Attila Mosonyi
asked on
Cannot acces resources via VPN
I wanted to test and eventually use our router's (PepLink Balance One) build in VPN server to access resources on the network for users.
After setting up the VPN server (in the router the feature is called Remote User Access) I choose L2TP with IPsec.
On the client side I used the Windows 10 built in VPN Connection option and after a few tweakings I succeeded in connecting to the server from an outside network.
The problem is that I could only connect to one share, using the file server's internal IP address 192.168.0.x. Cannot access (or ping) anything by the NetBIOS name.
Next step I changed the protocol to PPTP on the server and managed to connect with the client, however still not able to access resources, except by IP address \\<Internal IP address>\Share.
Just as a side note, we don't have a domain, just peer to peer.
After setting up the VPN server (in the router the feature is called Remote User Access) I choose L2TP with IPsec.
On the client side I used the Windows 10 built in VPN Connection option and after a few tweakings I succeeded in connecting to the server from an outside network.
The problem is that I could only connect to one share, using the file server's internal IP address 192.168.0.x. Cannot access (or ping) anything by the NetBIOS name.
Next step I changed the protocol to PPTP on the server and managed to connect with the client, however still not able to access resources, except by IP address \\<Internal IP address>\Share.
Just as a side note, we don't have a domain, just peer to peer.
masnrock
What is the subnet of the network you're connecting from? If that is 192.168.0.x, you're always going to run into issues. I recommend that you don't use common subnets for work networks, or this is always going to be an issue.
ASKER
Yes, indeed, the subnet I am connecting from is 192.168.0.x and the subnet I am (trying to) connect to is 192.168.0.x as well. So what is the solution, I thought a VPN service is supposed to take care of it. I won't be able to control each and every user's internal home network and most definitely cannot change the company's existing subnet.
So what is the solution, I thought a VPN service is supposed to take care of it.A VPN is meant to get you an IP address from the network that you connect to. Changing the subnet mask on the office side MIGHT help, but certainly isn't guaranteed. Your best solution would actually to change the company's subnet. It's the one fix that is going to prevent issues in the long run.
Additionally, I would recommend creating a separate subnet solely for users connected in via VPN. (Just like with the office subnet, should not be a commonly used subnet)
mansrock raised an excellent point about subnets. I make a point of NOT using common subnets (192.168.0.x, 192.168.1.x, 10.0.x.x, 10.1.x.x, etc.) on networks primarily for this reason.
That said, I don't think it's the cause of your problem. If you have it working, the more likely problem is that all traffic from your workstation goes through the VPN and you'll not be able to access local (to your workstation) resources.
You are talking about issues with name resolution. Someone else may be able to suggest a solution, but I'll mention that name resolution on peer-to-peer Windows networks is often problematic and it gets worse over a VPN.
What is the workstation using for DNS once it is connected to the VPN? The key would be to work on getting the DNS server to resolve the names of the workstations you are trying to access by name.
That said, I don't think it's the cause of your problem. If you have it working, the more likely problem is that all traffic from your workstation goes through the VPN and you'll not be able to access local (to your workstation) resources.
You are talking about issues with name resolution. Someone else may be able to suggest a solution, but I'll mention that name resolution on peer-to-peer Windows networks is often problematic and it gets worse over a VPN.
What is the workstation using for DNS once it is connected to the VPN? The key would be to work on getting the DNS server to resolve the names of the workstations you are trying to access by name.
CompProbSolv is right in terms of name resolution. Split tunneling should ideally help, but you may still face some challenges due to the subnet conflict. What are you using for VPN?
ASKER
As I mentioned initially, I am only in the testing phase, so I use PepLink Balance One router's built in Remote User Access as VPN server and the Windows 10 VPN native app as client.
ASKER
For work, we use 8.8.8.8 and 8.8.4.4 as DNS.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you masnrock and ComProbSolv for your assistance!