VPN Help
First of all, thank you for reading this and I really hope someone can help and fast!
So, here's where my issue begins. A mobile user at work logs in via VPN to access our Exchange server for his email and local network resources (i.e. ACT, Shared Folders, etc...). He's been having problems recently staying connected via the VPN
while working wireless. Every 15-20 minutes he gets disconnected. So today, he was working from home and it started acting up. He decided to plug it directly into the switch to by pass working wireless.
However, in doing so, he no longer has access to the local network but the VPN still connects and his Outlook still works off Exchange. When he goes to click on any of the mapped network drives it kicks back a "Network Path not found" error.
He also cannot ping the domain name or the static private IP (192.169.2.10). The weird thing is, RRAS still recognizes him up as a connected user and assigns an IP.
I ran an ipconfig on the server and it kicked back this.
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.2.69
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.2.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
Should the adapters be listed on different subnets like that?
April 28th, 2010 1:01am
Yes, the adapters should be seperated. The PPP adapter RAS Server (Dial In) interface is the adapter used for the VPN clients that connect to your network.
It would be beneficial to see the IPCONFIG results for the VPN user during the connectivity issues.Visit my blog: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2010 1:22am
Here's the ipconfig from the user's side.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
IP Address. . . . . . . . . . . . : 192.168.2.29
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
PPP adapter Panamerica:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.2.70
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.2.70
April 28th, 2010 1:58am
Your clients HOME network subnet should not be the same as the one you are using for RRAS VPN services. You should go to your RRAS server and choose a different subnet for RRAS VPN that you know your users are not using at home, possibly a 172.16.x.x
subnet since it is unlikely users at home will configure their home routers to use that range.
it appears that it may be a simple routing issue from the client side. You can verify that with using TCP/IP tools such as TRACERT to verify where the packets go. For example, in the above configuration what happens if you ping 192.168.2.10?
do you see the traffic leaving through the PPP adapter or stay within the home network.
ROUTE PRINT should reveal more info about the local routing table on the home system.
Visit my blog: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2010 2:42am
Not quite sure what you mean by changing the subnet. I mean, I understand the concept, but when our router uses NAT doesn't it automatically assign the 192.168.x.x ?
As for when I ping 192.168.2.10, it times out. Here's the copy of ROUTE PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 37 23 d1 6b ...... Broadcom NetLink (TM) Gigabit Ethernet - Packet
Scheduler Miniport
0x100004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.29 21
0.0.0.0 0.0.0.0 192.168.2.70 192.168.2.70 1
server ip 255.255.255.255 192.168.2.1 192.168.2.29 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.29 192.168.2.29 30
192.168.2.0 255.255.255.0 192.168.2.29 192.168.2.29 20
192.168.2.29 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.70 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.2.255 255.255.255.255 192.168.2.29 192.168.2.29 20
192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 50
224.0.0.0 240.0.0.0 192.168.2.29 192.168.2.29 20
224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 1
255.255.255.255 255.255.255.255 192.168.2.29 192.168.2.29 1
255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 1
Default Gateway: 192.168.2.70
===========================================================================
Persistent Routes:
None
April 28th, 2010 3:33am
Based on the ROUTE PRINT, you have an entry:
192.168.2.0 (DEST) 255.255.255.0 (SM) 192.168.2.29 (GW) 192.168.2.29 (INTERFACE)
Which means that anything destined for the 192.168.2.x, other than .29 & .70 goes to the gateway 192.168.2.29, not the PPP adapter gateway of 192.168.2.70. Since you internal corporate network is also in the 192.168.2.x range, packets destined
for 192.168.2.x wont cross over the PPP adapter. According to your ROUTE table, the packet should stay on your local network.
Nothing to do with NAT. In the RRAS configuration, you can specify another subnet range for remote clients (the PPP adapter). Normally with RRAS, either you have the RRAS server use a specific pool of IPs for DHCP for the clients or you configure
RRAS to use a corporate DHCP server to issue IPs.
Or, on your home network, use a different subnet range (anything other than 192.168.2.x). I would expect that either of these solutions will fix the issue.
Visit my blog: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2010 5:07am
It's been so long since I've done any type of subnetting, anything other than 192.168.2.x would work? So say i.e. 192.168.3.x or 192.168.1.x etc...?
Can my PPP adapter and local NIC be on different subnets? My gut feeling says no, but? Wouldn't it be easier to change the subnet on the client's side instead if changing it on the server and router side?
April 28th, 2010 2:16pm
The PPP and NIC can and probably should be on different subnets. The network is defined by the mask so if you are using a /24 (255.255.255.0), 192.168.3.x is on a different network than 192.168.2.x.
Just to make sure everything else is working as expeted, if you attempt to reach say google.com, you are able to correct? Traffic destined for any network outside of 192.168.2.x should be leaving through the client's PPP adapter (according to your
ROUTE table).
Visit my blog: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2010 3:26pm