RRAS, VPN can't connect

[Guest]

Hi

We have 2 offices and 1 server at each office. We are trying to connect these offices with VPN demand-dial and persistent connection in both ways at same time so clients at each office can connects to both offices resources.

If we establish a connection from ServerA to ServerB through VPN it successfull connects. If we try to connect from ServerB to ServerA through another VPN channel it wan't connect. We don't get any errormessages. The status says "connecting".

If we terminate the VPN-connection from ServerA to ServerB and then tries to connect (VPN) from ServerB to ServerA it connects as normal. But now we can't connect from ServerA to ServerB anymore.

So the short description is that we can connect a VPN-channel from on server to the another, but we can't make a VPN-channel the other way before the first VPN-channel is disconnected.

What I'm I missing here.

 

[rippy]

I didn't understand why do you need create another VPN tunnel. If you create
the first LAN-to-LAN VPN tunnel then clients of both sides would be able to
access to all resources if you correctly set up routing parameters.

Hi

We have 2 offices and 1 server at each office. We are trying to connect

these offices with VPN demand-dial and persistent connection in both ways at
same time so clients at each office can connects to both offices resources.

If we establish a connection from ServerA to ServerB through VPN it

successfull connects. If we try to connect from ServerB to ServerA through
another VPN channel it wan't connect. We don't get any errormessages. The
status says "connecting".

If we terminate the VPN-connection from ServerA to ServerB and then tries

to connect (VPN) from ServerB to ServerA it connects as normal. But now we
can't connect from ServerA to ServerB anymore.

So the short description is that we can connect a VPN-channel from on

server to the another, but we can't make a VPN-channel the other way before
the first VPN-channel is disconnected.

 

[Bill Grant]

I agree with that. When you make the connection from either end, the
connection should bind to the demand-dial interface at the other site (or
the routing won't work). So you only need the one connection, and the
interfaces at both ends should show up in the RRAS console as connected.

 

[Guest]

Thanks for your replies.

I have tried to have only one connection, but it doesn't work. The other connection will not connect as long as I have the first connection up and running.

One of the reason that it doesn't work with one connection is that static routing depends on both connection and I have no interface to set the static route to if the VPN-channel is not connected.

 

[Bill Grant]

That is correct. You must have the static route set up on the
demand-dial interface. But when you connect from either end, you should be
connecting to the demand-dial interface on the other server. You do this by
making the calling username match the name of the demand-dial interface on
the answering router.

If the username matches the name of the demand-dial interface, the
connection will bind to that interface and the route will be added to the
routing table. If you use a different username, the connection does not bind
to the dd interface. You just connect as an ordinary VPN client (not a
router), and you only get a host route back to the calling machine. To get
routing between the two sites, both dd interfaces must bind to the
connection, regardless of which router initiates the connection.

Thanks for your replies.

I have tried to have only one connection, but it doesn't work. The other

connection will not connect as long as I have the first connection up and
running.

One of the reason that it doesn't work with one connection is that static

routing depends on both connection and I have no interface to set the static
route to if the VPN-channel is not connected.