Avatar of Winfix1
Winfix1
 asked on

SBS 2011 VPN connectivity problem

Hi

Have just setup SBS 2011 and enabled the VPN functionality.

Here is my setup. The server currently sits behind a firewall (Vigor 2830) on my LAN. My LAN ip's 192.168.1.x with the interface to the firewall at 192.168.1.87. The SBS 2011 sits behind the firewall at 192.168.12.4 with its gateway being the firewall at 192.168.12.3. The SBS connects to the internet fine, RWW works fine etc, exchange works fine. Port 1723 is open on the firewall.

The VPN however will not connect. If I create a new VPN connection from my PC pointing at 192.168.1.87 with a username and password of a user on the SBS 2011, I get verifying username and password then Connecting to 192.168.1.87 using WAN Miniport SSTP, then its asks to Reenter the username and password again saying the orginal was not correct... but it was I have used several usernames and password and reset them... they are definitely correct. The users are enabled for VPN connection too. The SBS DHCP seems to be issuing an address as well.

How can I troubleshoot this? I Cant find any sensible logs? Is this because my PC is on 192.168.1.x subnet the same as the untrusted interface to the firewall?

Thanks
SBSNetworkingWindows Server 2008

Avatar of undefined
Last Comment
Rob Williams

8/22/2022 - Mon
Rob Williams

You have a dual NAT situation where you have:
Internet <=> device <=> subnet 192.168.1.x <=> device <=> subnet 192.168.12.x
The VPN will not work in this way. The device closest to the Internet will need to be put in Bridge mode, effectivly  disabling its NAT feature and allowing the inter device to have a public IP.

Your exact hard war config is not clear to  mea s to what the two deevices are but usualy the outer is a combined modem/router , which needs to be bridged..

SBS must have only 1 NIC enabled as well.
Winfix1

ASKER
Thanks

Now I have connected the SBS 2011 server directly to the internet (through a  firewall of course, Vigor 2830) so there is only one firewall/router. I then checked from a remote site that I could connect to RWW, Exchange etc. All is fine. Still when I create a VPN I get exactly the same problem as above.

The server does have 2 NICs but one is disabled and ports 1723 etc are open.

Any more ideas?
ASKER CERTIFIED SOLUTION
Rob Williams

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Winfix1

ASKER
Thanks RobWill

I didnt think to try to setup a VPN connection on the server itself to itself. This worked fine.

Your comment about GRE being blocked led me to check whether the Vigor 2830 allows VPN passthrough... in default mode it does not! So I followed the instructions on http://www.draytek.co.uk/support/kb_vigor_passthrough.html and just unticked the Enable PPTP VPN Service. Saved the settings on the firewall and it all works fine.

Thanks again.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Winfix1

ASKER
Excellent thanks RobWill.
Rob Williams

Great, glad to hear.  Thanks Winfix1
Cheers!
--Rob