Solved

Server 2008: limited connectivity over VPN

Posted on 2009-04-14
3
688 Views
Last Modified: 2012-05-06
I have a plain vanilla Server 2008 box that I want to set up as a VPN server for our network.
I installed RRAS, and when I try to run the configuration wizard, it won't let me use the VPN server wizard because I only have one NIC card.   Instead it tells me to use the custom setup.

After clicking custom, and next, I select ALL of the "features" and it goes through some motions, and then a window comes up to start the service.

So I assume that those "features" are all at their defaults at this point.

Here's the kicker, from an off-site location, with the VPN client set up on a windows vista machine, it "connects" to the VPN server at the office, but only with "limited connectivity".
No internet, no network drives, can't even ping the server itself.

I tried following some of the tutorials found here on experts-exchange, but found myself in the same place, the VPN connection wizard wont run because I only have one NIC card.

Network Layout:
Internet -> modem -> router -> switch -> (server and networked computers)

Any Ideas?
0
Comment
Question by:matthewvance
  • 2
3 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24232878
Running the 2008 VPN server with only 1 NIC is not a problem. If you are seeing "limited connectivity" it may be due to DHCP for the VPN clients not being configured in RRAS. You may want to review the following link. It is for server 2003, but other than enabling/installing the RRAS role in server management in server 2008, the process is the same.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
0
 

Author Comment

by:matthewvance
ID: 24232970
Thank you, that worked perfectly.
For posterity, here is the contents of that article.

  1. Open the RRAS (Routing and Remote Access Service) console located under Administrative tools

    This outline assumes RRAS is not enabled. If so there will be a red dot, in the RRAS, on the server name

  2. Highlight the server name, right click on it, and choose Configure and Enable Routing and Remote Access
  3. Click Next
  4. Select Custom Configuration
  5. Select VPN Access
  6. Click  Finish
  7. Choose Yes to start the RRAS service

    As is, this will allow clients to connect to the RRAS server, however it will assign them an IP in the 169.254.0.0/16 (169.254.x.x) subnet, using APIPA (Automatic Private IP Addressing). For users to connect to other LAN devices, static routes will have to be added, or you can add a static address pool in the same subnet as your LAN for VPN clients.

  8. To add a static address pool, in the RRAS console right click on the server name and choose Properties
  9. On the IP 'tab' select Static Address Pool and then Add
  10. Enter a Start and End IP that is a subset of your existing LAN. Assuming your LAN uses 192.168.100.0/24 (192.168.100.x) choose something that does not conflict with existing devices or DHCP scopes such as 192.168.100.90 to 192.168.100.99 and then select OK, and OK
  11. You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
Note: VPNs require that the subnet from which your clients are connecting be different than that of your LAN. As an example if your LAN uses 192.168.1.0/24 (192.168.1.x) no client can connect from a site using that same subnet. Therefore it is always best to use a LAN subnet that is not common, to avoid conflict for mobile users. Though this is an important in your VPN deployment, careful consideration should be made as to the impact on your existing LAN if you decide to change it.

Above article quoted from "http://www.lan-2-wan.com/vpns-RRAS-1nic.htm"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24233067
Glad to hear.
Thanks matthewvance
Cheers!
--Rob ( author of the article :-)  
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question