Solved

Help with setting up a VPN. Can connect but get no internet access

Posted on 2014-07-28
23
6,102 Views
Last Modified: 2014-08-21
I am having trouble setting up a VPN connection for my network.
I have the VPN installed on our windows 2008 server.
On two of the PC's that I am using to connect to are windows 7 and the other one is windows 8.
In all of these I can make the connection to the VPN but I do not have any internet connection once I am connected.
I have been through many tutorials and forums on-line and cannot resolve this issue.
Any help would be greatly appreciated!
0
Comment
Question by:meteorelec
  • 12
  • 11
23 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 40223952
There is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. You can disable this if you wish. To do so on the client/connecting PC, go to:
For Vista: control panel | network & sharing center | connections | manage network connections | right click on the VPN/Virtual adapter and choose properties | Networking | Internet Protocol Version 4 (TCP/IP v4) -properties | Advanced | IP settings | un-check  "Use default gateway on remote network")
For Win 7/8: control panel | network & sharing center | change adapter settings | right click on the VPN/Virtual adapter and choose properties | Networking | Internet Protocol Version 4 (TCP/IP v4) -properties | Advanced | IP settings | un-check  "Use default gateway on remote network")
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40224149
Thank you Rob that solved my problem.
However I have an additional PC from my home location which is windows 8 and I have never been able to establish a connection at all even though I have all the settings the same. I keep getting error code 720. Would you know anything about this?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40224181
A couple of thoughts:
-If trying to connect at the same time as the other machine it is possible the local router (client site) may not support multiple PPTP connections - very common
-Try resetting the TCP/IP stack on the problematic PC.  To do so from an elevated command prompt run  
     netsh int ip reset c:\resetlog.txt
or see:  http://support.microsoft.com/kb/299357
-It may be a protocol difference. .  Under properties of the VPN connection/virtual adapter, under Network and sharing / Change adapter settings,  slect the "Security" tab and set type of VPN to PPTP, assuming that is what it is, and make sure under "allow these protocols" that "Microsoft Chap version 2 (MS-Chap v2)" is selected
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40224379
Thanks Rob resetting the TCP/IP Stack worked. I will mark you as the solution in both questions.

However I am back to the start where I am unable to access anything on the network.
I have tried ping'in multiple servers and only get a request timed out.
The internet does seem to be working although I am suspicious that the connection is coming through the WIFI just.
Also I have the 'use default gateway on remote network' unchecked.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40224402
Hi meteorelec.
I am not sure I understand the current problem. You are not able to establish a VPN connection now, but could be fore? Or you connect but cannot access resources?
Is this on the Win 7 or Win 8 machine?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40224433
Sorry if I was not clear before.
I am able to establish a VPN connection with all computers but I believe none of them can access the resources in the network. I am only able to test the PC that is not located at the work place as the others are currently connected to the network using ethernet cables.
When un-checking the 'use default gateway on remote network' this has allowed me to view webpages but still no access to any network devices or any other resource.
Hope this is more clear Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40224539
Usually when you can connect to a site using a VPN connection but cannot access resources it is because the local and remote subnets are the same, such as both sites using 192.168.0.x.  Might this be the case?  The sites must be different for routing to take place.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40228599
I am not sure how to check this but the remote IP address is being assigned automatically by the DCHP and the IP address of the server hosting the VPN is 100.0.1.237 subnet 255.255.0.0
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40228628
Very unusual choice of IP's and subnets. 100.0.1.237  is a public IP rather than private and may cause problems, especially if  "Use default gateway on remote network" is checked, and 255.255.0.0 is a very large subnet.

Could you connect the VPN and then post the results from a command line of  both
ipconfig /all
and
route print
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40228689
It is the work internal IP address I am not too sure on how everything was set up.
This is the results from the remote station connected to the VPN connection

C:\Users\admin>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Edvinas-Pur-PC
   Primary Dns Suffix  . . . . . . . : meteorelectrical.int
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : meteorelectrical.int
                                       home

PPP adapter Meteor Electrical:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Meteor Electrical
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 100.0.2.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 100.0.1.238
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-85-56-BB-9B-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A4-1F-72-8A-EB-41
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Dell Wireless 1506 802.11b|g|n (2.4GHz)
   Physical Address. . . . . . . . . : BC-85-56-BB-9B-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e18e:2747:7dad:1405%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 29 July 2014 16:06:35
   Lease Expires . . . . . . . . . . : 30 July 2014 16:06:35
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 331122006
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4E-8A-AA-A4-1F-72-8A-EB-4

   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:14d7:1560:a95d:40d3(Pre
erred)
   Link-local IPv6 Address . . . . . : fe80::14d7:1560:a95d:40d3%8(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4E-8A-AA-A4-1F-72-8A-EB-4

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{342444B4-BEE6-4849-B71C-502C49CBDE5D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:6400:209::6400:209(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-4E-8A-AA-A4-1F-72-8A-EB-4

   DNS Servers . . . . . . . . . . . : 100.0.1.238
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes




C:\Users\admin>route print
===========================================================================
Interface List
 37...........................Meteor Electrical
  7...1e 85 56 bb 9b 60 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...a4 1f 72 8a eb 41 ......Realtek PCIe GBE Family Controller
  3...bc 85 56 bb 9b 60 ......Dell Wireless 1506 802.11b|g|n (2.4GHz)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.76     25
          0.0.0.0          0.0.0.0         On-link         100.0.2.9     26
     88.96.72.116  255.255.255.255    192.168.1.254     192.168.1.76     26
        100.0.0.0        255.0.0.0       100.0.2.12        100.0.2.9     26
        100.0.2.9  255.255.255.255         On-link         100.0.2.9    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.76    281
     192.168.1.76  255.255.255.255         On-link      192.168.1.76    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.76    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.76    281
        224.0.0.0        240.0.0.0         On-link         100.0.2.9    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.76    281
  255.255.255.255  255.255.255.255         On-link         100.0.2.9    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6ab8:14d7:1560:a95d:40d3/128
                                    On-link
  6   1030 2002::/16                On-link
  6    286 2002:6400:209::6400:209/128
                                    On-link
  3    281 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::14d7:1560:a95d:40d3/128
                                    On-link
  3    281 fe80::e18e:2747:7dad:1405/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\admin>
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40228695
It appears to me that the VPN traffic is being sent to your default gateway (Internet) rather than the VPN, and thus lost, this would be due to the subnet assigned in the routing table (255.0.0.0) and the fact that it is a public IP.  I may be wrong, but if not, I know of no way to fix this.  With the "use remote default gateway" checked you should be able to access the corporate LAN but not the local network or local printers.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 2

Author Comment

by:meteorelec
ID: 40228736
Yea that is what I thought was happening. We had this all set up and working beforehand but our domain controller gave way recently and this is where the VPN connection was stored on so it should be able to set up on the new server.
I checked the 'use remote default gateway' option on the remote PC but this made me lose connection to the internet as well.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40228750
>>"I checked the 'use remote default gateway' option on the remote PC but this made me lose connection to the internet as well."
It will.  It blocks everything but a path to the corporate network.  However, in that state can you access server resources via the VPN?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40228774
No I cannot access anything in this state
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40228827
Not even pinging the server by IP?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40228893
When I check the 'use remote default gateway' option on the pc that is not located in the same building I have no access to anything. No internet connection and cannot ping the server.
However if I check the 'use remote default gateway' option on the pc that I am currently on which is in the building and connected by ethernet to the network already I have no internet connection on the pc but I am able to use network resources and connect to the internet by remote desktop onto the server or different other network servers.
I would then assume that this is using my ethernet connection to do this?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40235095
The 'use remote default gateway'  option changes the routing table.
Basically the VPN is not working.
Out of curiosity, could you connect the VPN and then run:
tracert  100.0.1.237
and post the results, assuming 100.0.1.237 is the server's VPN IP.
Thanks.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40238455
This is being performed on the computer that is connected via ethernet on the companies network. I connected the VPN then ran this.

C:\Users\mhs>tracert 100.0.1.237

Tracing route to dc_c.meteorelectrical.int [100.0.1.237]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  dc_c.meteorelectrical.int [100.0.1.237]

Trace complete.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40239556
Do you mean you are on the same LAN as the VPN server?
If so I am afraid that is of little help.  I was trying to determine when off site if the routing tries to go through the VPN tunnel or via the Internet and lost.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40243099
Yes I was sorry.
This is the results from the off site PC

Tracing route to pool-100-0-1-237.bstnma.fios.verizon.net [100.0.1.237]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
10     *        *        *     Request timed out.
11     *        *        *     Request timed out.
12     *        *        *     Request timed out.
13     *        *        *     Request timed out.
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.
16     *        *        *     Request timed out.
17     *        *        *     Request timed out.
18     *        *        *     Request timed out.
19     *        *        *     Request timed out.
20     *        *        *     Request timed out.
21     *        *        *     Request timed out.
22     *        *        *     Request timed out.
23     *        *        *     Request timed out.
24     *        *        *     Request timed out.
25     *        *        *     Request timed out.
26     *        *        *     Request timed out.
27     *        *        *     Request timed out.
28     *        *        *     Request timed out.
29     *        *        *     Request timed out.
30     *        *        *     Request timed out.

Trace complete.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40243470
This was my concern.   100.0.1.237 is a public IP so it is trying to access via the Internet and not through the VPN.
Was this with VPN connected and "use remote default gateway" checked?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 40243667
What are the options around this then? Our previous VPN connection was on the internal ip address 100.0.1.236 and was working.
Yea the VPN was connected and 'use remote default gateway' was also checked.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40243867
Using public IP's on a LAN can be problematic, especially with a VPN, but at least with the "use default remote gateway" option checked, it should work.

The routing table is showing all 100.0.0.0/8 traffic should be forced through the VPN, but it does not seem to be happening based on your tracert
 100.0.0.0        255.0.0.0       100.0.2.12        100.0.2.9

Though that should work, perhaps try:
connect the VPN
verify the PPP/VPN IP of the client is still 100.0.2.9
add a route using:
route add  100.0.0.0  mask  255.255.0.0  100.0.2.9
          note the mask                      ^
Try pinging the server 10.0.1.237

You can remove the temporary route with
route delete  10.0.0.0
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now