DHCP issue

[Gavin]

Hi,

Firstly, many thanks to all who have contributed to this group so far as
it's been a brilliant source of information.

I have managed to get RRAS working for l2tp/ipsec using certificates.

I had to setup a static pool of addresses and specified the dhcp server in
dhcp relay.

When the clients connect and are authenticated they get the IP address from
the static pool but no DHCP setting. So the credentials for name resolution
have to be inserted into the hosts file.

When I have it set to DHCP, the Internal RRAS interface has a 169.x.x.x
address. The VPN client can't get an address

The Policy specifies client requests IP address.

I installed a dhcp server on the machine but this hasn't made any
difference.

Question: What do I have to do to get the RRAS server passing dhcp data
from my internal dhcp servers to the clients?

Does the client use the default gateway from the INTERNAL interface when
connected as Internet access doesn't work. Neither does name resolution when
I nslookup to the dns servers which I can ping.

Thanks in advance.

Gavin

 

[Bill Grant]

I don't use DHCP for the remote clients. I prefer to use a static pool
of addresses. If you use the DHCP method, the clients do not in fact receive
their IP address directly from DHCP. The RRAS server leases a batch of
addresses from DHCP, uses one for its internal interface and issues
addresses from this pool to remote clients as required.

The default gate way of the remote client is the received IP address (ie
the IP address which it receives from the RRAS server at connection time.
What this really means that all non-local traffic goes over the
point-to-point link to the RRAS server.

Name resolution should work if the client receives the correct DNS
address at connection time. An nslookup from a remote client should work
just like one from a LAN client. They should be looking at the same DNS
server.

Getting to the Internet from a remote client can be tricky. Is this RRAS
server also doing NAT for the LAN clients? If it is, you will need to make
the change described in KB 310888 .

 

[Alex Tarata]

Hi Gavin,

If I got this right I think you might be on the wrong track. Here is how
this works:

- if you set up a static pool then remote clients will be distributed IP
address from that pool. The clients will also get the DNS settings from the
settings of the RRAS server
- if you set up DHCP to allocate the IP addresses THEN the clients will get
the DHCP settings. As Bill said previously RRAS leases 10 addresses at a
time from DHCP and keeps them in the registry. It then leases them to remote
clients. When it finishes these 10 addresses it will lease 10 more and so on
and so forth.

The fact that you set up the DHCP relay does not mean that clients will use
DHCP, because you already set up a pool of IP addresses to be assigned to
remote clients. If you want DHCP to assing your IP addresses to remote
clients remove the static pool and select DHCP from the following: under the
remote server's properties in RRAS mmc, go to the IP tab and make sure you
select 'Dynamic Host Configuration Protocol (DHCP)'. Then if your DHCP
server is on the same subnet as your remote server you do not need to use
the DHCP relay. However if your DHCP server is on a different subnet then
you need to set up the DHCP relay otherwise remote clients will never be
able to reach the DHCP server.

Hope this answers your question.

Cheers,
AT

 

[Gavin]

The problem that I seem to have though is that although I've tried DHCP the
DHCP server on the same lan as the internal nic will not give out dhcp
addresses. All three nic's (Internal, external and RRAS internal) are
enabled for DHCP relay. And the DHCP server is specified as the internal.

There is no dfault gateway on the internal nic nor is there a dhcp server.
If I do put a default gateway, the routing table changes and clients get a
768 error message. Add a dns record on the server and it makes no
difference.

Do an nslookup on the client and it immediately tries to connect to the dns
server associated with the isp. So resolution of internal devices isn't
happening much unless I change to the internal nameserver I want to use and
it will return queries. Incidentally the same name server is the DHCP server
also.

With regards to internet access, the RRAS server is not acting as a NAT
device for outbound LAN client connectivity. They have there own default
gateway to go through.

Any ideas?

 

[Alex Tarata]

Gavin,

Please read carefully what I am telling you:

If you want DHCP to assing your IP addresses to remote
clients remove the static pool and select DHCP from the following: under the
remote server's properties in RRAS mmc, go to the IP tab and make sure you
select 'Dynamic Host Configuration Protocol (DHCP)'.

By the sound of this your server is not set up to use DHCP to allocate
addresses. First ensure that this setting is on then we can continue to
other stuff.

AT