Solved

VPN PPTP + different network address between server/client

Posted on 2015-01-23
13
235 Views
Last Modified: 2015-03-04
Hi,

I am trying to make a VPN PPTP connection to a remote server by using a different network to establish the connection. I want to use range 10.10.10.100 to 150, but I could not ping the IPs 192.168.2.x
I tryed to make a static route on the cliente side notebook: route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 but nothing pings..
What should I make to work?

NOTE: If I enable the DHCP on RRAS, the vpn works perfectly since the ip address that client connects is the same of the remote server network.

---------- SERVER SIDE ----------
Network range: 192.168.2.0/24

Ethernet Adapter:
IP  :     192.168.2.4
MSK: 255.255.255.0
GTW: 192.168.2.253 (linksys wireless router)
DNS: 192.168.2.2 (domain controller)

VPN internal interface in RRAS: 10.10.10.100

RRAS IPV4 PROPERTIES:
Configured: Static Adress Pool
From: 10.10.10.100
To: 10.10.10.150
Mask: 255.255.255.0

---------- CLIENT SIDE ----------

Network Range: 192.168.1.0/24

Ethernet Adapter:
IP: 192.168.1.200
GTW: 192.168.1.3
MSK: 255.255.255.0
DNS: 192.168.1.3

VPN ADAPTER SETTINGS:
I already disabled >> "Use default gateway in the remote network"
IP: 10.10.10.103
MASK: 255.255.255.255
DNS SERVER: 192.168.2.2

Thank you!
0
Comment
Question by:edu87
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
13 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40567874
on a pptp connection configuration you need to push the second network.
or the user needs to manually adde it

route add 192.168.2.0 mask 255.255.255.0 <VPN Assigned IP>
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40568529
You can either tick "Use remote gateway" in the client's RAS IP properties, which will redirect all traffic to the RRAS server; or add routes manually as noted above.

In addition to that, you have to set routing on the target side. Again there are two options:
On each device you need to reach, set the back route for 10.10.10.0 using 192.168.2.4 (RRAS).
Better: Just set the same route on the Linksys. As it is the default gateway on the server LAN, it is asked for all traffic to unknown networks.
0
 

Author Comment

by:edu87
ID: 40586252
I tryed puting the static route on the server and added a static route to the client computer, but didn't worked.
See the images please.

1.JPG2.JPG3.JPG4.JPGRoute Print - Client Computer
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 78

Expert Comment

by:arnold
ID: 40586681
192.168.43.85 is the default gateway based on
0.0.0.0 0.0.0.0 192.168.43.85

The output above does not reflect an IP 10.10.10.100

What is 192.168.56.1, 192.168.138.1 192.168.234.1

Your 192.168.2.0 entry is looking strange.  It says it is accessible via 10.10.10.100.

You also seem to have added a static route other the 192.168.43.85 interface.

You need to establish the VPN connection.
Identify the IP the VPN assigns.
then run on the command line
route add 192.168.2.0 mask 255.255.255.0 <VPN ASSIGNED IP>
and that should do it if this network is accessible from the VPN IP assigned. Make sure to delete the static route for the 192.168.2.0 that you added.
The one added on the command line, will be taken out when the VPN is disconnected.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40586709
And the route added on RRAS is useless, please remove it. I was talking about the target machine (e.g. another PC) or the default router (Linksys).
0
 

Author Comment

by:edu87
ID: 40589667
192.168.43.85 - Is the IP address of client machine
192.168.43.1 - Is the IP address of wireless router
192.168.56.1, 192.168.138.1 192.168.234.1 : is the IPs of VMware Workstation, Virtualbox interfaces that is installed on client machine. Ignore them.

10.10.10.100 = the IP address that the server assigned to the internal VPN interface on the server side
The command that I put in the client machine was:

route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 (where 10.10.10.100 is the internal interface of the server side, and didn't work)
than I removed this route and tryed this one:
route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 (where .106 is the IP that was in VPN interface after connect in the client side...and didn't work too)
0
 
LVL 78

Expert Comment

by:arnold
ID: 40589876
what kind of VPN are you using, CISCO client?
The VPN server might not allow your IP access to the additional IP RANGE.

You can add as many routes, the VPN might not allow it in. The server may not allow it to pass to the other side.

Check with the Network admin/VPN server settings to see whether the 10.10.10.100 IP/segment is allowed to access 192.168.2.0/24 or whether traffic from 192.168.2.0/24 can return/access the 10.10.10.x network.
0
 

Author Comment

by:edu87
ID: 40590161
I am not using an application to connect the VPN, just using the normal connection that you can create in Network and Sharing Center.

I have checked the wireless router of the server side and the client side, and both are marked to allow the pass through of PPTP connections.

Nothing is blocking the 192.168.2.0 and 10.10.10.0

One thing that I checked on the client side, after I put the route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 and make a "tracert 192.168.2.4" it brings the response of 10.10.10.100" only.

And on the server side, applying the add route 192.168.1.0 mask 255.255.255.0 10.10.10.100 and after make a "tracert 192.168.1.3" it doesn´t bring any response.

192.168.1.0 - Is my home network lan address.
192.168.1.3 - My wireless router

I made a test with a Windows 7 and Windows 8.1 machine clients without antivirus installed, and no news.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40590226
The GUI static route is incorrect based on the image you posted.

The ip subnets you reference seem to cross purposes.
You reference in different portions 192.168.2.0/24 and 192.168.1.0/24.
0
 

Author Comment

by:edu87
ID: 40590876
Arnold,

Before making the final tests I had already removed the static route as Qlemo said before.

Even so I made a new attempt to static route through the GUI on the server leaving this way:

Destination 192.168.1.0
Mask: 255.255.255.0
Gateway 10.10.10.100

And didn´t work too
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40590923
It he static route will only work where there is no restriction on the VPN server/remote LAN
You can have a dynamic routing rule when the VPN/username where it sets what networks are accessible.
The remote firewall has rules which segments can be accessed from which segments, and the VPN IP you have is not part of the ones allowed access to the 192.168.1.0/24 nor the 192.168.2.0/24 segment.

You should raise this issue with those who administer/manage your VPN server end.
Bring them the information that you get an IP in the 10.10.10.100-106 range and they will be able to check whether this IP is permitted to access the segments you need access to, or they will adjust the rule in your username to assign you an ip that has those rights at which point the addition of the static route will work with a new VPN IP or with those you were previously assigned.

All that can be done here is make the suggestion we have. Under different circumstances it should have work.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40640079
I'm not sure I understand why you accepted http:#a40590923 !?
0
 

Author Comment

by:edu87
ID: 40645949
The Ip range 10.10.10.100 was being blocked by Kaspersky antivirus.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question