RRAS, VPN, Terminal Server (TS)

[Guest]

Howdy All,

I'm having a problem with RRAS, VPN and TS. Basically the problem is that I
can connect remotely to the VPN server (incidentall the VPN Server, DHCP
Server, DNS Server, and TS are all one and the same), but I cannot access
anything on the remote network once I've connected. The LAN to which I'm
connecting is setup as follows:

DSL Router 192.168.1.1
FS1: 192.168.1.3
DHCP: 192.168.1.3
DNS: 192.168.1.3
VPN: 192.168.1.3
TS: 192.168.13

FS1/DHCP/DNS/VPN--->Switch--->Router--->INTERNET<---VPN Client
Workstation1--------------^
Workstation2--------------^

Now, I know what you will probably say first "That's too much on one
server!" And, yes you are right, but considering my financial constraints I
have no other choice - besides it should still work. I just haven't setup
one up in a while so I'm a little rusty and I'm probably stepping all over
the answer.

Locally I can ping everything on the network from a workstation. Therefore,
I guess that means DNS and DHCP is working fine. I can even logon to the TS
and run any application.

But, once I take out my laptop, dial up my ISP, connect to the VPN server
over the dial up connection, and then connect, I am not able to ping FS1, the
router, or anything else. I also cannot connect to and run anything on the
TS. What is the problem. Any and all help will be greatly appreciate.

Thanks in advance.

 

[Bill Grant]

VPN is just a point-to-point connection like RAS.When you are connected,
click the icon on the taskbar and look at the properties of the connection.

You should be able to ping the server by this IP (it is just the other
end of the point-to-point). Whether you can ping anything beyond that
depends on how you set it up. If the client gets an IP in the same subnet as
the LAN machines, you should be able to ping them by IP address. (The RRAS
server acts a a proxy for the remote client).

Whether you can ping by name depends on whether the remote client has
the correct DNS server address and is using the correct DNS suffix.

 

[Guest]

Howdy Bill and thanks for the reply.

I am able to make the connection and clicking on the icon in the system tray
confirms this. However, after connecting I am unable to ping anything on the
network of the VPN server - not even the VPN server itself (by name or ip
address). Here is the IP address assignment provided through DHCP:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\username>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PERDIDO02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (domainname).com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139 C+ Fast Ethernet
NIC

Physical Address. . . . . . . . . : 00-08-02-F3-BD-FE

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.197.103.122
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.197.103.122
DNS Servers . . . . . . . . . . . : 66.174.3.7
66.174.6.7
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter Blair's Bail Bonds VPN:

Connection-specific DNS Suffix . : blairsbailbonds.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.19
DNS Servers . . . . . . . . . . . : 192.168.1.3
205.152.132.23
205.152.37.23

One thing I must admit that I don't understand is why the default gateway is
the same as the host ip address of the vpn client. Shouldn't this be set to
the default gateway address of the router on the network to which I am
connecting via VPN? Now, as I've stated before, if I physically connect to
the network locally (the very same one to which I'm trying to VPN) I'm able
to ping everything, and use all available services on the network. It is
only when I VPN that I can't ping or use any of the services on the network.

Also, when I check the leases on the DHCP server I don't see anything for
the VPN client when it is connected. How is it getting an IP address and
from where? Is it obtaining the address from RRAS or from the DHCP service?

Again, thanks for you reply,

Binarysupport

 

[Bill Grant]

1. The default gateway setting is correct. The default gateway is the
"received" IP address, which means non-local traffic is sent across the
point-to-point connection to the RRAS server. If you want to change this so
that you keep your current default gateway and only send 192.168.1. traffic
over the VPN link, you need to clear the "Use default gateway.." entry in
the VPN connection properties. For more detail see KB 254231 .

2. If you have left things at the default setting, the RRAS server will
lease a batch of IP addresses from DHCP and use those for the VPN. It gives
one to itself for the "internal" interface and one to each client as
required.

3. Your firewall could be blocking access to the 192.168.1.0 subnet.

Howdy Bill and thanks for the reply.

I am able to make the connection and clicking on the icon in the
system tray confirms this. However, after connecting I am unable to
ping anything on the network of the VPN server - not even the VPN
server itself (by name or ip address). Here is the IP address
assignment provided through DHCP:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\username>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PERDIDO02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (domainname).com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139 C+ Fast
Ethernet NIC

Physical Address. . . . . . . . . : 00-08-02-F3-BD-FE

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.197.103.122
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.197.103.122
DNS Servers . . . . . . . . . . . : 66.174.3.7
66.174.6.7
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter Blair's Bail Bonds VPN:

Connection-specific DNS Suffix . : blairsbailbonds.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.19
DNS Servers . . . . . . . . . . . : 192.168.1.3
205.152.132.23
205.152.37.23

One thing I must admit that I don't understand is why the default
gateway is the same as the host ip address of the vpn client.
Shouldn't this be set to the default gateway address of the router on
the network to which I am connecting via VPN? Now, as I've stated
before, if I physically connect to the network locally (the very same
one to which I'm trying to VPN) I'm able to ping everything, and use
all available services on the network. It is only when I VPN that I
can't ping or use any of the services on the network.

Also, when I check the leases on the DHCP server I don't see anything
for the VPN client when it is connected. How is it getting an IP
address and from where? Is it obtaining the address from RRAS or
from the DHCP service?

Again, thanks for you reply,

Binarysupport

VPN is just a point-to-point connection like RAS.When you are
connected, click the icon on the taskbar and look at the properties
of the connection.

You should be able to ping the server by this IP (it is just the
other end of the point-to-point). Whether you can ping anything
beyond that depends on how you set it up. If the client gets an IP
in the same subnet as the LAN machines, you should be able to ping
them by IP address. (The RRAS server acts a a proxy for the remote
client).

Whether you can ping by name depends on whether the remote
client has the correct DNS server address and is using the correct
DNS suffix.

 

[Guest]

Howdy Bill, and thanks once again for your response. Fortunately, I've
resolved the IP address/DNS resolution problem after dialin, but have run
into another little bug.

I am now receiving the following error whenever I try to open the Domain
Controller Security Policy admin tool.

"Failed to open the Group Policy Object. You may not have appropriate rights."

It also indicates, "An invalid dn syntax has been specified."

Do you have any ideas as to why this is occuring?

Thanks again,

Binarysupport.

1. The default gateway setting is correct. The default gateway is the
"received" IP address, which means non-local traffic is sent across the
point-to-point connection to the RRAS server. If you want to change this so
that you keep your current default gateway and only send 192.168.1. traffic
over the VPN link, you need to clear the "Use default gateway.." entry in
the VPN connection properties. For more detail see KB 254231 .

2. If you have left things at the default setting, the RRAS server will
lease a batch of IP addresses from DHCP and use those for the VPN. It gives
one to itself for the "internal" interface and one to each client as
required.

3. Your firewall could be blocking access to the 192.168.1.0 subnet.

Howdy Bill and thanks for the reply.

I am able to make the connection and clicking on the icon in the
system tray confirms this. However, after connecting I am unable to
ping anything on the network of the VPN server - not even the VPN
server itself (by name or ip address). Here is the IP address
assignment provided through DHCP:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\username>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PERDIDO02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (domainname).com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139 C+ Fast
Ethernet NIC

Physical Address. . . . . . . . . : 00-08-02-F3-BD-FE

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.197.103.122
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.197.103.122
DNS Servers . . . . . . . . . . . : 66.174.3.7
66.174.6.7
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter Blair's Bail Bonds VPN:

Connection-specific DNS Suffix . : blairsbailbonds.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.19
DNS Servers . . . . . . . . . . . : 192.168.1.3
205.152.132.23
205.152.37.23

One thing I must admit that I don't understand is why the default
gateway is the same as the host ip address of the vpn client.
Shouldn't this be set to the default gateway address of the router on
the network to which I am connecting via VPN? Now, as I've stated
before, if I physically connect to the network locally (the very same
one to which I'm trying to VPN) I'm able to ping everything, and use
all available services on the network. It is only when I VPN that I
can't ping or use any of the services on the network.

Also, when I check the leases on the DHCP server I don't see anything
for the VPN client when it is connected. How is it getting an IP
address and from where? Is it obtaining the address from RRAS or
from the DHCP service?

Again, thanks for you reply,

Binarysupport

VPN is just a point-to-point connection like RAS.When you are
connected, click the icon on the taskbar and look at the properties
of the connection.

You should be able to ping the server by this IP (it is just the
other end of the point-to-point). Whether you can ping anything
beyond that depends on how you set it up. If the client gets an IP
in the same subnet as the LAN machines, you should be able to ping
them by IP address. (The RRAS server acts a a proxy for the remote
client).

Whether you can ping by name depends on whether the remote
client has the correct DNS server address and is using the correct
DNS suffix.

binarysupport wrote:
Howdy All,

I'm having a problem with RRAS, VPN and TS. Basically the problem
is that I can connect remotely to the VPN server (incidentall the
VPN Server, DHCP Server, DNS Server, and TS are all one and the
same), but I cannot access anything on the remote network once I've
connected. The LAN to which I'm connecting is setup as follows:

DSL Router 192.168.1.1
FS1: 192.168.1.3
DHCP: 192.168.1.3
DNS: 192.168.1.3
VPN: 192.168.1.3
TS: 192.168.13

FS1/DHCP/DNS/VPN--->Switch--->Router--->INTERNET<---VPN Client
Workstation1--------------^
Workstation2--------------^

Now, I know what you will probably say first "That's too much on one
server!" And, yes you are right, but considering my financial
constraints I have no other choice - besides it should still work.
I just haven't setup one up in a while so I'm a little rusty and I'm
probably stepping all over the answer.

Locally I can ping everything on the network from a workstation.
Therefore, I guess that means DNS and DHCP is working fine. I can
even logon to the TS and run any application.

But, once I take out my laptop, dial up my ISP, connect to the VPN
server over the dial up connection, and then connect, I am not able
to ping FS1, the router, or anything else. I also cannot connect to
and run anything on the TS. What is the problem. Any and all help
will be greatly appreciate.

Thanks in advance.

 

[Bill Grant]

As I said originally, a VPN is just an IP connection. It is not the same
as a LAN connection. And it is not a domain login! If you want to log into
the domain,use the "login using a dialup connection" option in the login
dialog box.

Howdy Bill, and thanks once again for your response. Fortunately,
I've resolved the IP address/DNS resolution problem after dialin, but
have run into another little bug.

I am now receiving the following error whenever I try to open the
Domain Controller Security Policy admin tool.

"Failed to open the Group Policy Object. You may not have appropriate
rights."

It also indicates, "An invalid dn syntax has been specified."

Do you have any ideas as to why this is occuring?

Thanks again,

Binarysupport.

1. The default gateway setting is correct. The default gateway is the
"received" IP address, which means non-local traffic is sent across
the point-to-point connection to the RRAS server. If you want to
change this so that you keep your current default gateway and only
send 192.168.1. traffic over the VPN link, you need to clear the
"Use default gateway.." entry in the VPN connection properties. For
more detail see KB 254231 .

2. If you have left things at the default setting, the RRAS server
will lease a batch of IP addresses from DHCP and use those for the
VPN. It gives one to itself for the "internal" interface and one to
each client as required.

3. Your firewall could be blocking access to the 192.168.1.0 subnet.

Howdy Bill and thanks for the reply.

I am able to make the connection and clicking on the icon in the
system tray confirms this. However, after connecting I am unable to
ping anything on the network of the VPN server - not even the VPN
server itself (by name or ip address). Here is the IP address
assignment provided through DHCP:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\username>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PERDIDO02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : (domainname).com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139 C+ Fast
Ethernet NIC

Physical Address. . . . . . . . . : 00-08-02-F3-BD-FE

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.197.103.122
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.197.103.122
DNS Servers . . . . . . . . . . . : 66.174.3.7
66.174.6.7
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter Blair's Bail Bonds VPN:

Connection-specific DNS Suffix . : blairsbailbonds.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.19
DNS Servers . . . . . . . . . . . : 192.168.1.3
205.152.132.23
205.152.37.23

One thing I must admit that I don't understand is why the default
gateway is the same as the host ip address of the vpn client.
Shouldn't this be set to the default gateway address of the router
on the network to which I am connecting via VPN? Now, as I've
stated before, if I physically connect to the network locally (the
very same one to which I'm trying to VPN) I'm able to ping
everything, and use all available services on the network. It is
only when I VPN that I can't ping or use any of the services on the
network.

Also, when I check the leases on the DHCP server I don't see
anything for the VPN client when it is connected. How is it
getting an IP address and from where? Is it obtaining the address
from RRAS or from the DHCP service?

Again, thanks for you reply,

Binarysupport

:

VPN is just a point-to-point connection like RAS.When you are
connected, click the icon on the taskbar and look at the properties
of the connection.

You should be able to ping the server by this IP (it is just
the other end of the point-to-point). Whether you can ping anything
beyond that depends on how you set it up. If the client gets an IP
in the same subnet as the LAN machines, you should be able to ping
them by IP address. (The RRAS server acts a a proxy for the remote
client).

Whether you can ping by name depends on whether the remote
client has the correct DNS server address and is using the correct
DNS suffix.

binarysupport wrote:
Howdy All,

I'm having a problem with RRAS, VPN and TS. Basically the problem
is that I can connect remotely to the VPN server (incidentall the
VPN Server, DHCP Server, DNS Server, and TS are all one and the
same), but I cannot access anything on the remote network once
I've connected. The LAN to which I'm connecting is setup as
follows:

DSL Router 192.168.1.1
FS1: 192.168.1.3
DHCP: 192.168.1.3
DNS: 192.168.1.3
VPN: 192.168.1.3
TS: 192.168.13

FS1/DHCP/DNS/VPN--->Switch--->Router--->INTERNET<---VPN Client
Workstation1--------------^
Workstation2--------------^

Now, I know what you will probably say first "That's too much on
one server!" And, yes you are right, but considering my financial
constraints I have no other choice - besides it should still work.
I just haven't setup one up in a while so I'm a little rusty and
I'm probably stepping all over the answer.

Locally I can ping everything on the network from a workstation.
Therefore, I guess that means DNS and DHCP is working fine. I can
even logon to the TS and run any application.

But, once I take out my laptop, dial up my ISP, connect to the VPN
server over the dial up connection, and then connect, I am not
able to ping FS1, the router, or anything else. I also cannot
connect to and run anything on the TS. What is the problem. Any
and all help will be greatly appreciate.

Thanks in advance.