Solved

Directing a VPN client to a certain PC

Posted on 2009-04-10
20
181 Views
Last Modified: 2013-11-21
Hello,
I already set up a VPN on my server and I'm able to connect.  I was wondering if there was a way to direct individual users to certain PC's.  Basically, I want them to be able to log on to the VPN and the server takes them to their PC.  Any help would be great.

Thanks,
Bryan
0
Comment
Question by:KodiBear
  • 7
  • 3
  • 3
  • +1
20 Comments
 
LVL 5

Expert Comment

by:xtravagan
ID: 24117996
Could you explain better what you mean? A VPN is a network routing feature not a connection to a given machine.

Once they are on the VPN they can connect to their machine via remote desktop for instance?
0
 

Author Comment

by:KodiBear
ID: 24118089
The remote desktop is what I plan on them using.  The problem that I am having is that when they connect via their home PC, its not part of the domain.  So when they open RDP and enter "PC Name" it doesn't resolve pc names.  They have to enter the IP address.  Is there a way to make it direct them to their pc.  Hopefully this explains it better.  I know what I want and need, but have a hard time saying it.  Thanks
0
 
LVL 5

Expert Comment

by:xtravagan
ID: 24118230
I see.

For that to work the VPN connection must set your Domains WINS or DNS server as well. Thus if the connection is the prio connection (usually is) it will resolve names as it should.

Another solution might be to keep a directory on the server suchs as

\\server\connection\PcName.rdp

or via HTTP

Which will start the RDP client with the settings you have either manually put there or generated.

If you are using DHCP for your domain PCs you likely want to generate those files each time and a web page is a good way to do that.

Don't know if there are better ways to do this. I would go for WINS/DNS, but if you don't want to tamper with the uses normal DNS then just change WINS(they normally don't use that anyways). Also if your DNS doesn't recurse internet lookups and just your own domain.

0
 

Author Comment

by:KodiBear
ID: 24118393
How do I set the VPN connection to the DNS or WINS?
0
 
LVL 5

Expert Comment

by:xtravagan
ID: 24118478
What VPN software are you using? Windows built in, openvpn? Which version windows?
0
 

Author Comment

by:KodiBear
ID: 24118489
Windows built in, XP Pro SP3, Server2003
0
 

Author Comment

by:KodiBear
ID: 24119027
Ok, so I set the DNS on the VPN client.  It still isn't working.  I can ping the server by name, but nothing else.  If I use FQDN it comes back with a public IP not private IP.  ???
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24137218
On the VPN connection setting under TCP/IP Advanced properties on the General tab check the box that say use default gateway on remote network.

This will cause ALL traffic from the users home PC to be sent over the VPN, they will NOT be able to use the Internet, unless your corporate network allows them to.

The alternative to the above is to give them the commands to add all needed routes to all of your internal subnets.

What I think is happening is that they are sending their DNS requests to their ISP's DNS server and not your internal DNS server.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:KodiBear
ID: 24141642
That is already checked.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24141816
KodiBear, in the properties of the RRAS server, you have to enable LAN routing as well as dial-in access. If you open the Routing and Remote Access management console, then right-click on the "Routing and Remote Access" object and go to Properties.  You will see a checkbox for Routier and under that there are two options.  What you want to do is check the box for Router and also the radio button for LAN and demand-dial routing. And of course the Remote Access checkbox should already be checked.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24141866
You need to track down how DNS resolution is working then.  Assuming you have the FQDN setup on your internal DNS servers properly then you should be able to resolve the FQDN to the internal IP address when connected to the VPN.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24141877
Also, what might make things easier for you is if you set your RRAS server to use DHCP to assign IP addressing information to the VPN clients - assuming you are using DHCP on your network to set this information automatically on your network client machines.  This way, they will automatically get the DNS information they need when they log on to the VPN.  To set this, open the RRAS management console as shown in the attached pic. Then right-click the DHCP Relay Agent, go to Properties and set the IP address of your DHCP server.
RRAS-DHCP-relay.jpg
0
 

Author Comment

by:KodiBear
ID: 24143527
Okay,
hypercat - the check box for Router and also the radio button for LAN and demand-dial routing are already checked along with remote access.  The DHCP relay agent has the server address added to it.

I can ping the server by name "tmc0100dc01" with no problem.  I cannot ping any other pc by name, only ip address.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24148553
On your client PC, please run ipconfig /all while you are connected to the VPN, and post the results here.
0
 

Author Comment

by:KodiBear
ID: 24162502
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\owner>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : BRYAN
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : neo.rr.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : neo.rr.com
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller #2
        Physical Address. . . . . . . . . : 00-12-3F-2D-C0-B8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::212:3fff:fe2d:c0b8%4
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Wednesday, April 15, 2009 9:54:53 PM

        Lease Expires . . . . . . . . . . : Wednesday, April 22, 2009 9:54:53 PM


PPP adapter TMC:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.102
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.102
        DNS Servers . . . . . . . . . . . : 192.168.1.2
                                            192.168.1.116
        Primary WINS Server . . . . . . . : 192.168.1.2

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : 00-00-05-C0-33-2D-2C-C9
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-01-66
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : neo.rr.com
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-00-64
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.100%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\owner>
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 24280115
O.K. because of the way your LAN setup  is done you are hitting an MS bug dealing with NIC/Network binding order and name resolution.

You want to read up on KB311218.  There is a script at: http://www.isascripts.org/  you can download to change the registry setting for you.  Go to that page and search on KB311218 and you will find it.

Please note that when certain configuration changes are made to NIC or IP settings, Windows will reorder the binding order and thus the problem comes back and so the user would need to re-execute the script.

I personally have setup a command file that executes the script to fix the binding order and then invokes rasdial with the name of the VPN connection.  This way the binding order is correct every single time.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now