "Server Local Area Connection," they both have the button labeled "Receive (or Transmit) all packets except those that meet the criteria below" checked (and greyed out), and NO inbound or outbound filters are shown in the space for them to be listed.  Therefore, best I can tell (and unless there is a "VPN" item I didn't find by following "Routing and Remote Access>IP Routing>General"), the server is already configured appropriately in this respect.

Okay, sorry to be so long-winded.  For a "newbie" though, it's hard to know what matters and what's just junk that wastes the reader's time.

Other ideas?  Does it seem this might be peculiar to SBS 2003?  Should we be soliciting input from somebody who just lives and breathes that system?  Not questioning your mastery, just recognizing that it's hard for anybody to be a whiz at ALL this intricate stuff.

~ David K.
0
 
LVL 6

Assisted Solution

by:dathho
dathho earned 1600 total points
ID: 22906863
Yeah sorry, no SBS here.  I guess you have connection manager in the way... -(

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_22603624.html

To do step 2. It's a little different if it's XP or Vista but the basics are the same.

http://compnetworking.about.com/od/windowsxpnetworking/ss/newvpnconnect.htm

 

0
 

Author Comment

by:dkatzen
ID: 22907240
Thanks for additional leads, dathho--this looks promising, but it will take me a while to experiment, since I don't have immediate access to my partner's client-laptop.

If you happen to know, is it the case that the "step 1" proxy setting change would mean my partner couldn't use  Internet/email UNLESS he was also using the VPN and connected to the server?  In other words, if his laptop is configured to use the server's IP connection, would that mean he has no access without the server via VPN?  This wouldn't be optimal, since he can't alway be connected to the server.

~ David
0
 

Author Comment

by:dkatzen
ID: 22913506
Hallelujah!  We've managed to implement the second (client-side) fix from dathho's post of 11-7.  Works like a charm.

Truly a pleasure to have guys like you guide us to good solutions.  Many thanks.

~ David K.
0
 

Author Closing Comment

by:dkatzen
ID: 31514071
Again, though it took a bit to work back to my sticking point and novice level, the solution was most welcome, and I appreciate all the effort you guys invested.  Many thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question