RDP Over VPN

I recently added a VPN to my office PC and I'm learning the ropes. I've learned to use route add x.x.x.x 192.168.0.1 to add special website/server connections to bypass the VPN.  And I've figured out that to access our remote servers at a colo, I need to use their public IP. A confusing situation is that I was expecting problems RDP'ing (Windows 7's Remote Desktop) to local PC's on our local network (BOT-PC that runs Scheduled Tasks and HOLD-PC that runs our phone system hold music). I can for some reason connect to the HOLD-PC (maybe I've forgotten having added a route but I don't know how to check that). When I attempt to connect to the BOT-PC I get what I was expecting:  "cannot connect". Where do we begin?
slamondAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bas2754Commented:
A full network diagram with IP addresses, endpoints, routes, and VPN addresses would probably be needed to start with.  You are asking for a lot and we just don't have enough information from the above to make it happen.

Change your real IP's to fake ones in the diagram to keep your info private.
0
Kash2nd Line EngineerCommented:
your question is ambiguous.

one thing to make sure, that both office and the other site you are connecting are NOT on the same subnet as you won't be able to connect otherwise.

Post details and people will guide you.
0
slamondAuthor Commented:
I've done IPCONFIG/ALL for each device in the puzzle, sans the servers.
Let me know if you need more and specifically how to get the info.
RDPoverVPN-090415.txt
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The IPConfig dumps show that you use the same network on SLAMOND-PC (192.168.0.115/24) and on the other PCs.
And that you use a TAP-based VPN. But no route info, no info about the infrastructure, and nothing about which VPN you use (my guess is OpenVPN). And why did you obfuscate the TAP IPs? Why public DNS servers on SLAMOND-PC? I also have no clue what you want say with

I've learned to use route add x.x.x.x 192.168.0.1 to add special website/server connections to bypass the VPN.  And I've figured out that to access our remote servers at a colo, I need to use their public IP.
as that sounds straight wrong.
0
Kash2nd Line EngineerCommented:
you are using same 192.168.0.0/24 network on both ends hence why your vpn isn't working.
you need to change preferrably your IP subnet to some other i.: 192.168.10.0/24.

It is a very common issue which I have seen before.
0
slamondAuthor Commented:
After drawing this very crude diagram of my situation, it's likely not a VPN issue at all. When I ping 0.102 I get a reply (hold-pc to which RDP works) but 0.11 does not reply to ping (bot-pc).

I'm thinking the ping clue hold the key.
CrudeNetwork.pdf
0
Kash2nd Line EngineerCommented:
The easiest way to find out if its your network or not would be to try it from a network where you are not getting same IP settings.

Or backup your router config (if thats doing DHCP), change IP range, test. if it fixes the issue then you know it is and if not, restore the config back.
0
slamondAuthor Commented:
Kash, I didn't really understand what you wrote. But I've added more information to my chicken-scratch network. Notably, that my understanding is that the Gateway is the Comcast modem. And that we have two servers (actually 3 including an unlisted email server) in a colo. It's NOT clear to me where that VPN line should be. WHen I first attempted RDP into our bordents2 it failed until I learned that I had to use the public IP. This is where I had assumed that every connection to every device is being done from my slamond-pc over the VPN. But then how am I able to connect to the hold-pc using its local IP 0.102?
CrudeNetwork2.pdf
0
slamondAuthor Commented:
I'm leaning towards this being a Windows7 security issue (I joke that Windows7 was designed so that no one can use it except hackers). When I attempt to map a drive to a share on the troubled, non-pinging bot-pc I get Error # 0x80070043.
0
slamondAuthor Commented:
I fixed it by Googling the error code. It is essentially a registry edit and group policy edit.
The registry edit fixed the mapping issue and the group policy edit fixed the RDP connection.

Summary: Users receive error message 0x80070043 - the network name cannot be found error while connecting through Mapped drive or setting up Mapped drive.

Symptoms: The Windows cannot find the network name

Error message: message 0x80070043 - the network name cannot be found

Steps: We need to edit the below given registry entry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder]

Steps to edit them as follows: (Presuming that the user is a local admin on the machine)

Click Start, click Run, type regedit, and then click OK. (Note: - For non-admin users, please use Run as Administrator on Regedit)
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\NetworkProvider\HwOrder\
On the right hand side of the window, right click on the Dword ProviderOrder and click modify
Make sure to remove the given values within Value data: and enter the below given values: WDNP32,SnacNp,RDPNP,LanmanWorkstation,webclient
           Once done, please click on OK.


Click start,click run, type gpedit.msc
Expand Local Computer Policy\Computer Configuration\Administrative Templates\System\logon.
In the results pane, right-click Always wait for the network at computer startup and logon, and then click Properties.
Click Enabled, and then click OK.
Restart the Workstation
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.