Tech Off Thread

3 posts

VPN problems with networking

Back to Forum: Tech Off
  • User profile image
    W3bbo

    I'm trying to establish a simple VPN set-up (with Windows Server 2003's Routing and Remote Access role), I'll worry about other stuff and tightening it up (like moving to IPSec) after I get this working first.

    I added the RRAS role to the server, and configured the network firewall/router so all VPN connections pass through OK, I then enabled RRAS access on a test user account in ADUC.

    Right now I'm on a computer unrelated (and untrusted) from the domain the RRAS server is in, additionally the RRAS's domain is unrelated to the Internet's DNS (it's "foobar.local").

    I can create the VPN connection fine and also connect when I enter the credentials of that test user account, but when I do connect everything breaks on my side (bad, very bad). To be more precise, DNS fails and browsing the VPN network fails, I can only connect via Windows Explorer if I type in the IP address of the remote host in UNC format, using the NetBIOS hostname doesn't work. Everything is really slow as well (even though latency is only ~40ms). I can't even resolve "server.foobar.local", so something is seriously wrong.

    At the remote site, the RRAS server (which is also a DC) has the IP address 192.168.0.2, but my local machine also happens to have the address 192.168.0.2; but when I connect via the VPN connection it's addressed by 192.168.0.62 and my computer is 192.168.0.61, so that sounds fine, but still... DNS is completely broken, I cannot resolve google.com for example, even though the RRAS server can (by virtue of being a DC it has a built-in DNS server). Its like it cuts off my own LAN as well.

    Are there any settings I might have overlooked?

    I've tried setting the priority of connections under Network Connections > Advanced > Advanced Settings > Adapters and Bindings to different orders, but to no avail.

    Any tips?

    Thanks

  • User profile image
    Maddus Mattus

    Get an UMTS card or place an remote server outside the domain and test via that.

    I think the TCP/IP stack gets messed up because you are connected to multiple subnets that have the same region,...

    edit:

    Also check the default gateway and dns the vpn server is giving out thru DHCP.

  • User profile image
    RichardRudek

    At the remote site, the RRAS server (which is also a DC) has the IP address 192.168.0.2, but my local machine also happens to have the address 192.168.0.2; but when I connect via the VPN connection it's addressed by 192.168.0.62 and my computer is 192.168.0.61, so that sounds fine, but still...

    Um, why does this sound fine?

    You should be trying to route between what should be two 'distinct' networks. From a TCP/IP point-of-view, the network mask is used to make this distinction. So unless your using some kind of tricky netmask setup that I can't imagine, then the best I would have ever expected to get would be simple a point-to-point connection. Though if both your (local) IP Address conflicts with the RRAS server, then I'm amazed you even get that.

    Simplest solution would be to change your local IP Address range. ie Use something like 192.168.20.0/24 locally.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.