Avatar of Winfix1
 asked on

SBS 2011 VPN connectivity problem


Have just setup SBS 2011 and enabled the VPN functionality.

Here is my setup. The server currently sits behind a firewall (Vigor 2830) on my LAN. My LAN ip's 192.168.1.x with the interface to the firewall at The SBS 2011 sits behind the firewall at with its gateway being the firewall at The SBS connects to the internet fine, RWW works fine etc, exchange works fine. Port 1723 is open on the firewall.

The VPN however will not connect. If I create a new VPN connection from my PC pointing at with a username and password of a user on the SBS 2011, I get verifying username and password then Connecting to using WAN Miniport SSTP, then its asks to Reenter the username and password again saying the orginal was not correct... but it was I have used several usernames and password and reset them... they are definitely correct. The users are enabled for VPN connection too. The SBS DHCP seems to be issuing an address as well.

How can I troubleshoot this? I Cant find any sensible logs? Is this because my PC is on 192.168.1.x subnet the same as the untrusted interface to the firewall?

SBSNetworkingWindows Server 2008

Avatar of undefined
Last Comment
Rob Williams

8/22/2022 - Mon
Rob Williams

You have a dual NAT situation where you have:
Internet <=> device <=> subnet 192.168.1.x <=> device <=> subnet 192.168.12.x
The VPN will not work in this way. The device closest to the Internet will need to be put in Bridge mode, effectivly  disabling its NAT feature and allowing the inter device to have a public IP.

Your exact hard war config is not clear to  mea s to what the two deevices are but usualy the outer is a combined modem/router , which needs to be bridged..

SBS must have only 1 NIC enabled as well.


Now I have connected the SBS 2011 server directly to the internet (through a  firewall of course, Vigor 2830) so there is only one firewall/router. I then checked from a remote site that I could connect to RWW, Exchange etc. All is fine. Still when I create a VPN I get exactly the same problem as above.

The server does have 2 NICs but one is disabled and ports 1723 etc are open.

Any more ideas?
Rob Williams

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks RobWill

I didnt think to try to setup a VPN connection on the server itself to itself. This worked fine.

Your comment about GRE being blocked led me to check whether the Vigor 2830 allows VPN passthrough... in default mode it does not! So I followed the instructions on http://www.draytek.co.uk/support/kb_vigor_passthrough.html and just unticked the Enable PPTP VPN Service. Saved the settings on the firewall and it all works fine.

Thanks again.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Excellent thanks RobWill.
Rob Williams

Great, glad to hear.  Thanks Winfix1