Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Server 2008: limited connectivity over VPN

Posted on 2009-04-14
3
Medium Priority
?
704 Views
Last Modified: 2012-05-06
I have a plain vanilla Server 2008 box that I want to set up as a VPN server for our network.
I installed RRAS, and when I try to run the configuration wizard, it won't let me use the VPN server wizard because I only have one NIC card.   Instead it tells me to use the custom setup.

After clicking custom, and next, I select ALL of the "features" and it goes through some motions, and then a window comes up to start the service.

So I assume that those "features" are all at their defaults at this point.

Here's the kicker, from an off-site location, with the VPN client set up on a windows vista machine, it "connects" to the VPN server at the office, but only with "limited connectivity".
No internet, no network drives, can't even ping the server itself.

I tried following some of the tutorials found here on experts-exchange, but found myself in the same place, the VPN connection wizard wont run because I only have one NIC card.

Network Layout:
Internet -> modem -> router -> switch -> (server and networked computers)

Any Ideas?
0
Comment
Question by:matthewvance
  • 2
3 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 24232878
Running the 2008 VPN server with only 1 NIC is not a problem. If you are seeing "limited connectivity" it may be due to DHCP for the VPN clients not being configured in RRAS. You may want to review the following link. It is for server 2003, but other than enabling/installing the RRAS role in server management in server 2008, the process is the same.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
0
 

Author Comment

by:matthewvance
ID: 24232970
Thank you, that worked perfectly.
For posterity, here is the contents of that article.

  1. Open the RRAS (Routing and Remote Access Service) console located under Administrative tools

    This outline assumes RRAS is not enabled. If so there will be a red dot, in the RRAS, on the server name

  2. Highlight the server name, right click on it, and choose Configure and Enable Routing and Remote Access
  3. Click Next
  4. Select Custom Configuration
  5. Select VPN Access
  6. Click  Finish
  7. Choose Yes to start the RRAS service

    As is, this will allow clients to connect to the RRAS server, however it will assign them an IP in the 169.254.0.0/16 (169.254.x.x) subnet, using APIPA (Automatic Private IP Addressing). For users to connect to other LAN devices, static routes will have to be added, or you can add a static address pool in the same subnet as your LAN for VPN clients.

  8. To add a static address pool, in the RRAS console right click on the server name and choose Properties
  9. On the IP 'tab' select Static Address Pool and then Add
  10. Enter a Start and End IP that is a subset of your existing LAN. Assuming your LAN uses 192.168.100.0/24 (192.168.100.x) choose something that does not conflict with existing devices or DHCP scopes such as 192.168.100.90 to 192.168.100.99 and then select OK, and OK
  11. You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
Note: VPNs require that the subnet from which your clients are connecting be different than that of your LAN. As an example if your LAN uses 192.168.1.0/24 (192.168.1.x) no client can connect from a site using that same subnet. Therefore it is always best to use a LAN subnet that is not common, to avoid conflict for mobile users. Though this is an important in your VPN deployment, careful consideration should be made as to the impact on your existing LAN if you decide to change it.

Above article quoted from "http://www.lan-2-wan.com/vpns-RRAS-1nic.htm"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24233067
Glad to hear.
Thanks matthewvance
Cheers!
--Rob ( author of the article :-)  
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question