Solved

Windows PPTP VPN can connect, but not communicate.

Posted on 2014-03-20
8
849 Views
Last Modified: 2014-03-28
Hello,

I have a Server 2012 that I set up RRAS PPTP VPN access on. On any client/platform I can authenticate and connect without issue. I can also ping the router of the remote network and get response. However, I can not ping or access any computers on the remote network by either name or IP. I currently have RRAS configured fro DHCP passthrough from the DHCP server located on the same box. I pull an address from the pool, but it lacks subnet and gateway. I've looked through the RRAS options and see nothing. The DHCP server is configured correctly as the settings (subnet, router, etc) are all correct and this is the same pool the computers on the remote network obtain addressing from without issue. Did some searching on Google, but found nothing to point me in the right direction.
0
Comment
Question by:Mandr1ch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39942863
On your client side make sure your router if you are using one allows VPN passthru and is enabled.

Also do you a firewall turned on?  you need to allow tcp port 1723 and protocol port 47 GRE
0
 

Author Comment

by:Mandr1ch
ID: 39943257
Using a Netgear WNR1000V3 behind a Comcast SMB. Ports 1723 and 47 are open on the Netgear. The SMB is configured in bridge mode and a static public IP is applied to the WAN side of the router. I've tried specifying the server IP as DMZ on the Netgear and had the same issue.

I have to go back and check, but now that I'm thinking of it, I had a hub connected up in between the Netgear and SMB to capture traffic. If I recall correctly, I could connect and browse when I tested the VPN. Might be the SMB interfering though it is in passthrough mode. Hrm...
0
 

Author Comment

by:Mandr1ch
ID: 39950672
I was incorrect. I was getting responses because I also had a wireless connection to the local network while testing on site. I currently am connecting through a hub connected to the WAN side of the router. Like before, I can authenticate, but can not browse. The only device I can access is the router via internal IP.  I have the router set to DMZ mode for the server IP.

As before, I am getting an IP from the DHCP pool. No subnet mask. For some reason the gateway IP is the server itself. Though it's an IP created in RRAS and not the actual IP assigned to the NIC.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 9

Expert Comment

by:M Roe
ID: 39951341
Try to turn off the DMZ mode.  With firewall you need to have icmp open to get replies from ping.  You should also get the same default gateway as your internal network is getting.  I would check and make sure that the RRAS is not giving out different IP addresses
0
 

Author Comment

by:Mandr1ch
ID: 39951881
I get the same results with DMZ enabled and disabled. Currently switched it back to disabled.  I believe it's an addressing related issue. After removing and re-adding RRAS I did get things somewhat working. However, I'm still getting odd addressing. So I would expect to see something like this.

IP: 192.168.0.220
Sub: 255.255.255.0
Gate: 192.168.0.1

However, while I do get an address from the DHCP pool assigned, it looks more like this:

IP: 192.168.0.220
Gate 192.168.0.201

I can't ping  or connect to the server by it's normal IP. But if I put in that incorrect gateway, I get ping and connectivity as that IP is also the server.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39953181
is your RRAS running in a virtual?
0
 
LVL 9

Accepted Solution

by:
M Roe earned 500 total points
ID: 39953779
Do you have a DHCP relay agent setup in RRAS?  This will use your current DHCP addresses and gateway like your other clients.  VPN thinks it is another network when you connect to it from a client.  This is by default.

Here is also a good link to set this up

http://myhosting.com/kb/index.php?/article/AA-01167/0/Create-a-VPN-on-Windows-Server-2012-VPS.html
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39962320
Did you setup the relay agent?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question