Solved

Server 2008: limited connectivity over VPN

Posted on 2009-04-14
3
686 Views
Last Modified: 2012-05-06
I have a plain vanilla Server 2008 box that I want to set up as a VPN server for our network.
I installed RRAS, and when I try to run the configuration wizard, it won't let me use the VPN server wizard because I only have one NIC card.   Instead it tells me to use the custom setup.

After clicking custom, and next, I select ALL of the "features" and it goes through some motions, and then a window comes up to start the service.

So I assume that those "features" are all at their defaults at this point.

Here's the kicker, from an off-site location, with the VPN client set up on a windows vista machine, it "connects" to the VPN server at the office, but only with "limited connectivity".
No internet, no network drives, can't even ping the server itself.

I tried following some of the tutorials found here on experts-exchange, but found myself in the same place, the VPN connection wizard wont run because I only have one NIC card.

Network Layout:
Internet -> modem -> router -> switch -> (server and networked computers)

Any Ideas?
0
Comment
Question by:matthewvance
  • 2
3 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24232878
Running the 2008 VPN server with only 1 NIC is not a problem. If you are seeing "limited connectivity" it may be due to DHCP for the VPN clients not being configured in RRAS. You may want to review the following link. It is for server 2003, but other than enabling/installing the RRAS role in server management in server 2008, the process is the same.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
0
 

Author Comment

by:matthewvance
ID: 24232970
Thank you, that worked perfectly.
For posterity, here is the contents of that article.

  1. Open the RRAS (Routing and Remote Access Service) console located under Administrative tools

    This outline assumes RRAS is not enabled. If so there will be a red dot, in the RRAS, on the server name

  2. Highlight the server name, right click on it, and choose Configure and Enable Routing and Remote Access
  3. Click Next
  4. Select Custom Configuration
  5. Select VPN Access
  6. Click  Finish
  7. Choose Yes to start the RRAS service

    As is, this will allow clients to connect to the RRAS server, however it will assign them an IP in the 169.254.0.0/16 (169.254.x.x) subnet, using APIPA (Automatic Private IP Addressing). For users to connect to other LAN devices, static routes will have to be added, or you can add a static address pool in the same subnet as your LAN for VPN clients.

  8. To add a static address pool, in the RRAS console right click on the server name and choose Properties
  9. On the IP 'tab' select Static Address Pool and then Add
  10. Enter a Start and End IP that is a subset of your existing LAN. Assuming your LAN uses 192.168.100.0/24 (192.168.100.x) choose something that does not conflict with existing devices or DHCP scopes such as 192.168.100.90 to 192.168.100.99 and then select OK, and OK
  11. You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
Note: VPNs require that the subnet from which your clients are connecting be different than that of your LAN. As an example if your LAN uses 192.168.1.0/24 (192.168.1.x) no client can connect from a site using that same subnet. Therefore it is always best to use a LAN subnet that is not common, to avoid conflict for mobile users. Though this is an important in your VPN deployment, careful consideration should be made as to the impact on your existing LAN if you decide to change it.

Above article quoted from "http://www.lan-2-wan.com/vpns-RRAS-1nic.htm"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24233067
Glad to hear.
Thanks matthewvance
Cheers!
--Rob ( author of the article :-)  
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now