How can I set up VPN on a Windows Server 2008
I'd like to set up a vpn connection to my web server, which is running Windows server 2008.
I'm on a windows 7 network at home.
I'm on a windows 7 network at home.
ASKER
thank you
Thats not correct information,
Web server edition doesnt support Server roles such as RRAS and NPS those features are not availble in this edition.
You could utilise a third party vpn application like OPEN VPN
Or make use of setting-up an incoming connection via network settings on local Web server:
Goto:
Network and Sharing Centre -
Change Adapter settings -
Alt + F -
Select new incoming connection -
Run through the wizard. you may want to ensure you are selecting "Internet"
Configure your Router / firewall to allow access to TCP port 1723 for PPTP VPN Access.
You will also need to set up Port forwarding if you are in a NAT environment.
Web server edition doesnt support Server roles such as RRAS and NPS those features are not availble in this edition.
You could utilise a third party vpn application like OPEN VPN
Or make use of setting-up an incoming connection via network settings on local Web server:
Goto:
Network and Sharing Centre -
Change Adapter settings -
Alt + F -
Select new incoming connection -
Run through the wizard. you may want to ensure you are selecting "Internet"
Configure your Router / firewall to allow access to TCP port 1723 for PPTP VPN Access.
You will also need to set up Port forwarding if you are in a NAT environment.
ASKER
I think I may have misled here.
I have windows server 2008, full version, not just the web server version.
I meant that I use the machine to host to my web page.
I have windows server 2008, full version, not just the web server version.
I meant that I use the machine to host to my web page.
ASKER
I'm going to check as I may be confused...
ASKER
yes, I'm running the windows server 2008 standard edition
ok lol if its full edition, then well ignore my post completely.
Continue with setting up the RRAS and NPS roles on the server and configure accordingly to your requirements.
Continue with setting up the RRAS and NPS roles on the server and configure accordingly to your requirements.
ASKER
ok, my bad, sorry
ASKER
ok, well I think I have the routing and remote access loaded.
I used the first 2008 tutorial and got to the last step, then got a message to check my NPS.
It took me there, but I didn't know what to check for.
I went to network policy and access services summary and started the started the routing and remote access service, which is running along with network policy server and remote access conn. manager (rasman).
The tutorial kind of quit here, and I'm not sure what to do next.
I used the first 2008 tutorial and got to the last step, then got a message to check my NPS.
It took me there, but I didn't know what to check for.
I went to network policy and access services summary and started the started the routing and remote access service, which is running along with network policy server and remote access conn. manager (rasman).
The tutorial kind of quit here, and I'm not sure what to do next.
ASKER
I'm getting a warning though that says: Log Name: System
Source: RemoteAccess
Date: 4/29/2012 1:39:52 AM
Event ID: 20169
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CRYINGOUTCLOUD
Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.103.165 will be assigned to dial-in clients. Clients may be unable to access resources on the network.
Source: RemoteAccess
Date: 4/29/2012 1:39:52 AM
Event ID: 20169
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: CRYINGOUTCLOUD
Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.103.165 will be assigned to dial-in clients. Clients may be unable to access resources on the network.
you need to assign either a static adress pool for the remote vpn clients or a dhcp server needs to be setup.
To create a static IP address pool
Open the RRAS MMC Snap-in.
Right-click the RRAS server name, and then click Properties. If you are using Server Manager, right-click Routing and Remote Access, and then click Properties.
On the Properties page, click the IPv4 tab.
Under IPv4 address assignment, click Static address pool.
Click Add.
In Start IP address, type a starting IP address.
Type either an ending IP address for the range in End IP address, or type the number of IP addresses in the range in Number of addresses, and then click OK.
To configure RRAS to use addresses from a DHCP server
Open the RRAS MMC Snap-in.
Right-click the server name for which you want to create a static IP address pool, and then click Properties. If you are using Server Manager, right-click Routing and Remote Access, and then click Properties.
On the Properties page, click the IPv4 tab.
Under IPv4 address assignment, click Dynamic Host Configuration Protocol (DHCP).
Click OK to save your changes.
To create a static IP address pool
Open the RRAS MMC Snap-in.
Right-click the RRAS server name, and then click Properties. If you are using Server Manager, right-click Routing and Remote Access, and then click Properties.
On the Properties page, click the IPv4 tab.
Under IPv4 address assignment, click Static address pool.
Click Add.
In Start IP address, type a starting IP address.
Type either an ending IP address for the range in End IP address, or type the number of IP addresses in the range in Number of addresses, and then click OK.
To configure RRAS to use addresses from a DHCP server
Open the RRAS MMC Snap-in.
Right-click the server name for which you want to create a static IP address pool, and then click Properties. If you are using Server Manager, right-click Routing and Remote Access, and then click Properties.
On the Properties page, click the IPv4 tab.
Under IPv4 address assignment, click Dynamic Host Configuration Protocol (DHCP).
Click OK to save your changes.
Look into my second link. There is IP address assigning.
ASKER
ok, well I guess I got that done, with the static IP address pool.
ASKER
Ok, I'm connected, yea!
but my desktop says "No Network Access" and Remote access clients in the server console says I'm "not Nap-capable."
but my desktop says "No Network Access" and Remote access clients in the server console says I'm "not Nap-capable."
What Ip address have you assigned? You may need to add proper routing. Can you describe your network configuration? Now you should have access to Windows 2008 server with RDP if server's firewall is allowing it and it is enabled in server properties.
ASKER
I gave a range of Ip's 72.232.199.138 end *.141
By network configuration, do you mean on the server on here on the client?
I am in the server with Remote Desktop Connection, is that the same?
By network configuration, do you mean on the server on here on the client?
I am in the server with Remote Desktop Connection, is that the same?
here you can get detailed explanation of settings:
http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-1-configuring-remote-access-clients.aspx
http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-1-configuring-remote-access-clients.aspx
Do you like access to LAN after server or only to server?
I think it was not good idea to give VPN IPs from public addresses. You should assign addresses from private ranges:
http://en.wikipedia.org/wiki/Private_network
Something like 192.168.10.1 -192.168.10.20
I think it was not good idea to give VPN IPs from public addresses. You should assign addresses from private ranges:
http://en.wikipedia.org/wiki/Private_network
Something like 192.168.10.1 -192.168.10.20
ASKER
oh, ok I'll redo the IP's then.
I'm not sure what you mean here "Do you like access to LAN after server or only to
server?"
I don't really use the Windows Server 2008 in my home network setup. I just, at this point remote desktop in.
But I had hoped with VPN, I could map some drives to the win server 2008 on my home network. Is that what you are asking?
I'm not sure what you mean here "Do you like access to LAN after server or only to
server?"
I don't really use the Windows Server 2008 in my home network setup. I just, at this point remote desktop in.
But I had hoped with VPN, I could map some drives to the win server 2008 on my home network. Is that what you are asking?
ASKER
changed the ip address, to local, bt still not getting network access.
Will read latest link later, have to go for now
Will read latest link later, have to go for now
If it is stand alone server, all is clear. Usually VPN is used to connect frome home to office LAN and I've asked about it.
ASKER
no, it's a stand alone server
Is VPN connected successfully? Can you show detailed properties (all Ip settings) of connected VPN interface?
Untick default gateway in VPN's properties:
http://stevenharman.net/blog/archive/2007/01/26/VPN_Connections_and_Default_Gateways.aspx
Untick default gateway in VPN's properties:
http://stevenharman.net/blog/archive/2007/01/26/VPN_Connections_and_Default_Gateways.aspx
ASKER
I've never been on a vpn connection before, so I'm not sure where to find the VPN interface.
I've included a Screen Shot, of what I hope are helpful property dialog boxes... I hope it's not too confusing.
I have unticked the default gateway box.
I've included a Screen Shot, of what I hope are helpful property dialog boxes... I hope it's not too confusing.
I have unticked the default gateway box.
What IP address have your VPN connection? Is it from Address scope on RRAS server?
ASKER
yes, 3 private (local) ip's. I added them to the ip4 "section" of the network adapter. Do you want exact numbers? Remember I had orginally put the public IP's in there, then changed them to the local ip's.
I'm not really sure the server has 3 local IP's, come to think of it. I know a lease the server and it comes with a range of public static ip's but I'm not sure what that means as to the private local ip's.
I'm not really sure the server has 3 local IP's, come to think of it. I know a lease the server and it comes with a range of public static ip's but I'm not sure what that means as to the private local ip's.
This IP addresses should be assigned automatically. And yes, it will be good to see real IPs. Run after connection is established route print from command prompt and show results here (public IPs could be removed)
ASKER
Ok, wasn't sure which maching you meant, but this is dos output capture of ipconfig on
from connected client - laptop:
(attached text file is the same)
from connected client - laptop:
(attached text file is the same)
Windows IP Configuration
PPP adapter CryingOutCloud:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 169.254.0.20
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Let-a-Jerk LT:
Connection-specific DNS Suffix . : gateway.2wire.net
Link-local IPv6 Address . . . . . : fe80::e843:35a2:4b4e:f92a%11
IPv4 Address. . . . . . . . . . . : 192.168.1.81
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34bd:1c75:bc14:5dbc
Link-local IPv6 Address . . . . . : fe80::34bd:1c75:bc14:5dbc%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{254EC2ED-BC13-4F0F-9818-1085CDBCCF98}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{1851A54A-CB31-45A7-BB6B-27A7947BF1BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Tunnel adapter isatap.{4AC921F3-4ADF-468F-AC1F-F51BB7E16D7E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{C3146B4B-80EC-46BC-9F86-62A72BE00B57}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ASKER
This is IPconfig from server,
(attached file same as display):
(attached file same as display):
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d8cf:f10b:1ae8:f15a%10
IPv4 Address. . . . . . . . . . . : 72.232.199.138
Subnet Mask . . . . . . . . . . . : 255.255.255.248
IPv4 Address. . . . . . . . . . . : 72.232.199.139
Subnet Mask . . . . . . . . . . . : 255.255.255.248
IPv4 Address. . . . . . . . . . . : 72.232.199.140
Subnet Mask . . . . . . . . . . . : 255.255.255.248
IPv4 Address. . . . . . . . . . . : 72.232.199.141
Subnet Mask . . . . . . . . . . . : 255.255.255.248
IPv4 Address. . . . . . . . . . . : 72.232.199.142
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 72.232.199.137
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 169.254.0.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2002:48e8:c78a::48e8:c78a
IPv6 Address. . . . . . . . . . . : 2002:48e8:c78b::48e8:c78b
IPv6 Address. . . . . . . . . . . : 2002:48e8:c78c::48e8:c78c
IPv6 Address. . . . . . . . . . . : 2002:48e8:c78d::48e8:c78d
IPv6 Address. . . . . . . . . . . : 2002:48e8:c78e::48e8:c78e
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3402:10de:b717:3875
Link-local IPv6 Address . . . . . : fe80::3402:10de:b717:3875%11
Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ASKER
Kind of naive question, but what should I see, if connected properly? Will there be folders etc from server in my Network in windows explorer?
ASKER
I tried resetting the vpn on server using the technet blog, but still getting the no internet on laptop and not nap-capable.
I changed the security property on my machine to
eap, which is set on the server I think, and got this error:
"Error 812: The connection was prevented because of a policy configured
on your RAS/VPN server. Specifically, the authentication method used by
the server to verify your username and password may not match the
authentication method configured in your connection profile."
I changed the security property on my machine to
eap, which is set on the server I think, and got this error:
"Error 812: The connection was prevented because of a policy configured
on your RAS/VPN server. Specifically, the authentication method used by
the server to verify your username and password may not match the
authentication method configured in your connection profile."
Route print can help more, but can you try to make rdp connection to 169.254.0.19?
ASKER
The server is not allowing me to make remote desktop connection to the 169.254.0.19.
It does allow remote desktop connection to the public ip.
Is this what you wanted me to do, by making a "rdp connection?"
It does allow remote desktop connection to the public ip.
Is this what you wanted me to do, by making a "rdp connection?"
ASKER
I may have misunderstood a previous question you asked- my local connection from my laptop had been set to connect to the public address, though the ipv4 connection at the server was setup using the private range.
So I tried making a new connection from my laptop to the server, trying to connect to the private ip (169.254.0.19) with no luck. I got this error message:
The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
So I tried making a new connection from my laptop to the server, trying to connect to the private ip (169.254.0.19) with no luck. I got this error message:
The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
No, you should connect to public Ip, but, after connection is established, you should connect to server with private IP address, assigned from server VPN scope. With route print we can see have you proper routing to server through VPN or not. 169.254... range is reserved for adapter autoconfiguration and I can't recommend to use it. Reread this article, please:
http://en.wikipedia.org/wiki/Private_network
http://en.wikipedia.org/wiki/Private_network
ASKER
sorry, will re-read, as I am a bit confused now.... thanks, brb
ASKER
Ok, I've re-read that article but I need to read more, maybe I'll go back through all the links.
but in reference to your last comment;
when you say "No, you should connect to public Ip but after connection is established" connect to server with private ip..
So we're not talking about my general internet connection, right?
so I guess I need to connect to my server first, but how do I do that, with rdp or with an initial VPN connection to public ip, then another vpn to the private?
I'm going to read links again and maybe learn more... so sorry, just no experince in this field.
but in reference to your last comment;
when you say "No, you should connect to public Ip but after connection is established" connect to server with private ip..
So we're not talking about my general internet connection, right?
so I guess I need to connect to my server first, but how do I do that, with rdp or with an initial VPN connection to public ip, then another vpn to the private?
I'm going to read links again and maybe learn more... so sorry, just no experince in this field.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm back on it now, been in ER with child, (took some meds by mistake, but he's fine now) sorry for delays.
ASKER
Ok, here's the route print from my laptop. I unchecked all ipv6 options. I'm using only the MSchap v2, I think. I connected to the public ip at the server (CryingOutCloud).
On the server, I also unchecked the ipv6 options, and am using the MSchap v2 also, I think.
I set the ipv4 nic, under properties when right clicking the server under routing and remote Access to the public IP addresses.
Now I'm going to run a route print from the server and post it the next (following) comment box
On the server, I also unchecked the ipv6 options, and am using the MSchap v2 also, I think.
I set the ipv4 nic, under properties when right clicking the server under routing and remote Access to the public IP addresses.
Now I'm going to run a route print from the server and post it the next (following) comment box
===========================================================================
Interface List
21...........................CryingOutCloud
12...ac 72 89 66 43 6f ......Intel(R) Centrino(R) Wireless-N 1030
16...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter #2
15...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter
14...ac 72 89 66 43 73 ......Bluetooth Device (Personal Area Network)
11...14 fe b5 c3 b1 37 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.80 25
72.0.0.0 255.0.0.0 72.232.199.138 72.232.199.139 26
72.232.199.138 255.255.255.255 192.168.1.254 192.168.1.80 26
72.232.199.139 255.255.255.255 On-link 72.232.199.139 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
192.168.1.80 255.255.255.255 On-link 192.168.1.80 281
192.168.1.255 255.255.255.255 On-link 192.168.1.80 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.80 281
224.0.0.0 240.0.0.0 On-link 72.232.199.139 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.80 281
255.255.255.255 255.255.255.255 On-link 72.232.199.139 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 1130 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:8ec:2fce:bc14:5dbc/128
On-link
17 1030 2002::/16 On-link
17 286 2002:48e8:c78b::48e8:c78b/128
On-link
12 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::8ec:2fce:bc14:5dbc/128
On-link
12 281 fe80::e9f8:f42e:dc20:56cb/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneASKER
ok, here's route print from the server, and by the way, I was also connected via remote destop during both of these route printer captures.
===========================================================================
Interface List
10 ...00 19 db 2f 7c fa ...... Broadcom NetXtreme Gigabit Ethernet
19 ........................... RAS (Dial In) Interface
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{D8842090-8927-44AC-8EC7-56F00EEA8E91}
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
20 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 72.232.199.137 72.232.199.138 276
72.232.199.136 255.255.255.248 On-link 72.232.199.138 276
72.232.199.138 255.255.255.255 On-link 72.232.199.138 276
72.232.199.142 255.255.255.255 On-link 72.232.199.138 276
72.232.199.143 255.255.255.255 On-link 72.232.199.138 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.0.19 291
169.254.0.19 255.255.255.255 On-link 169.254.0.19 291
169.254.255.255 255.255.255.255 On-link 169.254.0.19 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 72.232.199.138 276
224.0.0.0 240.0.0.0 On-link 169.254.0.19 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 72.232.199.138 276
255.255.255.255 255.255.255.255 On-link 169.254.0.19 291
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 72.232.199.137 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:20af:3200:b717:3875/128
On-link
14 1010 2002::/16 On-link
14 266 2002:48e8:c78a::48e8:c78a/128
On-link
14 266 2002:48e8:c78b::48e8:c78b/128
On-link
14 266 2002:48e8:c78c::48e8:c78c/128
On-link
14 266 2002:48e8:c78d::48e8:c78d/128
On-link
14 266 2002:48e8:c78e::48e8:c78e/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::20af:3200:b717:3875/128
On-link
10 276 fe80::d8cf:f10b:1ae8:f15a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Here you can see problem:
laptop:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
server:
169.254.0.0 255.255.0.0 On-link 169.254.0.19
You should have same routing from server side.
Check IP settings of VPN server. May be there is DHCP, when you have no it.
laptop:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
server:
169.254.0.0 255.255.0.0 On-link 169.254.0.19
You should have same routing from server side.
Check IP settings of VPN server. May be there is DHCP, when you have no it.
ASKER
Ok, working it hard, been reading through help files on server, but still not getting there.
I don't need two nic cards do I? As their is a lot of discussion of interior and permimetor adapters.
should the server look identical like this:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
server:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
per your last comment?
I don't need two nic cards do I? As their is a lot of discussion of interior and permimetor adapters.
should the server look identical like this:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
server:
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
per your last comment?
ASKER
This is from help files. I wonder if I went wrong here:
"Determine which network interface connects to the Internet and which network interface connects to your private network.
During configuration, you will be asked to choose which network interface connects to the Internet. If you specify the incorrect interface, your remote access VPN server will not operate correctly."
"Determine which network interface connects to the Internet and which network interface connects to your private network.
During configuration, you will be asked to choose which network interface connects to the Internet. If you specify the incorrect interface, your remote access VPN server will not operate correctly."
ASKER
Hmm, this is route print from server:
169.254.0.0 255.255.0.0 On-link 169.254.0.19 291
===========================================================================
Interface List
10 ...00 19 db 2f 7c fa ...... Broadcom NetXtreme Gigabit Ethernet
19 ........................... RAS (Dial In) Interface
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{D8842090-8927-44AC-8EC7-56F00EEA8E91}
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
20 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 72.232.199.137 72.232.199.138 276
72.232.199.136 255.255.255.248 On-link 72.232.199.138 276
72.232.199.138 255.255.255.255 On-link 72.232.199.138 276
72.232.199.143 255.255.255.255 On-link 72.232.199.138 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.0.19 291
169.254.0.19 255.255.255.255 On-link 169.254.0.19 291
169.254.255.255 255.255.255.255 On-link 169.254.0.19 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 72.232.199.138 276
224.0.0.0 240.0.0.0 On-link 169.254.0.19 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 72.232.199.138 276
255.255.255.255 255.255.255.255 On-link 169.254.0.19 291
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 72.232.199.137 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:20af:3200:b717:3875/128
On-link
14 1010 2002::/16 On-link
14 266 2002:48e8:c78a::48e8:c78a/128
On-link
14 266 2002:48e8:c78b::48e8:c78b/128
On-link
14 266 2002:48e8:c78c::48e8:c78c/128
On-link
14 266 2002:48e8:c78d::48e8:c78d/128
On-link
14 266 2002:48e8:c78e::48e8:c78e/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::20af:3200:b717:3875/128
On-link
10 276 fe80::d8cf:f10b:1ae8:f15a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None169.254.0.0 255.255.0.0 On-link 169.254.0.19 291
ASKER
well, maybe not, but for good measure, here's the latest from the laptop:
===========================================================================
Interface List
20...........................CryingOutCloud
12...ac 72 89 66 43 6f ......Intel(R) Centrino(R) Wireless-N 1030
16...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter #2
15...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter
14...ac 72 89 66 43 73 ......Bluetooth Device (Personal Area Network)
11...14 fe b5 c3 b1 37 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.80 30
72.0.0.0 255.0.0.0 72.232.199.138 72.232.199.140 26
72.232.199.138 255.255.255.255 192.168.1.254 192.168.1.80 31
72.232.199.140 255.255.255.255 On-link 72.232.199.140 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.80 286
192.168.1.80 255.255.255.255 On-link 192.168.1.80 286
192.168.1.255 255.255.255.255 On-link 192.168.1.80 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.80 286
224.0.0.0 240.0.0.0 On-link 72.232.199.140 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.80 286
255.255.255.255 255.255.255.255 On-link 72.232.199.140 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 1130 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:18bf:1f29:bc14:5dbc/128
On-link
17 1030 2002::/16 On-link
17 286 2002:48e8:c78c::48e8:c78c/128
On-link
12 286 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::18bf:1f29:bc14:5dbc/128
On-link
12 286 fe80::e9f8:f42e:dc20:56cb/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneASKER
Ok, sorry for all the reports, but this is from laptop and has changed:
this is new
169.254.0.0 255.255.0.0 169.254.0.19 169.254.0.20 26
169.254.0.20 255.255.255.255 On-link 169.254.0.20 281
this is new
169.254.0.0 255.255.0.0 169.254.0.19 169.254.0.20 26
169.254.0.20 255.255.255.255 On-link 169.254.0.20 281
===========================================================================
Interface List
20...........................CryingOutCloud
12...ac 72 89 66 43 6f ......Intel(R) Centrino(R) Wireless-N 1030
16...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter #2
15...ac 72 89 66 43 70 ......Microsoft Virtual WiFi Miniport Adapter
14...ac 72 89 66 43 73 ......Bluetooth Device (Personal Area Network)
11...14 fe b5 c3 b1 37 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.80 25
72.232.199.138 255.255.255.255 192.168.1.254 192.168.1.80 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 169.254.0.19 169.254.0.20 26
169.254.0.20 255.255.255.255 On-link 169.254.0.20 281
192.168.1.0 255.255.255.0 On-link 192.168.1.80 281
192.168.1.80 255.255.255.255 On-link 192.168.1.80 281
192.168.1.255 255.255.255.255 On-link 192.168.1.80 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.80 281
224.0.0.0 240.0.0.0 On-link 169.254.0.20 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.80 281
255.255.255.255 255.255.255.255 On-link 169.254.0.20 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:3874:2d7:bc14:5dbc/128
On-link
12 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::3874:2d7:bc14:5dbc/128
On-link
12 281 fe80::e9f8:f42e:dc20:56cb/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Can you now ping from laptop 169.254.0.19? And rdp to this address?
ASKER
Ping seems to be working:
Pinging 169.254.0.19 with 32 bytes of data:
Reply from 169.254.0.19: bytes=32 time=123ms TTL=128
Reply from 169.254.0.19: bytes=32 time=107ms TTL=128
Reply from 169.254.0.19: bytes=32 time=75ms TTL=128
Reply from 169.254.0.19: bytes=32 time=63ms TTL=128
Ping statistics for 169.254.0.19:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 123ms, Average = 92msASKER
Yes RDP to that ip does work.
The link from the laptop show shows no internet access when I connect from laptop to Server with the VPN connection, though.
The link from the laptop show shows no internet access when I connect from laptop to Server with the VPN connection, though.
If you can't connect to Internet when VPN is connected: open VPN adapter properties, TCP/IP properties, Advanced and uncheck "Use default gateway..."
ASKER
I had already unchecked the gateway box. I tried re-checking but still no internet so I unchecked it again.
Am I suppose to have internet access with this connection? (See CryingOutCloud in attached screen shot)
And truthfully I don't really know what to look for. I assume that the server's shared drives will show up under network in my explorerer and I can then map them. Is that right?
Am I suppose to have internet access with this connection? (See CryingOutCloud in attached screen shot)
And truthfully I don't really know what to look for. I assume that the server's shared drives will show up under network in my explorerer and I can then map them. Is that right?
It is normal. Don't take in mind. Really you don't need internet access through VPN.
ASKER
Ok, thank you. Well what do I do next? or how do I utilize the VPN?
You can RDP to server. What else do you need?
ASKER
Hmm, like I said, I'm just learning here. And I am thankful to bet a VPN connection working but I can/could RDP to server without VPN. Is VPN just more secure?
I thought VPN would allow me to map drives from my server onto my local destop/client...
I've been reading about RDP which provides this feature:
"Terminal Services Gateway: Enables the ability to use a front-end IIS server to accept connections (over port 443) for back-end Terminal Services servers via an https connection, similar to how RPC over https allows Outlook clients to connect to a back-end Exchange 2003 server. Requires Windows Server 2008
Read more: http://www.unp.me/f140/remote-desktop-protocol-or-mstsc-60967/#ixzz1uNLdNP1q"
Maybe I need that...
I'm going to read some more on what basic VPN service should provide.
Thanks again, I don't want to appear unhappy with our achievements. I just need a "VPN for dummies" book or something.
I thought VPN would allow me to map drives from my server onto my local destop/client...
I've been reading about RDP which provides this feature:
"Terminal Services Gateway: Enables the ability to use a front-end IIS server to accept connections (over port 443) for back-end Terminal Services servers via an https connection, similar to how RPC over https allows Outlook clients to connect to a back-end Exchange 2003 server. Requires Windows Server 2008
Read more: http://www.unp.me/f140/remote-desktop-protocol-or-mstsc-60967/#ixzz1uNLdNP1q"
Maybe I need that...
I'm going to read some more on what basic VPN service should provide.
Thanks again, I don't want to appear unhappy with our achievements. I just need a "VPN for dummies" book or something.
VPN is only one kind of secure connection between computers. With VPN you can have only one set of ports opened on server's external interface and work with your server as it is in your LAN.
You usually have different ways to accomplish your task and only you can decide how to do it. So at first you should describe task and only then try to find means.
You can now map your server's shared folders (if Microsoft file sharing protocol is enabled for VPN connection on both sides). Use server's Ip address for mapping: \\169.254.0.19\SharedFolde
You usually have different ways to accomplish your task and only you can decide how to do it. So at first you should describe task and only then try to find means.
You can now map your server's shared folders (if Microsoft file sharing protocol is enabled for VPN connection on both sides). Use server's Ip address for mapping: \\169.254.0.19\SharedFolde
ASKER
Yes, perfect that's what I want to do map the shared folders on my server, though I didn't really specify that until comment ID: 37907381, so sorry. Just really wasn't sure what VPN was all about, but I think we're on it now.
Let me give that a try. Thank you.
Let me give that a try. Thank you.
ASKER
Well I think I have file sharing protocal enabled at both sides, but right now my destop client says it can't find the path I'm using.
I'm using basically this :
\\169.254.0.19\SharedFolde
I've tried with the name CryingoutCloud, as that's how winserver 2008 suggested it as a link.
No luck. And I've tried using the 72.232.199.38 outside ip but it is not recognized either.
We are getting soooo close...
I'm using basically this :
\\169.254.0.19\SharedFolde
I've tried with the name CryingoutCloud, as that's how winserver 2008 suggested it as a link.
No luck. And I've tried using the 72.232.199.38 outside ip but it is not recognized either.
We are getting soooo close...
ASKER
by the way, it's pinging just fine, the 169.254.0.19
It may be also server's firewall problem. You should allow all traffic from 169.254.0.20
ASKER
well I've trying for days to figure out why I can't connect. I think everything is set right to allow in Windows firewall... for private and public, but not domain.
I've got the proper ports and protocol.
I think file and printer sharing is activated automatically for VPN connections (so I read) but do you think this might have something to do with my problem.
I've got the proper ports and protocol.
I think file and printer sharing is activated automatically for VPN connections (so I read) but do you think this might have something to do with my problem.
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Enable No Remote DesktopASKER
or is there anotherway I should be allowing all traffice to 169.254.0.20 ?
As that IP was never really in Windows firewall and I couldn't find another place to allow it
Should I add an exception or add it as a program to the Firewall?
As that IP was never really in Windows firewall and I couldn't find another place to allow it
Should I add an exception or add it as a program to the Firewall?
As I can see file and printer sharing is disabled for all profiles.
You can check binding of protocols to adapters in Advanced Adapters properties:
http://blogs.technet.com/b/sharepointcomic/archive/2009/11/14/network-card-adapters-and-bindings-on-windows-server-2008.aspx
Microsoft network and File sharing should be enabled for your remote connections.
You can check binding of protocols to adapters in Advanced Adapters properties:
http://blogs.technet.com/b/sharepointcomic/archive/2009/11/14/network-card-adapters-and-bindings-on-windows-server-2008.aspx
Microsoft network and File sharing should be enabled for your remote connections.
ASKER
well thanks, that link is helpful for getting to the advanced properties. But even there I get no option for viewing properties or adjusting anything with the file and Print share protocal... see Screen shot.
I don't think I have a WINS server. Would that matter?
I don't think I have a WINS server. Would that matter?
You don't need WINS. But I'm not sere it is good idea to enabel Client and File sharing for LAN Adapter, which is in your case public network. You should enable them only for remote Access Connections
ASKER
The Remote Access Connection in the screen shot above, does not allow me to access any properties to it.
I'm not sure how to enable Print and File share in private network.
I'm not sure how to enable Print and File share in private network.
Please, check once more your steps for incoming connection:
http://serverfault.com/questions/224075/connecting-to-a-windows-server-2008-through-vpn
http://serverfault.com/questions/224075/connecting-to-a-windows-server-2008-through-vpn
ASKER
will do thank you
ASKER
sorry for delay, got busy with my school work... back now
ASKER
well, I tried to set everything up per lastest link, but no luck. See screenshot error
this error was on laptop.
I don't know about you, but I'm about ready to hand this one up?
ha, but I do really appreactate all your help.
this error was on laptop.I don't know about you, but I'm about ready to hand this one up?
ha, but I do really appreactate all your help.
Seems port 445 is not opened in firewall (on server side).
Here are ports:
http://technet.microsoft.com/en-us/library/cc731402.aspx
You should open these ports only for VPN connections
Here are ports:
http://technet.microsoft.com/en-us/library/cc731402.aspx
You should open these ports only for VPN connections
ASKER
this is a sreen shot of my firewall private prolie mode, as it says private is active.
Looks like all are shared, maybe too wide open.
But I still can't connect to a share locally from desktop. I can still ping to 169.254.0.19 with no problem.
Should I do the same for the public profile?
Looks like all are shared, maybe too wide open.
But I still can't connect to a share locally from desktop. I can still ping to 169.254.0.19 with no problem.
Should I do the same for the public profile?
Looks like network discovery is enabled, but file and printer sharing - not.
Is your server 2008 or 2008 R2?
Here are required steps for 2008 and 2008 R2:
http://technet.microsoft.com/en-us/library/gg252577(v=ws.10).aspx
Is your server 2008 or 2008 R2?
Here are required steps for 2008 and 2008 R2:
http://technet.microsoft.com/en-us/library/gg252577(v=ws.10).aspx
ASKER
thank you, I'll check the link and do it.
ASKER
Oh my server is 2008. I have a licensed copy of 2008 R2, but haven't wanted to go through the steps of installing it remotely.
ASKER
well no luck yet. I did the changes per the link, but no share from here. But now I've somehow lost connection completely to 169.***0.19. No ping or vpn connection.
?? I'll work on it later and get back to you. I"ve got some fresh route print and ipconfig logs.
?? I'll work on it later and get back to you. I"ve got some fresh route print and ipconfig logs.
ASKER
thanks so much for all your help.... will try later to finish this up.
You are welcome.
2008:
http://www.howtonetworking.com/Windows/2008vpn1.htm
2008 R2:
http://www.thomasmaurer.ch/2010/10/how-to-install-vpn-on-windows-server-2008-r2/