• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 875
  • Last Modified:

PPTP VPN connection can see server but no other machines on the same subnet.

SBS 2003 R2, VPN issue...
I have what appears to be a routing issue.. It cropped up very recently (last 3 weeks) and I can't see what the error is.

Previously, if a user connected via a PPTP or L2TP VPN (demand dial) they could see the server as welll as all other machines on the subnet.

About 3 weeks ago, this changed and now they can only see the server and can't even ping machines on the subnet. I haven't made ANY changes in RRAS prior to this happening, and no changes anywhere else on the server related to VPNs (it had been working this way for years)

Suggestions on where to start?

I have so far...
- Changed from a DHCP address pool to a static address pool, and when it didn't work changed it back, and at the same time added a static route to the router, pointing any traffic for the VPN range to the server. Have since removed this route.
- Reviewed the route table, but it doesn't have anything that appears different to another SBS that is working.
- re-ran the Remote Access Connection Wizard

I've searched for this type of thing and found some items that appeared to be the same, but none had solutions that I thought applied.
Would appreciate some help.

thanks.

0
ivvaust
Asked:
ivvaust
  • 4
  • 3
1 Solution
 
SommerblinkCommented:
What is the ipconfig /all settings for the PPTP connection?
What is the 'route print' settings, after the PPTP connection is made. (from the client's perspective)

If the client believes it has the proper information (subnet), can you ping the broadcast IP?

eg: If the IP is 192.168.1.123 and the subnet is 255.255.255.0, you should be able to ping 192.168.1.255.

From the network that the device is connecting to, can IT connect (ping) to the remote device? Maybe something changed going back to the remote device.
0
 
Rob WilliamsCommented:
If a client can ping the server, but not ping any other device at the same subnet, most often it is caused by the remote site having the same local subnet, such as both sites using 192.168.1.x

Please post IPConfig from the server and a route print from the client when the VPN is connected.
0
 
ivvaustAuthor Commented:
Names have been changed to protect the innocent. But it should make sense

NOTE reverse pinging from the remote subnet to the VPN'ed client does NOT go through.. I do not remember that ever working however.

Thanks for the prompt replies!

Hi Robwill. I am aware that you can't have the same IP subnet, and went to lengths when setting this up originally to avoid this happening.
The current local subnet is 192.168.10.1/24 and the remote is 192.168.16.1/24

It has also not worked from local subnets 192.168.50.1/24 and 192.168.2.1/24 Noting, that it was working 3 weeks ago with no known changes to the routing.


Sommerblink and Robwill, here is the data requested.

VPN OFF
-IPconfig
Windows IP Configuration

        Host Name . . . . . . . . . . . . : LOCALWORKSTATION
        Primary Dns Suffix  . . . . . . . : Localdomain.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ivvaust.local
                                            ivvaust.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : Localdomain.local
        Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
        Physical Address. . . . . . . . . : 00-1E-C9-6B-8E-2C
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.24
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.2
        DHCP Server . . . . . . . . . . . : 192.168.10.2
        DNS Servers . . . . . . . . . . . : 192.168.10.2
                                            192.168.11.2
        Primary WINS Server . . . . . . . : 192.168.10.2
        Lease Obtained. . . . . . . . . . : Friday, 18 February 2011 3:07:56 AM
        Lease Expires . . . . . . . . . . : Saturday, 26 February 2011 3:07:56 AM

Open in new window

-ROUTE TABLE
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 6b 8e 2c ...... Intel(R) 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.2   192.168.10.24       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0    192.168.10.24   192.168.10.24       20
     192.168.10.0    255.255.255.0    192.168.10.24   192.168.10.24       20
    192.168.10.24  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.10.255  255.255.255.255    192.168.10.24   192.168.10.24       20
        224.0.0.0        240.0.0.0    192.168.10.24   192.168.10.24       20
  255.255.255.255  255.255.255.255    192.168.10.24   192.168.10.24       1
Default Gateway:      192.168.10.2
===========================================================================
Persistent Routes:
  None

Open in new window


VPN ON

-IPconfig
Windows IP Configuration

        Host Name . . . . . . . . . . . . : LOCALWORKSTATION
        Primary Dns Suffix  . . . . . . . : Localdomain.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : Localdomain.local
                                            Localdomain.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : Localdomain.local
        Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
        Physical Address. . . . . . . . . : 00-1E-C9-6B-8E-2C
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.24
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.2
        DHCP Server . . . . . . . . . . . : 192.168.10.2
        DNS Servers . . . . . . . . . . . : 192.168.10.2
                                            192.168.11.2
        Primary WINS Server . . . . . . . : 192.168.10.2
        Lease Obtained. . . . . . . . . . : Friday, 18 February 2011 3:07:56 AM
        Lease Expires . . . . . . . . . . : Saturday, 26 February 2011 3:07:56 AM

PPP adapter VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.16.23
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.16.2
        Primary WINS Server . . . . . . . : 192.168.16.2

Open in new window

-ROUTE TABLE
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 6b 8e 2c ...... Intel(R) 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
0x40004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.2   192.168.10.24       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0    192.168.10.24   192.168.10.24       20
     192.168.10.0    255.255.255.0    192.168.10.24   192.168.10.24       20
    192.168.10.24  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.10.255  255.255.255.255    192.168.10.24   192.168.10.24       20
     192.168.16.0    255.255.255.0    192.168.16.23   192.168.16.23       1
    192.168.16.23  255.255.255.255        127.0.0.1       127.0.0.1       50
   192.168.16.255  255.255.255.255    192.168.16.23   192.168.16.23       50
    202.7.196.237  255.255.255.255     192.168.10.2   192.168.10.24       20
        224.0.0.0        240.0.0.0    192.168.10.24   192.168.10.24       20
        224.0.0.0        240.0.0.0    192.168.16.23   192.168.16.23       50
  255.255.255.255  255.255.255.255    192.168.10.24   192.168.10.24       1
  255.255.255.255  255.255.255.255    192.168.16.23   192.168.16.23       1
Default Gateway:      192.168.10.2
===========================================================================
Persistent Routes:
  None

Open in new window

0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Rob WilliamsCommented:
>>"post IPConfig from the server and a route print from the client "
Could you please also post server's IPconfig  /all
Thanks

By the way it looks like the client machine has an incorrect alternate DNS entry of 192.168.11.2
LAN clients must point ONLY to the SBS
0
 
ivvaustAuthor Commented:
Sorry Robwill, I'll post the server's IPconfig now.

The alternate DNS server is a domain controller in a different location. I had been advised previously to add this, (long ago) but can remove it if its necessary.


VPN server IPconfig /all
Windows IP Configuration

   Host Name . . . . . . . . . . . . : REMOTESERVER
   Primary Dns Suffix  . . . . . . . : remotedomain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : remotedomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 5721 Gigabit Controller
   Physical Address. . . . . . . . . : 00-0F-1F-F8-46-B4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.16.253
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.30
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Open in new window

0
 
Rob WilliamsCommented:
The only issues I see would not cause any routing problems.
1) there is a 169.254.x.x. address on the client PC indicating an enabled NIC using DHCP that is not connected, possibly a wireless card
2) DNS as I mentioned. Both the 192.168.11.2 and 192.168.10.2 point to a server on a different subnet, and the router as opposed to a local DNS server.

If you needed to add route anywhere it would be on the connecting PC
route  add  192.168.16.0  mask  255.255.255.0  192.168.16.23
But that route already shows as present in the route print when the VPN is connected

Were there any routes added manually in the RRAS configuration under static routes? There is no need for them and if present could be causing problems.
One other thing to check is in the RRAS console right click on the server name and choose properties, and make sure LAN ad demand dial routing is checked.
0
 
ivvaustAuthor Commented:
OK this ended up being unrelated to routing as built in to Windows....

Trend Micro, in its wisdom decided to start the Trend Micro firewall, even though the service was explicitly disabled in services.msc

After stopping it, routing now works again.
0
 
ivvaustAuthor Commented:
Self Solved
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now