VPN connection established, but nothing else works

[Christoph Wienands]

Hi everybody,

here is my problem: I have a Win 2000 Server behind a firewall and I try to
establish a VPN to that Server so I can access my files there and run TS. I
enabled "Routing and Remote Access" on the server, allowed the administrator
to dial-in and forwarded port 47 and 1723 on the server-side router. I can
establish the VPN tunnel w/o problems. However, I do not know, where to go
from there.

Ipconfig shows me an IP address from the server-side LAN for the VPN adapter
that probably was given through DHCP e.g. 192.168.100.100). However, the
subnet mask shows 255.255.255.255. So now I have no idea how to connect to
192.168.100.2, my server. I tried to ping and find it through "Search
computer" but nothing would work.

I hope someone has an idea about that.

Thanks, Christoph

PS: If someone has seen this posting before on ms.public.isa.vpn, my
apologies for cross posting, but nobody could help me there.


ipconfig output on client:
--------------------------

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A)-based PCI
Fast Et
hernet Adapter
Physical Address. . . . . . . . . : 00-40-F4-28-20-72
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.201

PPP adapter VPN Xenon:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.100
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 68.39.224.5
68.39.224.6

route print output:
-------------------

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.10 2
68.39.192.203 255.255.255.255 192.168.1.254 192.168.1.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
192.168.100.100 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.100 192.168.100.100 1
224.0.0.0 224.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 224.0.0.0 192.168.100.100 192.168.100.100 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Default Gateway: 192.168.1.254

 

[Bill Grant]

A VPN connection just gives you a point-to-point connection. It does
not automatically give you name resolution. To resolve names on the network
to which you connect, make sure that its DNS server address and its DNS
domain suffix are specified in the client's connection properties. The 32bit
subnet mask has no real significance. See MS KB 254231 for more details.

On the client, click on the connection icon and select details. This
will show you the "virtual" IP of both client and server. From the client,
you should be able to ping the server by this IP address. You should also be
able to establish a TS or remote admin session to this IP. If your DNS
settings are correct, you should also be able to do this by name.

 

[jbettini]

Christoph,
It amazes me how many articles discuss creating the VPN
connection, but very few ever discuss where you go from
there. I had the same problem as you, but finally had a
friend put vpn's in perspective for me. In his words, the
VPN connection is nothing more then a VERY long Ethernet
cable plugged into your local network from your PC.

Once you've connected to the network through the vpn, you
have to connect to the network resorces. (Servers,
workstations, printers) I've found through trial and error
that the best way to connect to these resources is to use
\\x.x.x.x\sharename

Example: I created a mapped drive on my laptop to access
the shared Users folder on my file server. I found that I
had to use the IP address of the server and not its
computername. So in my situation I mapped an H: drive to
\\192.168.1.10\users$

Of course you can also do all of this with net use scripts
as well. However I'm trying to better automate this so
that upon starting the vpn connection my mapping is
established automatically. That's a whole differnt
posting, but so far I'm manually running a net start
script after having established my vpn connection.

Hope this helps.
Joe

 

[Christoph Wienands]

Hello Bill, hello Joe,

thanks for your replies so far.

From Bill:
A VPN connection just gives you a point-to-point connection. It does
not automatically give you name resolution. To resolve names on the network
to which you connect, make sure that its DNS server address and its DNS
domain suffix are specified in the client's connection properties. The 32bit
subnet mask has no real significance. See MS KB 254231 for more details.

I didn't try to go by name resolution. I rather tried simple IP-based ping
and network tests. The details for the VPN tunnel show that my client as
well as the server have IP 192.168.100.100. How am I supposed to connect to
the server? Did I set up something incorrectly? On the server side, the
server has a static IP, 192.168.100.2.

There are two 192.168.100.x entries in the client's routing table. One is
..100, the other one is .255:
192.168.100.100 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.100 192.168.100.100 1
The .255 is the broadcast address, I think, so it's pretty much meaningless.

This doesn't make sense to me. First, the server and client have the same IP
address (connection details), then all connection attempts to the remote
subnet other than .100.100 are routed through the default gateway of my
computer.

I took a look at MS articles Q259171 and Q259171 but I really didn't tell me
anything that I could apply in my case :-(

Oh yeah, and here's some more weird behaviour. After connecting the VPN
tunnels, my other network connections relying on DNS would stop to work (at
least that's what I could find out so far).

Any further ideas greatly appreciated,

Christoph

 

[Christoph Wienands]

To the second problem (other network connections stop working after VPN is
connected):
I think I found the cause. The default gateway changed to 192.168.100.100,
the VPN's gateway, instead of staying at my client's subnet 192.168.1.254.

I'll keep you posted...

Christoph

 

[Christoph Wienands]

OK, last posting for now. I got one step further (problem that other
connections would stop). I disabled "Use default gateway on remote network"
under the Advanced Section of TCP/IP settings of the VPN connection.

Now my routing table looks like this after being connected:

Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.105

68.39.192.203 255.255.255.255 192.168.1.254 192.168.1.105

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1

192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105

192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1

192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105

192.168.100.100 255.255.255.255 127.0.0.1 127.0.0.1

192.168.100.255 255.255.255.255 192.168.100.100 192.168.100.100

224.0.0.0 224.0.0.0 192.168.1.105 192.168.1.105

224.0.0.0 224.0.0.0 192.168.100.100 192.168.100.100

255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105

Default Gateway: 192.168.1.254

As you can see, my default gateway stayed the same, which means that I can
resume working with other network connections. Furthermore, the line with
the >>> contains a the correct subnet mask for the remote network, so all
connections to 192.168.100.x are routed through gateway 192.168.100.100.
Does that make sense?

However, the connection details for my VPN tunnel still show 192.168.100.100
for BOTH my client and the remote server. I tried as well to ping
192.168.100.1, router address inside the remote LAN, and 192.168.100.2, the
remote LAN server's address, but no response.

Anymore ideas?

Thanks, Christoph