How to allow simple file sharing on Windows Server 2008R2 through VPN
Your issues may revolve around DNS. I'll assume your using Routing and Remote Access for PPTP VPN. Once you connect the VPN I'll assume your client VPN IP is on the same subnet as the Windows Server. If those are true then the next step to proper file share access is DNS.
Can you ping the server by name from the client?
Can you ping the server from hostname, and hostname.dnsdomain?
Also, when you can't connect to the share, can you try via IP i.e. \\192.168.x.x (whatever server IP is)?
A proper DNS setup will ping to all three of those names/address above, assuming you allow ping through the server firewall. http://www.fishbrains.com/2009/03/12/ping-windows-2008-with-firewall-on/
Are the computers on the same domain and what is their OS? XP and older are known for slow file share access over the Internet. SMB 2 in Vista and newer fix that issue.
You might update your question with more details on how they VPN in, what software/services and network layout. I've used Network Policy and Access services for a decade and find them reliable for all business sizes, so it's likely a config or implementation issue.
Related videos on Youtube
09 : 43
08 : 42
06 : 56
08 : 05
02 : 14
Martin Wiboe
Updated on September 18, 2022Comments
-
Martin Wiboe over 1 year
We are a small, distributed company with a Windows Server 2008R2 installation. I would like to set up a way for our employees to connect securely to this server via VPN and then be able to map a network drive.
I have gotten this to work somewhat by installing the
Network Policy and Access ServicesRole on the server and using the default settings. I have also created a network share on the server.
The problem is that our connectivity is sporadic (sometimes the service stops listening on the port or simply refuses to authorize correct credentials) and slow.
I can always connect through VPN, but mapping is problematic.I would be grateful for the answer on how to accomplish this as well as some guidance on whether I am on the right track.
Thanks in advance! -
Martin Wiboe over 12 yearsThe clients are Windows 7. They are not members of the domain. The errors are that the server cannot be reached or that the credentials are not accepted. I thought maybe there could be a problem in that the clients are not using the remote gateway as a default for VPN (so their Internet access goes outside the VPN tunnel) - maybe the client is trying to access the file share outside the VPN?
-
Martin Wiboe over 12 yearsYour assumptions are correct. I can ping the server, both by IP and hostname. I cannot map the file share via IP - still not responding. The computers are not on the same domain, all are Win7. I had the VPN set up to not use the remote gateway as the default, so that regular Internet traffic can go outside the VPN (because I'd just like to use that for a simple file share) but maybe the issue is that the client is trying to connect to file share outside the VPN tunnel?
-
Ryan Ferretti over 12 yearsThey shouldn't be, but it is possible. That would account for server cannot be reached errors but not credentials not being accepted. Starting with the machines that can't connect to the server, can they ping the server? What shows up when the run a tracert to the server?
-
Bret Fisher over 12 yearsIt would only try outside the VPN running if the server FQDN is also publicly available. Are you putting credentials in like domain\username?
-
Martin Wiboe over 12 yearsThe FQDN is publicly available . There is basically one server, which serves web pages, and I would like to extend it so we can share a network drive on it. Can this be accomplished?
-
Martin Wiboe over 12 yearsThe traffic seemed to be unproblematic, and after tinkering with it it now seems to work, as long as NetBIOS over TCP/IP is enabled in VPN connection settings. It is still very slow though (and I can RDP to the server and have basically no lag at all)
-
Bret Fisher over 12 yearsSMB is generally not recommended for use over "raw Internet" without a VPN. Your post title says "through VPN", so now you are saying you are not using VPN? If you want general file syncing between computers that are not connected by vpn then I would recommend dropbox.com, box.net or my fav sugarsync.com.
-
Martin Wiboe over 12 yearsSorry, I am not making myself clear :) There is indeed VPN, and I would like the file access to go through VPN. However, the server also serves web pages - so if you try to access myserver.com, you'll be served web pages. When you're connected through VPN, it should also be possible to access \\myserver.com\FileShare.
-
Bret Fisher over 12 yearsOK, when VPN is connected and you ping the server, do you get the public or private IP back? If you get the public that may be an issue as your client may be going "outside" the VPN to get to that public IP and be denied based on firewall rules. You want the client to use a hostname to access file share that resolves to private IP of server.
