Link to home
Start Free TrialLog in
Avatar of matthewvance
matthewvanceFlag for United States of America

asked on

Server 2008: limited connectivity over VPN

I have a plain vanilla Server 2008 box that I want to set up as a VPN server for our network.
I installed RRAS, and when I try to run the configuration wizard, it won't let me use the VPN server wizard because I only have one NIC card.   Instead it tells me to use the custom setup.

After clicking custom, and next, I select ALL of the "features" and it goes through some motions, and then a window comes up to start the service.

So I assume that those "features" are all at their defaults at this point.

Here's the kicker, from an off-site location, with the VPN client set up on a windows vista machine, it "connects" to the VPN server at the office, but only with "limited connectivity".
No internet, no network drives, can't even ping the server itself.

I tried following some of the tutorials found here on experts-exchange, but found myself in the same place, the VPN connection wizard wont run because I only have one NIC card.

Network Layout:
Internet -> modem -> router -> switch -> (server and networked computers)

Any Ideas?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of matthewvance
matthewvance
Flag of United States of America image

ASKER

Thank you, that worked perfectly.
For posterity, here is the contents of that article.

  1. Open the RRAS (Routing and Remote Access Service) console located under Administrative tools

    This outline assumes RRAS is not enabled. If so there will be a red dot, in the RRAS, on the server name

  2. Highlight the server name, right click on it, and choose Configure and Enable Routing and Remote Access
  3. Click Next
  4. Select Custom Configuration
  5. Select VPN Access
  6. Click  Finish
  7. Choose Yes to start the RRAS service

    As is, this will allow clients to connect to the RRAS server, however it will assign them an IP in the 169.254.0.0/16 (169.254.x.x) subnet, using APIPA (Automatic Private IP Addressing). For users to connect to other LAN devices, static routes will have to be added, or you can add a static address pool in the same subnet as your LAN for VPN clients.

  8. To add a static address pool, in the RRAS console right click on the server name and choose Properties
  9. On the IP 'tab' select Static Address Pool and then Add
  10. Enter a Start and End IP that is a subset of your existing LAN. Assuming your LAN uses 192.168.100.0/24 (192.168.100.x) choose something that does not conflict with existing devices or DHCP scopes such as 192.168.100.90 to 192.168.100.99 and then select OK, and OK
  11. You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
Note: VPNs require that the subnet from which your clients are connecting be different than that of your LAN. As an example if your LAN uses 192.168.1.0/24 (192.168.1.x) no client can connect from a site using that same subnet. Therefore it is always best to use a LAN subnet that is not common, to avoid conflict for mobile users. Though this is an important in your VPN deployment, careful consideration should be made as to the impact on your existing LAN if you decide to change it.

Above article quoted from "http://www.lan-2-wan.com/vpns-RRAS-1nic.htm"
Avatar of Rob Williams
Rob Williams
Flag of Canada image
Glad to hear.
Thanks matthewvance
Cheers!
--Rob ( author of the article :-)