We help IT Professionals succeed at work.

Configure RRAS VPN with Off Subnet Clients

pords
pords asked
on
1,571 Views
Last Modified: 2014-11-10
I am trying to configure PPTP VPN in a windows server 2008 R2 box with a single NIC. The RRAS config part and firewall pass-through is working just fine. I am able to connect from outside and get a valid IP address. The goal is to give remote clients a different IP Subnet and still be able to access the IP Subnet where the VPN Server is.

Here are the Addressing Schemes i am using:

vpn clients - Static IP Pool - 10.255.255.0/24
Local network (including vpn server) - 192.168.100.0/24

VPN server IPs: 192.168.100.11 (physical) | 10.255.255.10 (internal)


How do i configure RRAS so that the vpn clients will be able access resources on the local network even with a different subnet. I tried putting a static route in IPv4:
Destination: 10.255.255.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.100.11 (IP address of the VPN Server)

I am sure this is not correct because its not working.

I appreciate any help.
Comment
Watch Question

"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Yes - the clients get 10.255.255.0/24 address and yes, the "use remote gateway" option is not checked. and Finally, we have a dedicated gateway (SW firewall) for 192.168.100.0 network and its not the RRAS Server.

"Choices are either to set the route for 10.255.255.0/24 using 192.168.100.11 on the default gateway" - will i be setting this in the IPv4 Static Routes Section? because that's what i did first and it didnt work. i thought by putting it there.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
As said, you need both steps - setting the additional route on VPN client and setting the VPN route on the default gateway. Yes, "static Routes" section should be correct.

Author

Commented:
Sorry, i forgot to mention. i added the static route in the RRAS server for 10.255.255.0/24 with DG 192.168.100.11 and added a route on the client to the 192.168.100.0 network with DG 192.168.100.11.
here is the routing table on the client:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.31.1    172.16.31.233     25
         10.0.0.0        255.0.0.0    10.255.255.11    10.255.255.12     21
    10.255.255.12  255.255.255.255         On-link     10.255.255.12    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.31.0    255.255.255.0         On-link     172.16.31.233    281
    172.16.31.233  255.255.255.255         On-link     172.16.31.233    281
    172.16.31.255  255.255.255.255         On-link     172.16.31.233    281
   173.220.158.58  255.255.255.255      172.16.31.1    172.16.31.233     26
    192.168.100.0    255.255.255.0   192.168.100.51    172.16.31.233     26
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.16.31.233    281
        224.0.0.0        240.0.0.0         On-link     10.255.255.12    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.16.31.233    281
  255.255.255.255  255.255.255.255         On-link     10.255.255.12    276
===========================================================================
Persistent Routes:
  None

and the routing table in RRAS:
Destination      Net Mask              Gateway                     Interface
0.0.0.0               0.0.0.0                   192.168.100.254       Local Area Connection
10.255.255.0    255.255.255.0      192.168.100.11         Local Area Connection

Is this what its supposed to be?

Author

Commented:
with the above routes in place. Doing a tracert on the client shows the first hop is sent to 0.0.0.0 address.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Again:
don't add a route to RRAS
add the route to the client - done
add a route to either the default gateway on LAN or each LAN device.

Author

Commented:
Qlemo - Sorry for misunderstanding your previous instruction. Its working now and here are some changes i made.

1. I had to change the IP subnet to 192.168.255.0/24 because i was getting a /8 network when i use 10.255.255.0 although i intended use /24 - no biggie.
2. added a route to 192.168.100.0/24 to the client using the 192.168.255.11 as the gateway.
3. added a route in the default gateway of the 192.168.100.0 network to 192.168.255.0 network.

Thank you for pointing me to the right direction.

extra request - i am trying to use CMAK to automate the creation/distribution of the connection and route. Any suggestion? i am get having an issue when it tries to create the route - Custom script (to update your routing table) failed (8007000b).
 - i have this command in the route file - ADD 192.168.0.0 MASK 255.255.255.0 default METRIC default IF default
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
ADD 192.168.0.0   is certainly a typo - should be   ADD 192.168.100.0
I've no experience with CMAK, but I guess the IF default is the issue. Try if you can get a log of which route is tried to set for starters.

Author

Commented:
:) sorry. it is indeed a typo. i had it the right way on the actual command. Thanks again!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.