How to set up routing for RRAS VPN connections

windows windows-server-2008 networking routing
24,920

Here's what I did to get it to work.

  1. Configured Remote Access Logging and Policies (Right-click > Launch NPS)
  2. Added a policy to allow my remote access users to access the network (this alone did not remedy the situation and may not have been the issue but I did it anyway)
  3. Under Routing and Remote Access Properties > IPv4 tab, switched to Static address pool
  4. Set up an address space that was unused by the NAT/DHCP server for the RRAS DHCP pool (192.168.1.201-250)
  5. Selected Enable broadcast name resolution and used NIC2 (the LAN subnet) as the Adapter for DHCP/DNS/WINS

Everything resolved after that! Thank you everyone for your help and for the other ServerFault articles that pointed me in the right direction.

Share:
24,920
Bron Davies
Author by

Bron Davies

Updated on September 18, 2022

Comments

  • Bron Davies
    Bron Davies almost 2 years

    I have a NAT/firewall running DHCP for the LAN configured to forward the VPN ports directly to the Windows 2008R2 server behind the firewall on NIC1. The LAN switch is also connected to the firewall for internet access.

    RRAS/VPN is setup on the Windows server which is also the DC and local DNS server at this point. NIC2 on the server connects to the LAN switch and connectivity to the internet and LAN works fine for the local subnet (192.168.1.0).

    VPN clients can connect but then they cannot connect to any office network or internet addresses nor can they resolve DNS unless the "use default gateway on remote network" option is turned off, then the internet is available to them.

    This looks like a routing table issue but I don't know how to set that up properly. Any ideas?

    IPCONFIG /ALL

    Windows IP Configuration

   Host Name . . . . . . . . . . . . : LDMSERV2
   Primary Dns Suffix  . . . . . . . : LDM.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : LDM.local

PPP adapter RAS (Dial In) Interface:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : RAS (Dial In) Interface
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VPN HOST:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II
   Physical Address. . . . . . . . . : 78-2B-CB-33-A7-99
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.8
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II
   Physical Address. . . . . . . . . : 78-2B-CB-33-A7-98
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.1.8
                                       127.0.0.1
   Primary WINS Server . . . . . . . : 192.168.1.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
    • Coding Gorilla
      Coding Gorilla almost 13 years
      I think you're confusing some terms here, what is the intranet (192.18.1.0)? That sounds like your local subnet, not an intranet (which typically refers to an outside network or 'network between networks').
    • Bron Davies
      Bron Davies almost 13 years
      Yes, I've rephrased this question to be more specific
    • Coding Gorilla
      Coding Gorilla almost 13 years
      So, you have NIC1 on the server connected directly to the firewall (via an internal switch or a DMZ port?), and then also connected to your LAN [switch] as well? So presumably you have two IP addresses, one for each NIC. Could you post the configuration of those two NICs (ie. IP/subnet mask/default gateway)?
    • Bron Davies
      Bron Davies almost 13 years
      see the edited post for my NIC configuration from ipconfig /all
    • Bron Davies
      Bron Davies almost 13 years
      @joequerty - Is that the option under Routing and Remote Access > Properties > Enable this computer as a: IPv4 Router ? This is selected and LAN routing only is selected.
    • joeqwerty
      joeqwerty almost 13 years
      @stinkbutt (stinkbutt... really?) - yes, that's what I was referring to.
    • Bron Davies
      Bron Davies almost 13 years
      didn't help. :/

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows Server 2008 Ignores Persistent Route With Lower Metric
How to get network adapter index?
Unable to ping my own IP address in a multiple homed network
How can I find the source of Windows 7 Domain Users sending bad password attempts to 2008r2 server?
How to configure Windows to use an IPv6 connection?
Why does this ROUTE ADD command fail?
Will multiple network cards increase bandwidth?
How to make Windows send specific traffic to specific ethernet ports?
How does Windows Recover from "ROUTE /F"?
hosts file for ip address