JOE-BULLITT
asked on
Need help properly configuring RRAS on Server 2012R2. It won't route!
Hello Experts!
Thank you for your kind assistance.
I am trying to deploy a Windows 2012R2 server with RRAS VPN and am having a bit of trouble and cannot figure out what is wrong. I searched the threads and I see others that had similar issues, but the solutions did not work for me.
(https://www.experts-exchange.com/questions/28480617/LAN-Routing-over-RRAS-VPN.html)
(https://www.experts-exchange.com/questions/26798399/RRAS-VPN-Routing-Problem.html)
The server is running and everything installed fine. The VPN client can connect, but it will not route anywhere in the same LAN as the Windows RRAS server. Through VPN, I can ping and RDP to the RRAS server via its private IP, but I cannot access any other servers in the same destination network.
My server installation has two NIC’s in two subnets and is running RRAS/VPN and DNS. I also tried with just one NIC and one subnet, another time using two NIC’s and one subnet, and now two NIC’s and two subnets. All unsuccessful.
Here is what I have so far…
Server Public IP: 10.1.0.100/24
Server Private IP: 10.1.1.100/24
Public Subnet: 10.1.0.0/24
Private Subnet: 10.1.1.0/24
Main Network: 10.1.0.0/16
DNS IP: 10.1.1.100/24 (DNS also listening on 10.1.0.100/24)
RRAS Server External IP: 10.1.0.100/24
RRAS Server Internal IP: 10.1.1.100/24
IPv4 address assignment using RRAS static pool: 10.1.1.101 – 10.1.1.120
IPv4 forwarding is enabled
Lan and Demand Dial routing is enabled
I can connect fine via VPN and I get an IP address, but I am unable to reach anything in the 10.1.1.x or 10.1.0.x network except the RRAS/VPN host itself.
Here are the results from the ipconfig on the client VPN adapter
PPP adapter vpn:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vpn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.1.0.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Here is the result from a tracert to the Public and Private NIC’s on the RRAS server itself:
>tracert 10.1.1.100
Tracing route to VPN [10.1.1.100] over a maximum of 30 hops:
1 86 ms 88 ms 84 ms VPN [10.1.1.101]
2 87 ms 90 ms 91 ms VPN [10.1.1.100]
>tracert 10.1.0.100
Tracing route to VPN [10.1.0.100] over a maximum of 30 hops:
1 101 ms * 89 ms VPN [10.1.1.101]
2 98 ms 97 ms 86 ms VPN [10.1.0.100]
I found it curious that my first hop was to the IP 10.1.1.101. Is this normal, or should it be configured somewhere?
Here is the result from a tracert to an IP in the subnet
>tracert 10.1.0.10
Tracing route to 10.1.0.10 over a maximum of 30 hops
1 92 ms * 90 ms VPN [10.1.1.101]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
Can someone please advise what I am missing, or what I should check? Thank you!!!
Thank you for your kind assistance.
I am trying to deploy a Windows 2012R2 server with RRAS VPN and am having a bit of trouble and cannot figure out what is wrong. I searched the threads and I see others that had similar issues, but the solutions did not work for me.
(https://www.experts-exchange.com/questions/28480617/LAN-Routing-over-RRAS-VPN.html)
(https://www.experts-exchange.com/questions/26798399/RRAS-VPN-Routing-Problem.html)
The server is running and everything installed fine. The VPN client can connect, but it will not route anywhere in the same LAN as the Windows RRAS server. Through VPN, I can ping and RDP to the RRAS server via its private IP, but I cannot access any other servers in the same destination network.
My server installation has two NIC’s in two subnets and is running RRAS/VPN and DNS. I also tried with just one NIC and one subnet, another time using two NIC’s and one subnet, and now two NIC’s and two subnets. All unsuccessful.
Here is what I have so far…
Server Public IP: 10.1.0.100/24
Server Private IP: 10.1.1.100/24
Public Subnet: 10.1.0.0/24
Private Subnet: 10.1.1.0/24
Main Network: 10.1.0.0/16
DNS IP: 10.1.1.100/24 (DNS also listening on 10.1.0.100/24)
RRAS Server External IP: 10.1.0.100/24
RRAS Server Internal IP: 10.1.1.100/24
IPv4 address assignment using RRAS static pool: 10.1.1.101 – 10.1.1.120
IPv4 forwarding is enabled
Lan and Demand Dial routing is enabled
I can connect fine via VPN and I get an IP address, but I am unable to reach anything in the 10.1.1.x or 10.1.0.x network except the RRAS/VPN host itself.
Here are the results from the ipconfig on the client VPN adapter
PPP adapter vpn:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vpn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.1.0.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Here is the result from a tracert to the Public and Private NIC’s on the RRAS server itself:
>tracert 10.1.1.100
Tracing route to VPN [10.1.1.100] over a maximum of 30 hops:
1 86 ms 88 ms 84 ms VPN [10.1.1.101]
2 87 ms 90 ms 91 ms VPN [10.1.1.100]
>tracert 10.1.0.100
Tracing route to VPN [10.1.0.100] over a maximum of 30 hops:
1 101 ms * 89 ms VPN [10.1.1.101]
2 98 ms 97 ms 86 ms VPN [10.1.0.100]
I found it curious that my first hop was to the IP 10.1.1.101. Is this normal, or should it be configured somewhere?
Here is the result from a tracert to an IP in the subnet
>tracert 10.1.0.10
Tracing route to 10.1.0.10 over a maximum of 30 hops
1 92 ms * 90 ms VPN [10.1.1.101]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
Can someone please advise what I am missing, or what I should check? Thank you!!!
ASKER
Thank you very much for your feedback and advice!
To make the environment less complex I installed a new copy of 2012R2 and RRAS using just one NIC. Naturally, the issue is still present. :-(
I think the problem is that VPN, or DHCP, is not providing the proper network mask. On my server and in DHCP the network mask is 255.255.255.0. But my VPN connection always gives me 255.255.255.255.
I can RDP and access the VPN host while on the VPN connection, but I cannot access any other resources in the subnet.
How can I force VPN to give the client a different network mask?
Here’s the ipconfig of each:
SERVER -> PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
SERVER -> Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AWS PV Network Device #0
Physical Address. . . . . . . . . : <removed>
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : <removed>(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.0.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.0.1
DNS Servers . . . . . . . . . . . : 10.1.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
CLIENT -> PPP adapter vpn:
Connection-specific DNS Suffix . : mydomain.net
Description . . . . . . . . . . . : vpn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.209(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.1.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Thanks!
--Joe
To make the environment less complex I installed a new copy of 2012R2 and RRAS using just one NIC. Naturally, the issue is still present. :-(
I think the problem is that VPN, or DHCP, is not providing the proper network mask. On my server and in DHCP the network mask is 255.255.255.0. But my VPN connection always gives me 255.255.255.255.
I can RDP and access the VPN host while on the VPN connection, but I cannot access any other resources in the subnet.
How can I force VPN to give the client a different network mask?
Here’s the ipconfig of each:
SERVER -> PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
SERVER -> Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AWS PV Network Device #0
Physical Address. . . . . . . . . : <removed>
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : <removed>(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.0.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.0.1
DNS Servers . . . . . . . . . . . : 10.1.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
CLIENT -> PPP adapter vpn:
Connection-specific DNS Suffix . : mydomain.net
Description . . . . . . . . . . . : vpn
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.0.209(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.1.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Thanks!
--Joe
It is normal that you have that netmask on the dial-in client. More important is the routing table (route print 10.1.*).
ASKER
Thanks very much for your help Qlemo!
Here is the route print for 10.1.* on both the client and the server. If you would kindly review this and see if it is telling, I would sure appreciate it. :-) I'm afraid I'm really stumped here.
CLIENT-> route print 10.1.*
========================== ========== ========== ========== ========== =========
Interface List
5...f8 16 54 06 49 6b ......Microsoft Wi-Fi Direct Virtual Adapter
3...fa 16 54 06 49 6a ......Microsoft Hosted Network Virtual Adapter
43........................ ...vpn
2...f8 16 54 06 49 6a ......Intel(R) Dual Band Wireless-AC 7260
1......................... ..Software Loopback Interface 1
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
========================== ========== ========== ========== ========== =========
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.1.0.0 255.255.255.0 On-link 10.1.0.209 11
10.1.0.209 255.255.255.255 On-link 10.1.0.209 266
10.1.0.255 255.255.255.255 On-link 10.1.0.209 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
IPv6 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
None
Persistent Routes:
None
************************** ********** ********** ********** ********** *********
SERVER-> route print 10.1.*
========================== ========== ========== ========== ========== =========
Interface List
26........................ ...RAS (Dial In) Interface
12...0e ac 9d 71 09 f3 ......AWS PV Network Device #0
1......................... ..Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
========================== ========== ========== ========== ========== =========
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.1.0.0 255.255.255.0 On-link 10.1.0.200 266
10.1.0.200 255.255.255.255 On-link 10.1.0.200 266
10.1.0.209 255.255.255.255 10.1.0.209 10.1.0.210 31
10.1.0.210 255.255.255.255 On-link 10.1.0.210 286
10.1.0.255 255.255.255.255 On-link 10.1.0.200 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
IPv6 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
None
Persistent Routes:
None
Here is the route print for 10.1.* on both the client and the server. If you would kindly review this and see if it is telling, I would sure appreciate it. :-) I'm afraid I'm really stumped here.
CLIENT-> route print 10.1.*
==========================
Interface List
5...f8 16 54 06 49 6b ......Microsoft Wi-Fi Direct Virtual Adapter
3...fa 16 54 06 49 6a ......Microsoft Hosted Network Virtual Adapter
43........................
2...f8 16 54 06 49 6a ......Intel(R) Dual Band Wireless-AC 7260
1.........................
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.1.0.0 255.255.255.0 On-link 10.1.0.209 11
10.1.0.209 255.255.255.255 On-link 10.1.0.209 266
10.1.0.255 255.255.255.255 On-link 10.1.0.209 266
==========================
Persistent Routes:
None
IPv6 Route Table
==========================
Active Routes:
None
Persistent Routes:
None
**************************
SERVER-> route print 10.1.*
==========================
Interface List
26........................
12...0e ac 9d 71 09 f3 ......AWS PV Network Device #0
1.........................
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.1.0.0 255.255.255.0 On-link 10.1.0.200 266
10.1.0.200 255.255.255.255 On-link 10.1.0.200 266
10.1.0.209 255.255.255.255 10.1.0.209 10.1.0.210 31
10.1.0.210 255.255.255.255 On-link 10.1.0.210 286
10.1.0.255 255.255.255.255 On-link 10.1.0.200 266
==========================
Persistent Routes:
None
IPv6 Route Table
==========================
Active Routes:
None
Persistent Routes:
None
As I expected, the client gets a 10.1.0.0/24 route. With that you should be able to reach any machine in that subnet (10.1.0.x).
ASKER
I don 't know what to try next...
The problem is clearly routing. I can connect to the VPN server and also RDP to it just fine, but no matter what I cannot route to any other system in the subnet. My tracert goes to the VPN host and that's it.
It is unclear if I need to add a static route in RRAS on the VPN server, or on the VPN client. But it is pretty clear that I need to add the route(s) somewhere.
The problem is clearly routing. I can connect to the VPN server and also RDP to it just fine, but no matter what I cannot route to any other system in the subnet. My tracert goes to the VPN host and that's it.
It is unclear if I need to add a static route in RRAS on the VPN server, or on the VPN client. But it is pretty clear that I need to add the route(s) somewhere.
ASKER
If someone would please take a look at my routing again, I'd sure appreciate it!
Here is the IPv4 Route Table from my existing OpenVPN client connection, which I am trying to replace with the new Windows 2012R2 RRAS VPN server.
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 20
10.0.0.0 255.0.0.0 10.255.0.1 10.255.0.12 20
10.1.0.0 255.255.0.0 10.255.0.1 10.255.0.12 20
10.255.0.0 255.255.0.0 On-link 10.255.0.12 276
10.255.0.0 255.255.0.0 10.255.0.1 10.255.0.12 20
10.255.0.12 255.255.255.255 On-link 10.255.0.12 276
10.255.255.255 255.255.255.255 On-link 10.255.0.12 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.18 276
192.168.1.18 255.255.255.255 On-link 192.168.1.18 276
192.168.1.255 255.255.255.255 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.255.0.12 276
224.0.0.0 240.0.0.0 On-link 192.168.1.18 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.255.0.12 276
255.255.255.255 255.255.255.255 On-link 192.168.1.18 276
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
========================== ========== ========== ========== ========== =========
And here is the IPv4 Route Table from my new Windows 2012R2 RRAS VPN client connection, which won't route anywhere beyond the host I connect to.
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 20
10.0.0.0 255.0.0.0 10.255.0.201 10.255.0.202 11
10.1.0.0 255.255.0.0 On-link 10.255.0.202 11
10.1.255.255 255.255.255.255 On-link 10.255.0.202 266
10.255.0.0 255.255.0.0 On-link 10.255.0.202 11
10.255.0.202 255.255.255.255 On-link 10.255.0.202 266
10.255.255.255 255.255.255.255 On-link 10.255.0.202 266
52.71.137.102 255.255.255.255 192.168.1.1 192.168.1.18 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.18 276
192.168.1.18 255.255.255.255 On-link 192.168.1.18 276
192.168.1.255 255.255.255.255 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 10.255.0.202 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.18 276
255.255.255.255 255.255.255.255 On-link 10.255.0.202 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
None
========================== ========== ========== ========== ========== =========
If it helps, here is the IPv4 Route Table from the new Windows 2012R2 RRAS Server itself.
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.0.1 10.1.0.200 266
10.1.0.0 255.255.255.0 On-link 10.1.0.200 266
10.1.0.200 255.255.255.255 On-link 10.1.0.200 266
10.1.0.255 255.255.255.255 On-link 10.1.0.200 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.169.250 255.255.255.255 10.1.0.1 10.1.0.200 10
169.254.169.251 255.255.255.255 10.1.0.1 10.1.0.200 10
169.254.169.254 255.255.255.255 10.1.0.1 10.1.0.200 10
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.0.200 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.0.200 266
========================== ========== ========== ========== ========== =========
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.0.1 Default
========================== ========== ========== ========== ========== =========
Here is the IPv4 Route Table from my existing OpenVPN client connection, which I am trying to replace with the new Windows 2012R2 RRAS VPN server.
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 20
10.0.0.0 255.0.0.0 10.255.0.1 10.255.0.12 20
10.1.0.0 255.255.0.0 10.255.0.1 10.255.0.12 20
10.255.0.0 255.255.0.0 On-link 10.255.0.12 276
10.255.0.0 255.255.0.0 10.255.0.1 10.255.0.12 20
10.255.0.12 255.255.255.255 On-link 10.255.0.12 276
10.255.255.255 255.255.255.255 On-link 10.255.0.12 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.18 276
192.168.1.18 255.255.255.255 On-link 192.168.1.18 276
192.168.1.255 255.255.255.255 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.255.0.12 276
224.0.0.0 240.0.0.0 On-link 192.168.1.18 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.255.0.12 276
255.255.255.255 255.255.255.255 On-link 192.168.1.18 276
==========================
Persistent Routes:
None
==========================
And here is the IPv4 Route Table from my new Windows 2012R2 RRAS VPN client connection, which won't route anywhere beyond the host I connect to.
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 20
10.0.0.0 255.0.0.0 10.255.0.201 10.255.0.202 11
10.1.0.0 255.255.0.0 On-link 10.255.0.202 11
10.1.255.255 255.255.255.255 On-link 10.255.0.202 266
10.255.0.0 255.255.0.0 On-link 10.255.0.202 11
10.255.0.202 255.255.255.255 On-link 10.255.0.202 266
10.255.255.255 255.255.255.255 On-link 10.255.0.202 266
52.71.137.102 255.255.255.255 192.168.1.1 192.168.1.18 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.18 276
192.168.1.18 255.255.255.255 On-link 192.168.1.18 276
192.168.1.255 255.255.255.255 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.18 276
224.0.0.0 240.0.0.0 On-link 10.255.0.202 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.18 276
255.255.255.255 255.255.255.255 On-link 10.255.0.202 266
==========================
Persistent Routes:
None
==========================
If it helps, here is the IPv4 Route Table from the new Windows 2012R2 RRAS Server itself.
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.0.1 10.1.0.200 266
10.1.0.0 255.255.255.0 On-link 10.1.0.200 266
10.1.0.200 255.255.255.255 On-link 10.1.0.200 266
10.1.0.255 255.255.255.255 On-link 10.1.0.200 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.169.250 255.255.255.255 10.1.0.1 10.1.0.200 10
169.254.169.251 255.255.255.255 10.1.0.1 10.1.0.200 10
169.254.169.254 255.255.255.255 10.1.0.1 10.1.0.200 10
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.0.200 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.0.200 266
==========================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.0.1 Default
==========================
ASKER
After several different configuration attempts the only way I could get it to work in my environment was to also enable NAT on RRAS. It just wouldn't work in my environment without NAT.
Thanks for the help Qlemo.
Thanks for the help Qlemo.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for JOE-BULLITT's comment #a41483238
for the following reason:
I've configured VPN before without NAT, but this time it was the only way to get it to work.
Accepted answer: 0 points for JOE-BULLITT's comment #a41483238
for the following reason:
I've configured VPN before without NAT, but this time it was the only way to get it to work.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you Qlemo.
Having said that, it is probably not the culprit.
Re first hop being the VPN client IP, that is correct or not, depening on the definition, but it is better this way, to account for additional "cost" to transfer data via a slow/high latency link. So nothing to worry about.
I'm expecting tracert to show exactly two nodes only: Source and target. It doesn't help hence. You do not know if the target does not reply, or reply using a route, or whatsoever. To know that for sure you have to use MS NetMon or WireShark or another network capturing application on the RRAS server and the target machine with an IP address filter set to the VPN client IP, then perform a ping from your VPN client to the target, and see what is captured.