VPN Disconnects internet

I have several VPN related problems.  The first is that I have a software VPN setup on an XP Pro machine that uses the standard VPN client in XP and connects to a 2003 server.  When the client machine connects I cannot access the internet.  The Local Area Network Connection says it is still connected though.  I just have one app that needs to use the vpn and everything else needs to still use the regular LAN connection.

The second problem is that I can only ping computers in the remote LAN by ip and not by dns name.  The the client app that uses the vpn accesses a database on the remote LAN and cannot find it unless I manually configure it using the IP of the target machine.  It used to automatically detect the dns name of the app server and the database that it needs to connect to.  Therefore I am assuming that the problem is a result of not being able to use dns for the remote LAN over the VPN.
Who is Participating?
ChiefITConnect With a Mentor Commented:
Under the VPN properties, you should be able to prevent this from using netbios by disabling netbios over tcp/ip and also file and print sharing. Also make sure the gateway is not configured on the VPN connection side. To do this:

Right click on the VPN connection>> Properties>>networking tab>>TCP/IP>> Properties>>Advanced>> and
1) click on the wins tab and disable netbios over TCP/IP also disable LMHOST lookup
2) disable use default gateway on remote network
3) If this is a DHCP server, prevent it from supplying DHCP as it stated in the above article
4) Click apply and OK out of that so you save your settings.

5) now go back to where you saw the TCP/IP protocol and disable file and print sharing on your VPN connection
Then, if you are unable to use NSlookup, your preferred DNS server may be off for this server. I would like to give you an aritcle I wrote that will help you find the DNS discrepancy and fix it. This is the basics of how a DNS query works:


A number of things could be getting in the way of DNS pings or NSlookup. Most likely if this is the only issue, you may be looking at the preferred DNS server. You will find that on configuring the NIC card, by:
right click your nic connection>>properties>>tcp/ip>>properties>>advanced button>> and

1)On the DNS tab Make sure your preferred DNS server is your DNS server, NOT an outside server
2) also on the DNS tab make sure it appends the DNS suffix is enabled
3) also on the DNS tav make sure it is set to register this DNS suffix is enabled
4) on the WINS tab make sure LMHOST lookup is disabled
5) also on the WINS tab enable netbios over TCP/IP
6) click apply and OK out of that to save your settings

7) go back to where you saw the TCP/IP protocol and make sure file and print sharing is installed so that you populate My network places.

DHCP, Netbios, DNS and the default gateway have to be configured correctly on a machine that is multihomed:


Please read the DHCP portion of the article and read followup comments that explains how to take care of DNS, Netbios and the default gateway.
willmarpleAuthor Commented:
I only have one NIC in the server.  I know that this is not recommended but will it work reasonably well?
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

willmarpleAuthor Commented:
Also, DHCP is being handled by the router in the remote LAN containing the servers.  Do I need to switch DHCP over to the Domain Controller?
willmarpleAuthor Commented:
Ok, I'm wrong.  There is no DHCP server at all on the remote LAN with the servers.  There are only 4 computers on the LAN and all are set up with static IP addresses.  I can't really apply the DHCP portion of your article to my situation, but do you think all of the DNS and Netbios stuff will resolve the issue?
Are you using a VPN router to allow inbound connections or using Routing and Remote Access (RRAS) on the Windows Server?
As far as 'net access is concerned you need to configure IE correctly:
Tools, options, connections
then you'll see a connection in the Dial up and Virtual Private connection settings section, edit this:
fill in the Proxy settings as you have them set within your normal IE config and you'll find it works
Incidentally, you'll also find a way of assigning static IP addresses if you want to bypass the whole DHCP method (the latter IS  the recommended way though)
If you go to the netywork settings of your VPN (dial-up) connection, you can edit the TCP/IP properties and change it from assign automatically (DHCP) to static.
This would mean that you would need to manage each private IP assigned.
Make sure that you havent got 'Use remote gateway' check under vpn properties -network - tcp/ip  - properties - advanced

then how about adding an entry for the remote ipaddress asan entry in the host file on the xp pc.


open in notepad and add an entry e.g       servername
Yes, DNS, netbios and the gateway are important to get right when connecting through a VPN. In your case, especially the gateway.
willmarpleAuthor Commented:
Thanks for all of the input guys.  I'm using Routing and Remote Access.  I've got a lot of remote clients accessing this vpn, so a solution targeting the client would not be optimal.  I would like to be able to ge the vpn server set up (we had it working this way before our server crashed) so that everything works again without messing with the client machines.

Chief IT, the problem I'm having is that I can't do a ping with dns or nslookup.  A lot of the stuff in your articles involves setting this up on a server with two nic cards (e.g. Outside ip and internal ip).  It also involves making sure that the connections do not register with the dns server.  I apologize for my lack of understanding in this area, but how would this help me to use dns to communicate with that network?  I guess I basically need a little more explanation on why you set up dns, netbios and the gateway so that I can understand how to implement your solution in my specific scenario.  Requesting noob friendly instructions please : ).
after is all said and done:

willmarpleAuthor Commented:
I will give this a try on Monday.  Thanks so much ChiefIT for the great instructions.
willmarpleAuthor Commented:
I still haven't solved this issue, but ChiefIT has done his due diligence in providing valuable information.  I don't want to someone to feel like I'm just being a jerk or purposefully dragging out the issue.
willmarpleAuthor Commented:
ChiefIT, I have been messing around with Routing And Remote Access on the server in question.  I have lost my configuration tab in the properties of the internal connection in the rra mmc under IP Routing>General.  In the main viewing pane it also says the connection is unavailable.  How do I unscrew this up?
The VPN uses RRAS to route netbios packets to and from remote clients. If you go to the command prompt and type IPconfig /all, you will probably find that where it says WINS proxy, it will say yes. Without a WINS server, your netbios packets will not route to remote clients. Also, that connection may be trying to support internet when a VPN client is connected to it.

So, when you connect via VPN, you may be asking the server to provide netbios translation when it doesn't have a WINS server. Then, your VPN client may be trying to contact the internet through the server, while routed through the server on an RRAS connection. Both might knock down internet access when the VPN connection is made.

If you don't have a WINS server, you may consider disabling the WINS proxy:

How to enable/disable internet connection sharing:


How to unhose your RRAS connection settings:

Let me know how this works for you.
willmarpleAuthor Commented:
My first concern in unhosing RRAS.  I have tried disabling and reconfiguring the server.  I have even disabled, deleted the server in the mmc, rebooted then reconfigured and the problem is still there.  Do you know how I can get a clean slate with this thing?  Maybe clearing a registry entry or something executed from the command line that isn't available through the mmc?
You can delete the VPN connection. That should stop RRAS.

Then recreate the VPN connection.

The link above should tell you the settings of your RRAS. RRAS is used to route over the server. I am thinking it is not necessary to route over the server.

Uninstalling and reinstalling RAS:
willmarpleAuthor Commented:
Thanks Chief,

Unfortunately this is still not doing it.  As soon as I re-enable RAS the problem interface is still there.  I have attached a screenshot of what I am talking about so maybe you can get a better feel for what's going on.

I have tried disabling and re-configuring RAS in the mmc, and also completely removing the remote access server role and re-adding it.  I think I have either effected this "internal" interface in some other area of the server, or I need to manually uninstall RAS and reinstall it.  I'm really hosed up with this thing and I've got to get it working again so I definitely appreciate the help.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.