We help IT Professionals succeed at work.

RRAS computer has too many IP addresses

sglee
sglee asked
on
504 Views
Last Modified: 2017-03-13
DHCP ServerRRASNetwork AdaptersHi,IP Config in VPN Server
 I have set up a VPN Server (running WIndows 2012R2 in VMware Virutial Server). In network adapter settings, I have two network adapters - one that has internal static IP address: 192.168.1.90 and another one that has public static IP adress: 64.xxx.xxx.xxx.
 When I open DHCP server in Domain Controller, I see 10 ip addresses under the name VPN.domain.local. When I ping those IP addresses, there are no replies. When I do NSLOOKUP on those, it says "DC1.domain.local can't find 192.168.1.104: Non-existent domain.
I can ping 192.168.1.90 because I assigned this IP to the LAN side network adapter.
(1)  Who created these 10 IP addresses? Are they necessary?
(2) In RRAS/IPv4/General seciton, I see Ethernet1 for LAN(192.168.1.90) and Ethernet0 for WAN (64.x.x.x). I also see Internal (192.168.1.137)? When I ping this IP address, I get replies, but when I do NSLOOKUP, it returns nothing. However when I do IPCONFIG in VPN server, I see 192.168.1.137 is tied to PP adapter RAS (dial In) Interface. Is this by design and therefore necessary?

Thanks.
Comment
Watch Question

Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Those IPs was assigned by your DHCP server and because lease time is long in your DHCP configuration then you see them in RRAS console.
Just go to DHCP configuration right click on your scope and change setting for Lease duration for DHCP clients.

I think 8 hours is enough

Capture.JPG

Author

Commented:
I have 8 hours in duration already in my DHCP server.DHCP Duration
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
one connection is getting IP for 3 or more minimports --> That makes perfect sense.
In fact I was testing L2TP VPN connection last night and it is possible that other authorized users MIGHT have connected.

Author

Commented:
Would these IP address assignment temporary? Would these disappear eventually from DHCP server?
CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Yes, this is only temporary. You'll see that long like your lease time is.
CERTIFIED EXPERT
Top Expert 2013

Commented:
The base 10 are not temporary, they will remain indefinitely.

You can manualy delete them by right clicking on them and choose delete, but as soon as 1 user reconnects via VPN 10 will re-appear.

Author

Commented:
IP address assignmentPortsI cut the number of ports down.
When the user makes the connection to VPN server, it assigns 10.0.0.200-205. Why does DHCP server assign internal 192.168.1.x numbers? What is the purpose for that? Since RRAS gives out 10.0.0.x number to remote device, why is it necessary for DHCP server to assign this many internal IPs?
CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
@Rob,
You are correct. I ended up selecting DHCP. Now looking back, the reason I changed it to DHCP instead of static (10.x.x.x) was because static IP option did not work well (or the article that I followed when creating LT2P VPN did choose DHCP).
Having said that, if you have set up L2TP VPN previously, what method did you choose? Pros and  Cons?
CERTIFIED EXPERT
Top Expert 2013

Commented:
I have not set up L2TP, I prefer to use a VPN appliance/router rather than a server so authentication is at the perimeter of the network and proper IPsec.

However, the issue would have likely been routing, not L2TP related.  When you use a different a second subnet you have to enable routing between them.  You should be able to do so by going to:  RRAS | properties of server name | General | Check the radio icons for "IPv4 routing" & "LAN and demand dial routing."

Author

Commented:
Routing"LAN and demand dial routing" was already checked.
I will enable Static IP (10.x.x.x)  temporarily to see what happens when the VPN connection is made. I will report back.
CERTIFIED EXPERT
Top Expert 2013

Commented:
You may have to edit firewall exceptions as well.  By default, when services such as file and print sharing are enabled a firewall exception is created, but only for the LAN subnet.

I would do initial testing using IPs, but DNS names may not resolve either unless you provide the client with the proper DNS server.

One final note, when you add the second subnet it often adds that to the servers DNS configuration.  Check in the DNS server config under server properties on the "Interfaces" tab.  "All IP addresses" is probably checked.  If so it can cause problems for LAN clients.  Best to change to "only the following" and check the LAN IP and 2 IPv6 addresses (usually 2 but if only 1 that is fine).

Author

Commented:
RRAS Active Port StatusAfter enabling static IP, I established L2TP connection from remote PC and received 10.0.0.201 which is what is supposed to happen and I was able to surf the internet by going to www.youtube.com. Checked the RRAS/ports/active connection/Status and noticed the traffic (Bytes in and out under Statistics section). All seems to be fine.

However I don't understand what you are referring to when you said "One final note, when you add the second subnet....  that is fine).
CERTIFIED EXPERT
Top Expert 2013

Commented:
Go to: DNS console | servername properties | Intefaces and see what is enabled.  If the VPN IP of the server is checked LAN clients can have problems resolving names.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Should look similar to this, though checking both IPv6 is fine.  In this case the 192.168.2.156 is the VPN adapter.
DNS-Interfaces.PNG

Author

Commented:
DNS InterfaceThis is current configuration.

Author

Commented:
By the way, I just checked DHCP server and noticed that all those 10 IP address from 192.168.1. 104 thru 137 that were assigned to VPN.domain.local have disappeared. Maybe because I switched to static (10.x.x.x)?
CERTIFIED EXPERT
Top Expert 2013

Commented:
Interesting.  Usually the VPN IP shows up, but that is fine the way it is.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Yes, changing to static will remove them
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
If you did set static then you don;t need DHCP anymore so lease expired

Author

Commented:
That make perfect sense.
I just don't recall why I set it to DHCP because I originally set it up as static IP. Well, since static IP does not seem to create any problem, so I am ok with it.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.