xp machines cannot access ASUS VPN Server.

I'm doing remote office setup for employees and while doing testing I have remote XP machines that log in to VPN Server but are actually not connected. When I ping or type in router ip I get local router page. Weirdly, this is not the case with windows 2000 virtual machines on os x laptops which ping and login to host router web page.
John CrawfordIT AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Is the VPN server modern?  XP is tied to SMBv1 which has been removed from everything modern.
John CrawfordIT AdministratorAuthor Commented:
Yes, my co-worker bought a ASUS 3200 router. I was able to connect using a windows 10 home laptop today without a problem and even access the entire office network. So it looks like W2K, XP, and even OS X using Shimo are not usable.
John CrawfordIT AdministratorAuthor Commented:
With W2K and Shimo on OS X and can connect but I can only connect to the router setup page, cannot see anything else on network, so far I've spent about 8 hours working on this.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JohnBusiness Consultant (Owner)Commented:
Yes XP is loo long gone . The Windows 10 Machine uses SMBv2 and that stops XP
Dr. KlahnPrincipal Software EngineerCommented:
I must respectfully disagree with John's comment above.  The questioner states:

Weirdly, this is not the case with windows 2000 virtual machines on os x laptops which ping and login to host router web page.

Windows 2000 also only supported SMBv1, but those VMs are able to get to the desired page.  Unless the VM host is further encapsulating the VM's outgoing packet in a "legitimate" fashion (which seems unlikely), IMO, this is not an SMB v1 issue -- though that certainly jumps to mind immediately.

In this situation I'd be inclined to put a sniffer on the network, look at the traffic going to the VPN server, and see what differences there are in both the requests to the server and the responses from the server.

Also have a look at the XP firewall configuration.


If it's enabled, try disabling it temporarily and see if there's any improvement.  If the firewall is disabled, then it's not a firewall issue and that can be scratched off the  list of possibilities.
Echo dr.klan

Your detail does not convey what type of failures, or vonnection you are establishing.

Are you using PPTP which is likely, the VPN sets up? Check your Ian ip versus the remote Ian or PPTP assigned IPs to make sure there is no overlap.
John CrawfordIT AdministratorAuthor Commented:
Using Wireshark, the W2K packets appear to be encapsulated and protocol is PPP. Shimo the protocols are all PPP not encapsulated.

W10 source packets are IPv6 addresses using UDP protocol. The destination is a weird 7 digit address with two colons.
The VPN Server on ASUS router is set to PPTP.

It's clear the W10 packets are totally different looking.
JohnBusiness Consultant (Owner)Commented:
It may be the IPv6 protocol stopping XP (which does not have IPv6 so far as I know).

Can you set the ASUS VPN Server for IPv4?
Are both w2k and XP in the same location.

There are routers that gave issue with gre, protocol 47 which PPTP uses.
The other issue is ip overlap.

IPv6 versus IPv4
Disable IPv6 on your Windows 10 and try the connection again.
IPv6 can be added to XP, win2k preceded XP would suspect similar IPv6 issues.
John CrawfordIT AdministratorAuthor Commented:
IPv6 off, W10 connects and has full access,  but Wireshark reports protocols are now: MDNS, MBNS, LLMNR.
Does the says VPN have multiple technologies enabled, including l2tp over IPSec?

Look at shrew cpan client , open source, free VPN client that you could run on XP, IPSec type VPN...

The difficulty in troubleshooting an issue such as yours deals with determining the parameters and under what circumstances it fails.

The impression is that the XP PPTP connection establishes but passes no data
Ip overlap would seem to be common under this type of scenario.

Presumably, the PPTP connection is set to use the remote as default gateway.
John CrawfordIT AdministratorAuthor Commented:
The ASUS router has PPTP and openvpn only. Since the win10 has no problem, Ill probably run with that. I'm working with 32 & 16 bit legacy software, would prefer xp.
JohnBusiness Consultant (Owner)Commented:
XP is really old. You can make a virtual machine of that for 16-bit software and use Windows 7 32-bit for legacy. I know you can run some DOS 16-bit software in Windows 7 32-bit.
Ido you have openvpn installed on the XP, try that.

Double check whether Windows 10 uses openvpn.
John CrawfordIT AdministratorAuthor Commented:
Like I said, W10 can access, but W2K in Virtual Box running on a W10 unfortunately will not connect to remote network devices (it can login in to VPN Server but cannot see other resources, so I'm back where I started). I was hoping it would work, now I have no way for our 16 bit DOS application to access office servers.
Your virtual box w2k rubs into an ip conflict.

It uses the same ip block.
Configure the w2k to get an ip from the LAN, bridge network, and see if the behavior changes.
John CrawfordIT AdministratorAuthor Commented:
The VPN Server is setup to only hand out about 5 ip's. The W2K VM gets the same IP address and sub net as native W10.

The way I got it to work today was to establish a VPN connection via W10. Then Net Use in windows10 to file server on remote network.  Setup a shared folder in the Virtual box machine, then do a Net Use in Windows 2000 and success.
What is the IP of the virtualbox w2k that it gets from the virtual box DHCP.
I think it is the same segment as the one present on the asus VPN side.
If you configure your VM's network bridge to the LAN it would have additional overhead but will bypass the ...
John CrawfordIT AdministratorAuthor Commented:
The VM is bridged, so the ip is the private address handed out by VPN Server. Whether I use XP actual bare metal or windows 10 or W2K VM the behavior the same for them all in terms of IP addresses and subnet.

I also tried the vm with NAT but that didn't help.
have not tested your scenarios, but if the VPN sets up and the ip is not in conflict, it is unclear why it fails to pass traffic.
The PPTP in the VM set to use remote ip as default gateway, to pass all traffic from the VM through the VPN?

This is a suggestion of exploration given you found that setting up the VPN on the w10 and sharing the VPN connection with guest VMs.
John CrawfordIT AdministratorAuthor Commented:
Windows 10 built in VPN client positive connection to ASUS 3200 VPN Server. Set up W2K VM with shared folder in Virtual Box, then can map drive.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.