Cannot acces resources via VPN

Attila Mosonyi
Attila Mosonyi used Ask the Experts™
on
I wanted to test and eventually use our router's (PepLink Balance One) build in VPN server to access resources on the network for users.
After setting up the VPN server (in the router the feature is called Remote User Access) I choose L2TP with IPsec.
On the client side I used the Windows 10 built in VPN Connection option and after a few tweakings I succeeded in connecting to the server from an outside network.
The problem is that I could only connect to one share, using the file server's internal IP address 192.168.0.x. Cannot access (or ping) anything by the NetBIOS name.
Next step I changed the protocol to PPTP on the server and managed to connect with the client, however still not able to access resources, except by IP address \\<Internal IP address>\Share.
Just as a side note, we don't have a domain, just peer to peer.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
What is the subnet of the network you're connecting from? If that is 192.168.0.x, you're always going to run into issues. I recommend that you don't use common subnets for work networks, or this is always going to be an issue.
Attila MosonyiIT Support Specialist

Author

Commented:
Yes, indeed, the subnet I am connecting from is 192.168.0.x and the subnet I am (trying to) connect to is 192.168.0.x as well. So what is the solution, I thought a VPN service is supposed to take care of it. I won't be able to control each and every user's internal home network and most definitely cannot change the company's existing subnet.
Distinguished Expert 2018

Commented:
So what is the solution, I thought a VPN service is supposed to take care of it.
A VPN is meant to get you an IP address from the network that you connect to. Changing the subnet mask on the office side MIGHT help, but certainly isn't guaranteed. Your best solution would actually to change the company's subnet. It's the one fix that is going to prevent issues in the long run.

Additionally, I would recommend creating a separate subnet solely for users connected in via VPN. (Just like with the office subnet, should not be a commonly used subnet)
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

mansrock raised an excellent point about subnets.  I make a point of NOT using common subnets (192.168.0.x, 192.168.1.x, 10.0.x.x, 10.1.x.x, etc.) on networks primarily for this reason.

That said, I don't think it's the cause of your problem.  If you have it working, the more likely problem is that all traffic from your workstation goes through the VPN and you'll not be able to access local (to your workstation) resources.

You are talking about issues with name resolution.  Someone else may be able to suggest a solution, but I'll mention that name resolution on peer-to-peer Windows networks is often problematic and it gets worse over a VPN.

What is the workstation using for DNS once it is connected to the VPN?  The key would be to work on getting the DNS server to resolve the names of the workstations you are trying to access by name.
Distinguished Expert 2018

Commented:
CompProbSolv is right in terms of name resolution. Split tunneling should ideally help, but you may still face some challenges due to the subnet conflict. What are you using for VPN?
Attila MosonyiIT Support Specialist

Author

Commented:
As I mentioned initially, I am only in the testing phase, so I use PepLink Balance One router's built in Remote User Access as VPN server and the Windows 10 VPN native app as client.
Attila MosonyiIT Support Specialist

Author

Commented:
For work, we use 8.8.8.8 and 8.8.4.4 as DNS.
Those won't resolve local addresses.  Your computer is relying on other methods (NETBIOS, WINS, or?) for local name resolution.

Let's hope someone else has an answer.  My impression/limited experience has been that it's difficult to do local name resolution over a VPN without local DNS (preferred) or using a Hosts file.
Attila MosonyiIT Support Specialist

Author

Commented:
Thank you masnrock and ComProbSolv for your assistance!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial