Christos Kassianides
asked on
SBS 2011 VPN with external DHCP
I have an SBS 2011 which runs exchange/DNS/DHCP/VPN but I had to remove the DHCP from it and use the routers DHCP for reasons that I cannot explain. Everything works fine but I cannot find anything online that says that VPN will work with an external DHCP.
I've just had my first remote user complain that she cannot connect so I rerun the fix my network and setup the vpn again and she appears to be connected fine. Is there anything else I need to check/do on the server or the router to ensure proper operation of the VPN?
I've just had my first remote user complain that she cannot connect so I rerun the fix my network and setup the vpn again and she appears to be connected fine. Is there anything else I need to check/do on the server or the router to ensure proper operation of the VPN?
There should be no issue with allowing SBS 2011 to DHCP and DNS. Â You may need a separate hardware VPN router. That is how we do VPN to Microsoft Servers running DHCP and DNS.
ASKER
I reactivated DHCP on the SBS2011 box and while it says that it connects, there is no internet or access to local devices and I get:
Event Type: Â Â Â Warning
Event Source: Â Â Â Rasman
Event Category: Â Â Â None
Event ID: Â Â Â 20209
Computer: Â Â Â MYSERVER
Description:
A connection between the VPN server and the VPN client 68.248.117.2 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
Which is weird since before I disabled the DHCP everything was working ok.
Event Type: Â Â Â Warning
Event Source: Â Â Â Rasman
Event Category: Â Â Â None
Event ID: Â Â Â 20209
Computer: Â Â Â MYSERVER
Description:
A connection between the VPN server and the VPN client 68.248.117.2 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
Which is weird since before I disabled the DHCP everything was working ok.
To answer the first part.
SBS does not like the router being the DHCP server. That being said it is possible. When you re-ran the wizard you likely re-enabled DHCP.
You can have RRAS, the VPN, hand out addresses if the SBS does not have DHCP running as in the attached image, by setting a static address pool.
As for "no access", can you ping anything on the network by IP? Â If so it is a DNS issue, common with the VPN. Â Open the DNS management console, right click on the server name and choose properties, then click the Interfaces tab. Â Change from all to just the SBS LAN IP, both IPv4 and IPv6. Â There may be 2 IPv6 addresses.
SBS does not like the router being the DHCP server. That being said it is possible. When you re-ran the wizard you likely re-enabled DHCP.
You can have RRAS, the VPN, hand out addresses if the SBS does not have DHCP running as in the attached image, by setting a static address pool.
As for "no access", can you ping anything on the network by IP? Â If so it is a DNS issue, common with the VPN. Â Open the DNS management console, right click on the server name and choose properties, then click the Interfaces tab. Â Change from all to just the SBS LAN IP, both IPv4 and IPv6. Â There may be 2 IPv6 addresses.
Not sure why Image in the centre, but.... Â :-)
SBS does not like the router being the DHCP server. Â <-- That is why I suggested hardware VPN as in my experience it just works better.
ASKER
Like I said DHCP is enabled once again on the SBS. I can connect but I cannot ping local devices or access internet. In the DNS the only ticked items are the SBS IP and one of the two IPv6 addresses.
Should I restart the server after all the enabling/disabling?
Should I restart the server after all the enabling/disabling?
I do agree with John a hardware VPN is much more secure, better performance, and eliminates the DHCP problem. Â Also SBS 2011 uses PPTP which is considered VERY insecure.....however.
Have you re run the Fix My Network Wizard? Â And you didn't answer if you can ping anything in the network by IP?
You shouldn't have to reboot.
Have you re run the Fix My Network Wizard? Â And you didn't answer if you can ping anything in the network by IP?
You shouldn't have to reboot.
ASKER
I did run fix my network. It found a few old issues with ecmxchamge smtp connectors, dns forwarders and closed ports  but those were preexisting.
I did mention that once connected, I cannot ping any local devices and/or access the interner.
I did mention that once connected, I cannot ping any local devices and/or access the interner.
Sorry, I missed your ping comment.
Could you post the results of   route print   and   ipconfig /all    from a command line.  Might help to figure out why the disconnect.
Could you post the results of   route print   and   ipconfig /all    from a command line.  Might help to figure out why the disconnect.
ASKER
Will do first thing tomorrow morning. I'm in Cyprus and it's 0015 at the moment.
Sounds good. Â Will watch for reply. Â Could you also advise of make and model of router?
Cheers!
Cheers!
ASKER
The router is a TP-Link Archer C5 (AC1200) which was working fine before I disabled the DHCP on the SBS and enabled it on the router itself. Please see below my ipconfig/all from my own personal computer once it is connected to the VPN.
Windows IP Configuration
  Host Name . . . . . . . . . . . . : DESKTOP-JF2ILUT
  Primary Dns Suffix  . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
  Physical Address. . . . . . . . . : 2C-FD-A1-71-A4-ED
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
  Physical Address. . . . . . . . . : 66-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
  Physical Address. . . . . . . . . : 64-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
PPP adapter imperio:
  Connection-specific DNS Suffix  . : domain.local
  Description . . . . . . . . . . . : name
  Physical Address. . . . . . . . . :
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.1.18(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . : 0.0.0.0
  DNS Servers . . . . . . . . . . . : 192.168.1.3
  NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Realtek 8822BE Wireless LAN 802.11ac PCI-E NIC
  Physical Address. . . . . . . . . : 64-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::35ec:18d:c476:35f6%1 2(Preferre d)
  IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : 21 March 2019 23:31:28
  Lease Expires . . . . . . . . . . : 23 March 2019 07:13:00
  Default Gateway . . . . . . . . . : 192.168.10.254
  DHCP Server . . . . . . . . . . . : 192.168.10.254
  DHCPv6 IAID . . . . . . . . . . . : 207908457
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-8F-86-85-2C -FD-A1-71- A4-ED
  DNS Servers . . . . . . . . . . . : fe80::1%12
                    185.37.37.37
                    fe80::1%12
  NetBIOS over Tcpip. . . . . . . . : Enabled
Windows IP Configuration
  Host Name . . . . . . . . . . . . : DESKTOP-JF2ILUT
  Primary Dns Suffix  . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
  Physical Address. . . . . . . . . : 2C-FD-A1-71-A4-ED
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
  Physical Address. . . . . . . . . : 66-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 3:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
  Physical Address. . . . . . . . . : 64-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
PPP adapter imperio:
  Connection-specific DNS Suffix  . : domain.local
  Description . . . . . . . . . . . : name
  Physical Address. . . . . . . . . :
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.1.18(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . : 0.0.0.0
  DNS Servers . . . . . . . . . . . : 192.168.1.3
  NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Realtek 8822BE Wireless LAN 802.11ac PCI-E NIC
  Physical Address. . . . . . . . . : 64-6E-69-8F-38-8F
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::35ec:18d:c476:35f6%1
  IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : 21 March 2019 23:31:28
  Lease Expires . . . . . . . . . . : 23 March 2019 07:13:00
  Default Gateway . . . . . . . . . : 192.168.10.254
  DHCP Server . . . . . . . . . . . : 192.168.10.254
  DHCPv6 IAID . . . . . . . . . . . : 207908457
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-8F-86-85-2C
  DNS Servers . . . . . . . . . . . : fe80::1%12
                    185.37.37.37
                    fe80::1%12
  NetBIOS over Tcpip. . . . . . . . : Enabled
Sorry, I was meaning route print and IPconfog /all from server. Â I will be out most of the day so no rush.
Router is not a problem. Â I just wanted to double check as some routers have license limits. If for example 10 and you reboot the server it can be #11 and loose connectivity, but TPlink do not have license limits.
Router is not a problem. Â I just wanted to double check as some routers have license limits. If for example 10 and you reboot the server it can be #11 and loose connectivity, but TPlink do not have license limits.
ASKER
Windows IP Configuration
  Host Name . . . . . . . . . . . . : server
  Primary Dns Suffix  . . . . . . . : domain.local
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : domain.local
PPP adapter RAS (Dial In) Interface:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : RAS (Dial In) Interface
  Physical Address. . . . . . . . . :
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . :
  NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 332i Adapter
  Physical Address. . . . . . . . . : 28-80-23-CC-56-C0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::810a:a81a:e4ea:615d% 10(Preferr ed)
  Link-local IPv6 Address . . . . . : fe80::c8d0:2737:49d2:6d77% 10(Preferr ed)
  IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCPv6 IAID . . . . . . . . . . . : 237535267
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-79-00-3B-28 -80-23-CC- 56-C0
  DNS Servers . . . . . . . . . . . : fe80::c8d0:2737:49d2:6d77% 10
                    192.168.1.3
  NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{DDE64B15-C82B-422B -B2EB-CF05 8D17A422}:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6E06F030-7526-11D2 -BAF4-0060 0815A4BD}:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
========================== ========== ========== ========== ========== =========
Interface List
 20........................ ...RAS (Dial In) Interface
 10...28 80 23 cc 56 c0 ......HP Ethernet 1Gb 2-port 332i Adapter
 1......................... ..Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
========================== ========== ========== ========== ========== =========
IPv4 Route Table
========================== ========== ========== ========== ========== =========
Active Routes:
Network Destination     Netmask      Gateway    Interface  Metric
     0.0.0.0      0.0.0.0    192.168.1.1    192.168.1.3   15
    127.0.0.0     255.0.0.0     On-link     127.0.0.1   306
    127.0.0.1  255.255.255.255     On-link     127.0.0.1   306
 127.255.255.255  255.255.255.255     On-link     127.0.0.1   306
   169.254.0.0    255.255.0.0     On-link    192.168.1.21   306
   169.254.0.20  255.255.255.255     On-link    192.168.1.21   306
 169.254.255.255  255.255.255.255     On-link    192.168.1.21   306
   192.168.1.0   255.255.255.0     On-link    192.168.1.3   266
   192.168.1.3  255.255.255.255     On-link    192.168.1.3   266
   192.168.1.21  255.255.255.255     On-link    192.168.1.21   306
  192.168.1.255  255.255.255.255     On-link    192.168.1.3   266
    224.0.0.0     240.0.0.0     On-link     127.0.0.1   306
    224.0.0.0     240.0.0.0     On-link    192.168.1.3   266
    224.0.0.0     240.0.0.0     On-link    192.168.1.21   306
 255.255.255.255  255.255.255.255     On-link     127.0.0.1   306
 255.255.255.255  255.255.255.255     On-link    192.168.1.3   266
 255.255.255.255  255.255.255.255     On-link    192.168.1.21   306
========================== ========== ========== ========== ========== =========
Persistent Routes:
 Network Address      Netmask  Gateway Address  Metric
     0.0.0.0      0.0.0.0    192.168.1.1    5
========================== ========== ========== ========== ========== =========
  Host Name . . . . . . . . . . . . : server
  Primary Dns Suffix  . . . . . . . : domain.local
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : domain.local
PPP adapter RAS (Dial In) Interface:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : RAS (Dial In) Interface
  Physical Address. . . . . . . . . :
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . :
  NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : HP Ethernet 1Gb 2-port 332i Adapter
  Physical Address. . . . . . . . . : 28-80-23-CC-56-C0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::810a:a81a:e4ea:615d%
  Link-local IPv6 Address . . . . . : fe80::c8d0:2737:49d2:6d77%
  IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCPv6 IAID . . . . . . . . . . . : 237535267
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-79-00-3B-28
  DNS Servers . . . . . . . . . . . : fe80::c8d0:2737:49d2:6d77%
                    192.168.1.3
  NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{DDE64B15-C82B-422B
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6E06F030-7526-11D2
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
==========================
Interface List
 20........................
 10...28 80 23 cc 56 c0 ......HP Ethernet 1Gb 2-port 332i Adapter
 1.........................
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
==========================
IPv4 Route Table
==========================
Active Routes:
Network Destination     Netmask      Gateway    Interface  Metric
     0.0.0.0      0.0.0.0    192.168.1.1    192.168.1.3   15
    127.0.0.0     255.0.0.0     On-link     127.0.0.1   306
    127.0.0.1  255.255.255.255     On-link     127.0.0.1   306
 127.255.255.255  255.255.255.255     On-link     127.0.0.1   306
   169.254.0.0    255.255.0.0     On-link    192.168.1.21   306
   169.254.0.20  255.255.255.255     On-link    192.168.1.21   306
 169.254.255.255  255.255.255.255     On-link    192.168.1.21   306
   192.168.1.0   255.255.255.0     On-link    192.168.1.3   266
   192.168.1.3  255.255.255.255     On-link    192.168.1.3   266
   192.168.1.21  255.255.255.255     On-link    192.168.1.21   306
  192.168.1.255  255.255.255.255     On-link    192.168.1.3   266
    224.0.0.0     240.0.0.0     On-link     127.0.0.1   306
    224.0.0.0     240.0.0.0     On-link    192.168.1.3   266
    224.0.0.0     240.0.0.0     On-link    192.168.1.21   306
 255.255.255.255  255.255.255.255     On-link     127.0.0.1   306
 255.255.255.255  255.255.255.255     On-link    192.168.1.3   266
 255.255.255.255  255.255.255.255     On-link    192.168.1.21   306
==========================
Persistent Routes:
 Network Address      Netmask  Gateway Address  Metric
     0.0.0.0      0.0.0.0    192.168.1.1    5
==========================
Everything looks fine except:
169.254.0.0    255.255.0.0     On-link    192.168.1.21   306
   169.254.0.20  255.255.255.255     On-link    192.168.1.21   306
 169.254.255.255  255.255.255.255     On-link    192.168.1.21   306
That is odd. Â I trust their is no "alternate" configuration set on the server's NIC, and it appears you only have 1 NIC (SBS will not work with 2), so I assume the 168.254.x.x addressing is related to the VPN since it's gateway is the VPN IP.
I would try opening the RRAS console, right click on the server name and choose "disable Routing and remote access". Â If you still can't ping PCs try re-running the fix my network wizard with RRAS turned off. Â If now working you can run the VPN wizard a again to set it up.
169.254.0.0    255.255.0.0     On-link    192.168.1.21   306
   169.254.0.20  255.255.255.255     On-link    192.168.1.21   306
 169.254.255.255  255.255.255.255     On-link    192.168.1.21   306
That is odd. Â I trust their is no "alternate" configuration set on the server's NIC, and it appears you only have 1 NIC (SBS will not work with 2), so I assume the 168.254.x.x addressing is related to the VPN since it's gateway is the VPN IP.
I would try opening the RRAS console, right click on the server name and choose "disable Routing and remote access". Â If you still can't ping PCs try re-running the fix my network wizard with RRAS turned off. Â If now working you can run the VPN wizard a again to set it up.
ASKER
If I disable the routing and access, how will the VPN connect for me to try and ping something local?
I am not sure we are talking about the same things. Â I may be misunderstanding.
You mentioned; "I did mention that once connected, I cannot ping any local devices and/or access the internet"
I assumed you meant the server has lost access to the network. Â Is the server still fine and this is just a VPN issue where a VPN client cannot ping local devices? Â
If it is just the VPN client cannot ping local devices on it's own network, on the VPN client PC, right click on the VPN adapter in "change adapter options" and choose "properties", then "networking", "IPv4 properties", "advanced" un-check "use remote default gateway"
You mentioned; "I did mention that once connected, I cannot ping any local devices and/or access the internet"
I assumed you meant the server has lost access to the network. Â Is the server still fine and this is just a VPN issue where a VPN client cannot ping local devices? Â
If it is just the VPN client cannot ping local devices on it's own network, on the VPN client PC, right click on the VPN adapter in "change adapter options" and choose "properties", then "networking", "IPv4 properties", "advanced" un-check "use remote default gateway"
ASKER
My bad. it is the client that loses internet and cannot access the local devices. By local devices, I mean the server and shares in the company network.
I tried what you suggested and while internet is still connected, if I ping 192.168.1.3 (SBS IP), I get a timeout. Same with trying to access \\192.168.1.3 to see the shares.
I tried what you suggested and while internet is still connected, if I ping 192.168.1.3 (SBS IP), I get a timeout. Same with trying to access \\192.168.1.3 to see the shares.
Ping requires return routing. Â I think that is corrupted with the 168.254.x.x route on the SBS. Can you run the VPN Wizard again on the SBS? Â As mentioned I have to go out for a while but will check back.
ASKER
VPN configured successfully. Internet Router configuration failed. The error notes just mention that it couldn't open the port 1723 automatically but it is open and canyouseeme.org says that it is open as well.
I will try to restart the server later tonight as well. Hopefully that will clear any old settings.
I will try to restart the server later tonight as well. Hopefully that will clear any old settings.
You will get the "Â Internet Router configuration failed" message if UPnP is disabled on the router, which is good as UPnP is a security risk. Â SBS needs that to configure automatically, but doing so manually is fine.
ASKER
Restart has fixed it. I can finally access the shares. Thank you all for your support. I will also recommend we buy a better router with built-in VPN. Do you have any recommendations that don't break the bank and can allow about 5 simultaneous VPN users? Preferably 10/100/1000 with Wifi as well.
Glad to hear it is working.
I don't use VPNs any more except a few site to site between routers. Â I like the Cisco/Linksys RVxx series for inexpensive units but their QuickVPN client is a nuisance you would need to purchase a third party. Â I think John likes those units as well but uses a 3rd party client, maybe he can recommend. Stepping up Sonicwall, WatchGuard, and Cisco all have great VPN routers and clients.
All the best!
I don't use VPNs any more except a few site to site between routers. Â I like the Cisco/Linksys RVxx series for inexpensive units but their QuickVPN client is a nuisance you would need to purchase a third party. Â I think John likes those units as well but uses a 3rd party client, maybe he can recommend. Stepping up Sonicwall, WatchGuard, and Cisco all have great VPN routers and clients.
All the best!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER