?
Solved

From my work computer, I cannot remote desktop into computers in my home LAN, while connected via PPTP VPN.

Posted on 2010-03-25
17
Medium Priority
?
741 Views
Last Modified: 2012-05-09
I have a VPN server at home with RRAS enabled. From work, I can connect to the VPN just fine, and rdp into the VPN server just fine. However, I cannot rdp into my home PC's which is on the same LAN as the VPN server. I also notice that before I make a VPN connection from work, I can ping my home router and gateway, but after I connect to my VPN, I cannot ping my router and gateway. I am able to ping the VPN server just fine. I am not able to ping my PC's at my home. My router is a Linksys BEFW11S4. I have port forwarded rdp 3389 to my VPN server IP address. When at home, I can remote desktop from one PC to another just fine, but this only works in my LAN. Can an expert please help. Let me know if you need screen shots. Thank you.
0
Comment
Question by:rtang626
  • 8
  • 5
  • 2
  • +2
17 Comments
 
LVL 14

Expert Comment

by:mikelfritz
ID: 28631144
Are you using the same ip address scheme at both locations?  192.168.1.X at both work and home?  If so you may need to change the home network to something else like 192.168.2.X
0
 

Author Comment

by:rtang626
ID: 28632384
my work ip address scheme is 192.168.0.x, and my home 192.168.1.x . So, they are different IP scheme. Here is how the NICs on my VPN server is configured.

NIC 1 (LAN)
ip:                   192.168.1.xx1
subnet:          255.255.255.0
gateway:       none

prim dns:        192.168.1.xx3 (IP for primary DC server)
sec dns:         none

NIC 2 (WAN)
ip:                   66.214.182.xx5
subnet:          255.255.255.248
gateway:       66.214.182.xx1 (IP for linksys router gateway)

prim dns:        24.205.1.xx
sec dns:         66.215.64.xx
0
 

Expert Comment

by:dka07
ID: 28632676
Just for testing purposes, try installing realVNC onto the remote desktop and run it as a server. Then add the client onto the home pc. I had problems similar to your's (I never investigated why) but now use realVNC quite successfully. Mind you, I think RDT is slightly faster. If it works, it proves a number of things about the connection.
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
LVL 2

Expert Comment

by:vdh_tech
ID: 28633125
It appears you may be running an Microsoft ISA firewall to protect yourself from the external internal.  You would need some sort of firewall protection.

Does this firewall (ISA or third party) have routes to allow inbound traffic to it's LAN?  Since you have a /29 block of IPs, I would create a 1-to-1 NAT for you other home desktop -- then port forward 3389 to that 1-to-1 NAT.
0
 

Author Comment

by:rtang626
ID: 28633601
I am not using ISA. My firewall is tied into my router, which disabled basic firewall on my VPN server.  I have a Linksys BEFW11S4. How would I allow inbound traffic on my LAN? Is this done on my router configuration page, or on my RRAS on the VPN server? Please advise. I am a novice when it comes to VPN.
0
 
LVL 2

Expert Comment

by:vdh_tech
ID: 28636414
I would redo the whole setup like this:
telephone pole --> house --> wall --> linksys --> (firewall) --> VPN server

I would have your Linksys do ALL the routing, firewall, and gateway functions.  If you need NATing -- I would contemplate a real firewall -- Zywall's and Sonicwalls are cheap.

I would remove the second NIC from your VPN server -- the Linksys device is now the firewall/gateway/dsl device it was designed to be.  You'll need to remove the DMZ network, or Bridge mode is currently set in -- change it to act as a standard gaeway.  You'll need to port forward 1723 to your VPN server's internal IP.

Then I would setup your Windows 2003 Server to use Windows Routing and Remote Access.  This VPN server would only act as a Remote Access Server (by choosing a Custom setup, and removing the Router option before starting) running a PPTP VPN.  Remember to add the DHCP server -- running on your Linksys -- as a DHCP relay server in RRAS (you might need to research this tweak).  I would then create an VPN users group and then create a Remote Access Policy to allow that group access.
0
 

Author Comment

by:rtang626
ID: 28639892
Not the solution I was looking for, but thanks. Anyone out there familiar with my setup, please advise. It should be something rather simple, that someone with years of experience can probably figure out for me. Points to best advise and/or solution.
0
 
LVL 2

Expert Comment

by:vdh_tech
ID: 28644471
If the Linksys is in bridge mode, and your second NIC has an external IP, and you have no firewall enabled on the VPN server.... then your VPN server is fully exposed to the internet = unsafe.
0
 

Author Comment

by:rtang626
ID: 28645407
My Linksys Router is my firewall. I did not enable DMZ. I enabled PPTP VPN passthrough, and enabled vpn port 1723. I dont have the option to bridge in the router config page. I use this VPN for lab purposes, and test purposes to build on my IT skills only, so safety is not too much of a concern, as I am just trying to get this whole rdp thing to work from an external source. Once I accomplish that, then I will worry about safety.
0
 
LVL 3

Expert Comment

by:anees10
ID: 28675462
check the windows firewall
0
 
LVL 2

Expert Comment

by:vdh_tech
ID: 28679368
Sounds like you know what you're doing.... bare with me just a little longer...

Q: "I also notice that before I make a VPN connection from work, I can ping my home router and gateway, but after I connect to my VPN, I cannot ping my router and gateway"

A: Most likely you need to enable split-tunneling on the VPN client-side.  Try these steps from the computer connecting...
1) Right click the My Network Places icon on the desktop and click Properties.
2) Right click on your VPN client connections in the Network Connections window and click Properties.
3) Click the Networking tab, and then click on the Internet Protocol (TCP/IP) entry and click the Properties button.
4) On the General tab of the Internet Protocol (TCP/IP) Properties dialog box, click the Advanced button.
5) On the General tab of the Advanced TCP/IP Settings dialog box, note the "Use Default Gateway on Remote Network" option.
6) Try removing the check mark and then try your ping test to your gateway again.

Q: " I am able to ping the VPN server just fine. I am not able to ping my PC's at my home."

A: Make sure you are pinging the internal IP address of your other home PC's.  It could be possible that DNS is not working across your VPN.  In which case, using a computer name would not work -- try the internal IP addresss.

0
 

Author Comment

by:rtang626
ID: 28696691
Yay!  the split tunneling steps work.  Thanks for that. I am able to ping to my public gateway. However, I am not able to ping to my private gateway, the router gateway, which is 192.168.1.x. Also, I still cannot ping to my internal IP addresses (LAN computers).  As a result, I am still not able to RDP into my internal machines from work.
0
 
LVL 2

Accepted Solution

by:
vdh_tech earned 2000 total points
ID: 28723932
I believe there is some odd configuration on your RRAS.  

Are you sure that your RRAS is handing out IP addresses which are on the same subnet as your local computers?

When you connect to the VPN, check the VPN assigned IP address -- confirm this matches your LAN subnet.
0
 
LVL 14

Expert Comment

by:mikelfritz
ID: 28727938
I would try to change you network LAN IP address scheme at home to 172.16.1.X (also private) http://en.wikipedia.org/wiki/Private_network

Some routers will have trouble routing between a 192.168.0.X and any other 192.168.X.X network...  
0
 

Author Comment

by:rtang626
ID: 28740381
Hi vdh tech,

Yes, the RRAS is handing out IP addresses which are on the same subnets as my local computers. I verified this by the doing ipconfig /all.
0
 

Author Comment

by:rtang626
ID: 28743083
Hi vdh tech,

I think I resolved the problem. I disabled the RRAS, and reconfigured it. This time, I setup vpn using NAT rather than just selecting the option to connect to vpn. I also set a static IP pool rather than using the RRAS DHCP. It worked! I am able to RDP into my local machine from an external source. Thanks alot for your efforts vdh. For that, I will give you points.
0
 

Author Closing Comment

by:rtang626
ID: 31707380
Solution Resolved! Thanks Expert Exchange community.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question