I've got a Server 2012 R2 VPN server setup, and it works great except for the fact that clients connected to it have trouble browsing the web, or just generally accessing most things outside of our corporate LAN. Let me say in advance that corporate policy dictates that VPN clients have to use the default gateway on the remote network, so we can't simply disable that setting to fix the issue.
The symptoms are this: VPN clients aren't able to browse anything on the web, with a few weird exceptions like Google, and one or two other random websites. Everything else times out. Name resolution works fine- I do an nslookup on one of the clients, I get answers instantly. If I do a tracert to one of the websites I can't reach, all traffic hits our VPN server as the first hop, then dies. If I watch this process on our corporate firewall, I don't see any traffic going from the VPN client out to the internet. Networking seems to mostly be fine on the VPN server- I can browse the web and everything, but for some reason if I do a tracert anywhere outside the network, everything times out.
We've tried a couple different network configurations on the VPN server. We've got two NICs, one pointed to the corporate LAN, one pointed to the DMZ. Currently we have a static IPs and default gateways configured on both NICs, and we've gone back and forth between two different configurations otherwise: one scenario where the internal LAN NIC is accessed first, and both NICs are configured with DNS servers, and one where the DMZ NIC is configured to be used first, but does not have any DNS servers configured. Both configurations seem to work for our purposes, but we're seeing the same problem with clients being unable to browse the internet with both.
The Windows Firewall is disabled for the internal LAN connection, but enabled for the DMZ connection. I haven't opened any ports in particular on the firewall, however.
I've tried several different encryption/authentication combinations, and I see the same behavior with all of them.
The clients that are connecting to this server are either Windows 7 or Windows 8.1, if that makes a difference, and we're seeing the same behavior on all of them.