Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 10, 2012 12:44 AM
Guys I really need help here. I am about to punc this screen.
I have a very simple VPn server set up on my windows 2003 server machine. When using my Windows 7 computer to connect to the VPN, i get an Ip address but no default gateway it's either 0.0.0.0 with "User route on default gateway" checked, or blank when it's not checked. What is going on? I know the VPn is not working correctly as i cannot access any files on the VPN server side computer, and when I try to ping anything it gives me a general failure. If I try to ping the IP address it assigns to MY computer (as I remote in to the VPN server computer with Logmein) it request times out. What is going on here?
All replies (5)
Thursday, May 10, 2012 1:09 AM ✅Answered
A VPN connection does not need a default gateway - it would be meaningless. A VPN connection is a point-to point connction which emulates a single wire connection. What goes in one end comes out the other. No routing is available or required.
If your VPN is set up correctly the client will receive an IP in the same subnet as the VPN interface on the server (ie the internal interface in RRAS). By default the RRAS server will get this address from DHCP. If you want to use a different IP subnet you set up an address pool manually in RRAS.
Bill
Sunday, May 13, 2012 6:17 PM ✅Answered
I guess it's prudent to indicate that we need to see configuration info. I see you're a bit frutstrated and have posted numerous symptoms, but without config info, it is extremely difficult to tell where the problem is.
Punching anything other than a heavy bag or speed bag ain't going to get you anywhere.
.
Post the following to better help:
- Unedited ipconfig /all from a connected client and from the VPN server.
- Is the VPN server a DC?
- Did you setup a Relay Agent (also called an IP Helper)?
- Results from a ping to an internal resource and an internet resource while the client is connected to the VPN.
- Results from a ping to an internal resource and an internet resource while the client is not connected to the VPN.
- Nslookup www.microsoft.com while the client is connected to the VPN.
- Nslookup www.microsoft.com while the client is not connected to the VPN.
.
NOte - There are two ways to handle the default gateway. IN the VPN connection properties on the client, Networking tab, IPv4 properties, Advanced, either check the "Use default gateway on remote network," or uncheck it.
I just tested it both ways:
- When I have that unchecked, all my personal internet traffic (website browsing, inappropriate sites, etc), uses my OWN ISP for internet traffic without being hindered, but I can still access ALL resources on the company network. An ipconfig /all shows a blank gateway settting for the PPP (VPN) properties. And I can ping everything, company resources and internet resources.
- When I have it checked, all of my personal internet traffic now is going through the company's gateway and firewall, and is being restricted by the company's firewall and website restrictions, but I can access ALL company resources. An ipconfig /all shows 0**.0.0.0 as the default gateway** for the PPP (VPN) properties. And I can ping everything, company resources and internet resources.
.
Summary: Since you've stated that you've re-setup RRAS, I believe the RRAS server was not setup properly, possibly missing a setting somewhere when you set it up.
- Did you setup a DHCP relay agent so all DHCP Options are provided to your clients, or are you satisfied that the VPN server's DNS & WINS settings are sufficient? Note: No other options are provided. If you have additional options, such as the domain name, etc, you must configure a DHCP Relay agent.
- Did you choose to enable RRAS filters during the setup? Maybe that may have a bearing on your setup.
- Is this a two NIC setup, or a single NIC Setup? If a two NIC, did you enable NAT?
.
See if the following links will help. Note, there's also a link about single VS dual NICs.
How to install and configure a Virtual Private Network server in ...You can configure the VPN server to use either Windows Server 2003 or Remote ...
http://support.microsoft.com/kb/323441
Remote access/VPN server role: Configuring a remote access/VPN - Windows 2003, Updated: January 21, 2005. (Including NAT)
http://technet.microsoft.com/en-us/library/cc736357(WS.10).aspx
Virtual Private Networks - Configure and deploy VPN connections to client computers that are ready to ...
http://technet.microsoft.com/en-us/network/bb545442
Windows 2000/2003 - How to configure VPN Server with single NIC on Windows Server
http://blogs.technet.com/b/rrasblog/archive/2006/06/19/437171.aspx
VPN server deployment: IP Addressing, Routing/NAT, Single vs two NIC
http://blogs.technet.com/b/rrasblog/archive/2006/09/20/vpn-server-deployment-ip-addressing-routing-nat-single-vs-two-nic.aspx
.
.
Regarding the DHCP Relay agent:
================================
RRAS DHCP Options
By default, DHCP Options are NOT passed to a RRAS client (dialup or VPN). Instead, this information is taken directly from the RAS server's NIC settings, and may not be the DNS or WINS server addresses you want to give the VPN clients. If a RAS server has WINS or DNS entries, these entries are passed to the client.
If you want to test this theory, you can put a fake WINS address in the server's NIC's WINS settings, reboot the server, then connect a client, and see if it gets the fake WINS address from the server.
However, if you configure the RRAS server as a DHCP Relay agent, it will pass the DHCP options to the client.
Understanding DHCP IP Address Assignment for RAS Clients
http://support.microsoft.com/kb/160699/EN-US
IP Address Assignment
http://technet.microsoft.com/en-us/library/dd469712(WS.10).aspx
Thread Discussion: DNS DHCP option 006 not being applied to VPN clients via RRAS
This is a good discusion with specifics about how an IP config is passed to a RRAS client and DHCP relay agents
http://www.petri.co.il/forums/showthread.php?t=35748
Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing Options
http://www.isaserver.org/img/upl/vpnkitbeta2/dhcprelay.htm
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Thursday, May 10, 2012 4:48 AM
Was this working all the time, and all of a sudden it stopped, or is this is a new VPN setup? If so, can you post the instructions you followed to set up the VPN server?
Is the server SBS 2003?
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Saturday, May 12, 2012 5:02 PM
I am running this on Windows 2003 Server. This is an older setup, but I had to RE setup from the last time. This makes no sense on two things though: 1) Why I can't ping anything on the remote network. 2) Why I can't access any files, or connect to my as400 system through it's emulator. This worked before, did I forget to put a setting on I did last time??
BTW: To the original person who responded: I have always gotten a default gateway, of either the IP address itself if the default gateway on remote network is NOT checked, or the actual default gateway of the router if that option is checked. So YES you do need a default gateway or the VPN has no idea how to route the traffic. So that is where the problem lies, how do I fix that?
I can remote desktop login to the VPn computer, so if there is anything I need to change, please tell me so and I will do it.
Do I have to have something in static routes? To tell the VPN client computer to go through the remote network, why I am confused I thought the VPN is supposed to do this by default. Why I am having this dumb problem? Is it something in the policies?
I am seriously going to punch my screen, I never had this issue before with the VPN, what could POSSIBLY be going on
Monday, May 14, 2012 1:09 AM
I am afraid that you are mistaken. A VPN connection does not need a default gateway. No routing can take place on a VPN because it is simply a pipe from the guest to the server. The routing, if required, is done once it reaches the server.
It you are using the same IP subnet for the VPN and the LAN, still no routing is required. The VPN server does proxy ARP on the LAN for the remote client and relays the data over the VPN link.
If the LAN and the VPN link use different IP subnets (called off-subnet addressing) the routing between subnets is done on the RRAS server.
http://support.microsoft.com/kb/171185
What exactly is wrong with your setup is difficult to guess until we get more detail of the setup (as Ace has requested).
Bill