Solved

Server 2008: limited connectivity over VPN

Posted on 2009-04-14
3
698 Views
Last Modified: 2012-05-06
I have a plain vanilla Server 2008 box that I want to set up as a VPN server for our network.
I installed RRAS, and when I try to run the configuration wizard, it won't let me use the VPN server wizard because I only have one NIC card.   Instead it tells me to use the custom setup.

After clicking custom, and next, I select ALL of the "features" and it goes through some motions, and then a window comes up to start the service.

So I assume that those "features" are all at their defaults at this point.

Here's the kicker, from an off-site location, with the VPN client set up on a windows vista machine, it "connects" to the VPN server at the office, but only with "limited connectivity".
No internet, no network drives, can't even ping the server itself.

I tried following some of the tutorials found here on experts-exchange, but found myself in the same place, the VPN connection wizard wont run because I only have one NIC card.

Network Layout:
Internet -> modem -> router -> switch -> (server and networked computers)

Any Ideas?
0
Comment
Question by:matthewvance
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24232878
Running the 2008 VPN server with only 1 NIC is not a problem. If you are seeing "limited connectivity" it may be due to DHCP for the VPN clients not being configured in RRAS. You may want to review the following link. It is for server 2003, but other than enabling/installing the RRAS role in server management in server 2008, the process is the same.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
0
 

Author Comment

by:matthewvance
ID: 24232970
Thank you, that worked perfectly.
For posterity, here is the contents of that article.

  1. Open the RRAS (Routing and Remote Access Service) console located under Administrative tools

    This outline assumes RRAS is not enabled. If so there will be a red dot, in the RRAS, on the server name

  2. Highlight the server name, right click on it, and choose Configure and Enable Routing and Remote Access
  3. Click Next
  4. Select Custom Configuration
  5. Select VPN Access
  6. Click  Finish
  7. Choose Yes to start the RRAS service

    As is, this will allow clients to connect to the RRAS server, however it will assign them an IP in the 169.254.0.0/16 (169.254.x.x) subnet, using APIPA (Automatic Private IP Addressing). For users to connect to other LAN devices, static routes will have to be added, or you can add a static address pool in the same subnet as your LAN for VPN clients.

  8. To add a static address pool, in the RRAS console right click on the server name and choose Properties
  9. On the IP 'tab' select Static Address Pool and then Add
  10. Enter a Start and End IP that is a subset of your existing LAN. Assuming your LAN uses 192.168.100.0/24 (192.168.100.x) choose something that does not conflict with existing devices or DHCP scopes such as 192.168.100.90 to 192.168.100.99 and then select OK, and OK
  11. You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
Note: VPNs require that the subnet from which your clients are connecting be different than that of your LAN. As an example if your LAN uses 192.168.1.0/24 (192.168.1.x) no client can connect from a site using that same subnet. Therefore it is always best to use a LAN subnet that is not common, to avoid conflict for mobile users. Though this is an important in your VPN deployment, careful consideration should be made as to the impact on your existing LAN if you decide to change it.

Above article quoted from "http://www.lan-2-wan.com/vpns-RRAS-1nic.htm"
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24233067
Glad to hear.
Thanks matthewvance
Cheers!
--Rob ( author of the article :-)  
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question