[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

VPN PPTP + different network address between server/client

Posted on 2015-01-23
13
Medium Priority
?
247 Views
Last Modified: 2015-03-04
Hi,

I am trying to make a VPN PPTP connection to a remote server by using a different network to establish the connection. I want to use range 10.10.10.100 to 150, but I could not ping the IPs 192.168.2.x
I tryed to make a static route on the cliente side notebook: route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 but nothing pings..
What should I make to work?

NOTE: If I enable the DHCP on RRAS, the vpn works perfectly since the ip address that client connects is the same of the remote server network.

---------- SERVER SIDE ----------
Network range: 192.168.2.0/24

Ethernet Adapter:
IP  :     192.168.2.4
MSK: 255.255.255.0
GTW: 192.168.2.253 (linksys wireless router)
DNS: 192.168.2.2 (domain controller)

VPN internal interface in RRAS: 10.10.10.100

RRAS IPV4 PROPERTIES:
Configured: Static Adress Pool
From: 10.10.10.100
To: 10.10.10.150
Mask: 255.255.255.0

---------- CLIENT SIDE ----------

Network Range: 192.168.1.0/24

Ethernet Adapter:
IP: 192.168.1.200
GTW: 192.168.1.3
MSK: 255.255.255.0
DNS: 192.168.1.3

VPN ADAPTER SETTINGS:
I already disabled >> "Use default gateway in the remote network"
IP: 10.10.10.103
MASK: 255.255.255.255
DNS SERVER: 192.168.2.2

Thank you!
0
Comment
Question by:edu87
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
13 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 40567874
on a pptp connection configuration you need to push the second network.
or the user needs to manually adde it

route add 192.168.2.0 mask 255.255.255.0 <VPN Assigned IP>
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40568529
You can either tick "Use remote gateway" in the client's RAS IP properties, which will redirect all traffic to the RRAS server; or add routes manually as noted above.

In addition to that, you have to set routing on the target side. Again there are two options:
On each device you need to reach, set the back route for 10.10.10.0 using 192.168.2.4 (RRAS).
Better: Just set the same route on the Linksys. As it is the default gateway on the server LAN, it is asked for all traffic to unknown networks.
0
 

Author Comment

by:edu87
ID: 40586252
I tryed puting the static route on the server and added a static route to the client computer, but didn't worked.
See the images please.

1.JPG2.JPG3.JPG4.JPGRoute Print - Client Computer
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 80

Expert Comment

by:arnold
ID: 40586681
192.168.43.85 is the default gateway based on
0.0.0.0 0.0.0.0 192.168.43.85

The output above does not reflect an IP 10.10.10.100

What is 192.168.56.1, 192.168.138.1 192.168.234.1

Your 192.168.2.0 entry is looking strange.  It says it is accessible via 10.10.10.100.

You also seem to have added a static route other the 192.168.43.85 interface.

You need to establish the VPN connection.
Identify the IP the VPN assigns.
then run on the command line
route add 192.168.2.0 mask 255.255.255.0 <VPN ASSIGNED IP>
and that should do it if this network is accessible from the VPN IP assigned. Make sure to delete the static route for the 192.168.2.0 that you added.
The one added on the command line, will be taken out when the VPN is disconnected.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40586709
And the route added on RRAS is useless, please remove it. I was talking about the target machine (e.g. another PC) or the default router (Linksys).
0
 

Author Comment

by:edu87
ID: 40589667
192.168.43.85 - Is the IP address of client machine
192.168.43.1 - Is the IP address of wireless router
192.168.56.1, 192.168.138.1 192.168.234.1 : is the IPs of VMware Workstation, Virtualbox interfaces that is installed on client machine. Ignore them.

10.10.10.100 = the IP address that the server assigned to the internal VPN interface on the server side
The command that I put in the client machine was:

route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 (where 10.10.10.100 is the internal interface of the server side, and didn't work)
than I removed this route and tryed this one:
route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 (where .106 is the IP that was in VPN interface after connect in the client side...and didn't work too)
0
 
LVL 80

Expert Comment

by:arnold
ID: 40589876
what kind of VPN are you using, CISCO client?
The VPN server might not allow your IP access to the additional IP RANGE.

You can add as many routes, the VPN might not allow it in. The server may not allow it to pass to the other side.

Check with the Network admin/VPN server settings to see whether the 10.10.10.100 IP/segment is allowed to access 192.168.2.0/24 or whether traffic from 192.168.2.0/24 can return/access the 10.10.10.x network.
0
 

Author Comment

by:edu87
ID: 40590161
I am not using an application to connect the VPN, just using the normal connection that you can create in Network and Sharing Center.

I have checked the wireless router of the server side and the client side, and both are marked to allow the pass through of PPTP connections.

Nothing is blocking the 192.168.2.0 and 10.10.10.0

One thing that I checked on the client side, after I put the route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 and make a "tracert 192.168.2.4" it brings the response of 10.10.10.100" only.

And on the server side, applying the add route 192.168.1.0 mask 255.255.255.0 10.10.10.100 and after make a "tracert 192.168.1.3" it doesn´t bring any response.

192.168.1.0 - Is my home network lan address.
192.168.1.3 - My wireless router

I made a test with a Windows 7 and Windows 8.1 machine clients without antivirus installed, and no news.
0
 
LVL 80

Expert Comment

by:arnold
ID: 40590226
The GUI static route is incorrect based on the image you posted.

The ip subnets you reference seem to cross purposes.
You reference in different portions 192.168.2.0/24 and 192.168.1.0/24.
0
 

Author Comment

by:edu87
ID: 40590876
Arnold,

Before making the final tests I had already removed the static route as Qlemo said before.

Even so I made a new attempt to static route through the GUI on the server leaving this way:

Destination 192.168.1.0
Mask: 255.255.255.0
Gateway 10.10.10.100

And didn´t work too
0
 
LVL 80

Accepted Solution

by:
arnold earned 2000 total points
ID: 40590923
It he static route will only work where there is no restriction on the VPN server/remote LAN
You can have a dynamic routing rule when the VPN/username where it sets what networks are accessible.
The remote firewall has rules which segments can be accessed from which segments, and the VPN IP you have is not part of the ones allowed access to the 192.168.1.0/24 nor the 192.168.2.0/24 segment.

You should raise this issue with those who administer/manage your VPN server end.
Bring them the information that you get an IP in the 10.10.10.100-106 range and they will be able to check whether this IP is permitted to access the segments you need access to, or they will adjust the rule in your username to assign you an ip that has those rights at which point the addition of the static route will work with a new VPN IP or with those you were previously assigned.

All that can be done here is make the suggestion we have. Under different circumstances it should have work.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40640079
I'm not sure I understand why you accepted http:#a40590923 !?
0
 

Author Comment

by:edu87
ID: 40645949
The Ip range 10.10.10.100 was being blocked by Kaspersky antivirus.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question