RRAS-VPN-Static Pool-Default Gateway assignment

  • Thread starter Thread starter Rick Csucsai
  • Start date Start date
R

Rick Csucsai

I have a test network set up. I have on machine as the vpn server. LAN side
is 10.200.86.200 WAN side is 10.201.91.x and this is the side assigned to
accept VPN connections. I have the VPN server set to use a static pool of
addresses (10.200.86.106-10.200.86.107). As it is supposed to, the VPN
server takes 10.200.86.106 for itself. The client VPNs in and gets the
10.200.86.107 as it's IP address. Problem is, it sets it's gateway as
10.200.86.107 (itself) which keeps the client from pinging anything else
within the LAN (such as 10.200.86.231). Question is: How can I tell the VPN
server what IP address I want it to dish out to the client yet still use a
pool as the IP address source. I know I can use full DHCP but it doesn't
seem right that they would design it like this. 1 Alternative was to
manually assign the client's address and specify the gateway as i see fit
but i shouldn't have to do that. Is there something that I have not looked
at yet that tells the VPN server what addres to use as the gateway for
clients that it assigns an address to?

Thanks
Rick
 
The default gateway is not your problem. That is the correct behavior. The
default gateway for you VPN client is the "received" IP because that is the
address of the VPN link to the VPN server. What it really means is that all
non-local traffic will go over the point-to-point link to the VPN server.

If you cannot ping a LAN client by IP address, something is wrong with
your server setup. Because you are using "on subnet" addresses for the VPN
client, the client and the LAN machine are in the same IP subnet, so no
routing takes place. The server relays the traffic from the remote onto the
LAN. The LAN client replies as if the remote was on the LAN. The server does
proxy ARP for the remote, gets the packet over the Ethernet and relays it to
the remote client. The server just acts as a proxy for the remote.
 
Good point. Getting brain farted here. Forgot about the point that if they
are on the same subnet, the gateway is irrelevant. What's interesting is
that when I assign an ip address to my client by specifying it in AD, then
manually assigning that same address in the VPN connection on that client
and specify the IP address of the server as it's gateway, it works fine.
 
Well, looking at it again, it doesn't appear that the client is adding the
route to its local routing table. When i manually add the route 10.200.86.0
MASK 255.255.255.0, all is well. Any idea why it is not adding that route as
I believe it automatically should?
 
The server will not add routes to the remote clients routing table. This is
very inconvenient for those who do not want to use the RRAS as their default
gateway, but still want to access resources on another subnet.

Mike
 
As Mike says, if you clear the "use default gateway.." setting on the
client, routes do become important, because you don't get a default route to
the server. But you should get a subnet route. See KB 254231 .
 
Back
Top