Solved

VPN PPTP + different network address between server/client

Posted on 2015-01-23
13
210 Views
Last Modified: 2015-03-04
Hi,

I am trying to make a VPN PPTP connection to a remote server by using a different network to establish the connection. I want to use range 10.10.10.100 to 150, but I could not ping the IPs 192.168.2.x
I tryed to make a static route on the cliente side notebook: route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 but nothing pings..
What should I make to work?

NOTE: If I enable the DHCP on RRAS, the vpn works perfectly since the ip address that client connects is the same of the remote server network.

---------- SERVER SIDE ----------
Network range: 192.168.2.0/24

Ethernet Adapter:
IP  :     192.168.2.4
MSK: 255.255.255.0
GTW: 192.168.2.253 (linksys wireless router)
DNS: 192.168.2.2 (domain controller)

VPN internal interface in RRAS: 10.10.10.100

RRAS IPV4 PROPERTIES:
Configured: Static Adress Pool
From: 10.10.10.100
To: 10.10.10.150
Mask: 255.255.255.0

---------- CLIENT SIDE ----------

Network Range: 192.168.1.0/24

Ethernet Adapter:
IP: 192.168.1.200
GTW: 192.168.1.3
MSK: 255.255.255.0
DNS: 192.168.1.3

VPN ADAPTER SETTINGS:
I already disabled >> "Use default gateway in the remote network"
IP: 10.10.10.103
MASK: 255.255.255.255
DNS SERVER: 192.168.2.2

Thank you!
0
Comment
Question by:edu87
  • 5
  • 5
  • 3
13 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 40567874
on a pptp connection configuration you need to push the second network.
or the user needs to manually adde it

route add 192.168.2.0 mask 255.255.255.0 <VPN Assigned IP>
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40568529
You can either tick "Use remote gateway" in the client's RAS IP properties, which will redirect all traffic to the RRAS server; or add routes manually as noted above.

In addition to that, you have to set routing on the target side. Again there are two options:
On each device you need to reach, set the back route for 10.10.10.0 using 192.168.2.4 (RRAS).
Better: Just set the same route on the Linksys. As it is the default gateway on the server LAN, it is asked for all traffic to unknown networks.
0
 

Author Comment

by:edu87
ID: 40586252
I tryed puting the static route on the server and added a static route to the client computer, but didn't worked.
See the images please.

1.JPG2.JPG3.JPG4.JPGRoute Print - Client Computer
0
 
LVL 76

Expert Comment

by:arnold
ID: 40586681
192.168.43.85 is the default gateway based on
0.0.0.0 0.0.0.0 192.168.43.85

The output above does not reflect an IP 10.10.10.100

What is 192.168.56.1, 192.168.138.1 192.168.234.1

Your 192.168.2.0 entry is looking strange.  It says it is accessible via 10.10.10.100.

You also seem to have added a static route other the 192.168.43.85 interface.

You need to establish the VPN connection.
Identify the IP the VPN assigns.
then run on the command line
route add 192.168.2.0 mask 255.255.255.0 <VPN ASSIGNED IP>
and that should do it if this network is accessible from the VPN IP assigned. Make sure to delete the static route for the 192.168.2.0 that you added.
The one added on the command line, will be taken out when the VPN is disconnected.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40586709
And the route added on RRAS is useless, please remove it. I was talking about the target machine (e.g. another PC) or the default router (Linksys).
0
 

Author Comment

by:edu87
ID: 40589667
192.168.43.85 - Is the IP address of client machine
192.168.43.1 - Is the IP address of wireless router
192.168.56.1, 192.168.138.1 192.168.234.1 : is the IPs of VMware Workstation, Virtualbox interfaces that is installed on client machine. Ignore them.

10.10.10.100 = the IP address that the server assigned to the internal VPN interface on the server side
The command that I put in the client machine was:

route add 192.168.2.0 mask 255.255.255.0 10.10.10.100 (where 10.10.10.100 is the internal interface of the server side, and didn't work)
than I removed this route and tryed this one:
route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 (where .106 is the IP that was in VPN interface after connect in the client side...and didn't work too)
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 76

Expert Comment

by:arnold
ID: 40589876
what kind of VPN are you using, CISCO client?
The VPN server might not allow your IP access to the additional IP RANGE.

You can add as many routes, the VPN might not allow it in. The server may not allow it to pass to the other side.

Check with the Network admin/VPN server settings to see whether the 10.10.10.100 IP/segment is allowed to access 192.168.2.0/24 or whether traffic from 192.168.2.0/24 can return/access the 10.10.10.x network.
0
 

Author Comment

by:edu87
ID: 40590161
I am not using an application to connect the VPN, just using the normal connection that you can create in Network and Sharing Center.

I have checked the wireless router of the server side and the client side, and both are marked to allow the pass through of PPTP connections.

Nothing is blocking the 192.168.2.0 and 10.10.10.0

One thing that I checked on the client side, after I put the route add 192.168.2.0 mask 255.255.255.0 10.10.10.106 and make a "tracert 192.168.2.4" it brings the response of 10.10.10.100" only.

And on the server side, applying the add route 192.168.1.0 mask 255.255.255.0 10.10.10.100 and after make a "tracert 192.168.1.3" it doesn´t bring any response.

192.168.1.0 - Is my home network lan address.
192.168.1.3 - My wireless router

I made a test with a Windows 7 and Windows 8.1 machine clients without antivirus installed, and no news.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40590226
The GUI static route is incorrect based on the image you posted.

The ip subnets you reference seem to cross purposes.
You reference in different portions 192.168.2.0/24 and 192.168.1.0/24.
0
 

Author Comment

by:edu87
ID: 40590876
Arnold,

Before making the final tests I had already removed the static route as Qlemo said before.

Even so I made a new attempt to static route through the GUI on the server leaving this way:

Destination 192.168.1.0
Mask: 255.255.255.0
Gateway 10.10.10.100

And didn´t work too
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40590923
It he static route will only work where there is no restriction on the VPN server/remote LAN
You can have a dynamic routing rule when the VPN/username where it sets what networks are accessible.
The remote firewall has rules which segments can be accessed from which segments, and the VPN IP you have is not part of the ones allowed access to the 192.168.1.0/24 nor the 192.168.2.0/24 segment.

You should raise this issue with those who administer/manage your VPN server end.
Bring them the information that you get an IP in the 10.10.10.100-106 range and they will be able to check whether this IP is permitted to access the segments you need access to, or they will adjust the rule in your username to assign you an ip that has those rights at which point the addition of the static route will work with a new VPN IP or with those you were previously assigned.

All that can be done here is make the suggestion we have. Under different circumstances it should have work.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40640079
I'm not sure I understand why you accepted http:#a40590923 !?
0
 

Author Comment

by:edu87
ID: 40645949
The Ip range 10.10.10.100 was being blocked by Kaspersky antivirus.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now