Static routes for VPN clients not working in Windows Server 2008 R2 RRAS

vpn rras static-routes

8,010

I was eventually able to resolve this problem by creating an answer-only demand dial interface in RRAS for each router, thereby creating a site-to-site VPN link from each router to the server and creating the hub-and-spoke VPN topography that I wanted. I could then assign a static route for each LAN through the appropriate interface and hey presto, it all works nicely.

8,010

Ben Abbott

Updated on September 18, 2022

Comments

Ben Abbott over 1 year

I am configuring a simple hub-and-spoke VPN using Windows Server 2008 R2 and RRAS. It is going very well and I now have a router configured to establish a VPN connection to the server. However, I have having problems configuring the static route so that the server can see the LAN behind the router.

When the router establishes the VPN connection, it is assigned an IP address of 10.0.0.5 (the VPN IP address of the internal interface created by RRAS is 10.0.0.1). The LAN behind the router is 192.168.10.0/24, so for testing, I created a route using the following command:

route add 192.168.10.0 mask 255.255.255.0 10.0.0.5

This works perfectly. I can ping a computer on the remote LAN; for example:

C:\Users\Administrator>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:
Reply from 192.168.10.2: bytes=32 time=506ms TTL=127
Reply from 192.168.10.2: bytes=32 time=536ms TTL=127
Reply from 192.168.10.2: bytes=32 time=508ms TTL=127
Reply from 192.168.10.2: bytes=32 time=506ms TTL=127

Here is the routing table at this point:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     109.228.20.1   109.228.20.174      6
         10.0.0.1  255.255.255.255         On-link          10.0.0.1    279
         10.0.0.4  255.255.255.255         10.0.0.4         10.0.0.1     24
         10.0.0.5  255.255.255.255         10.0.0.5         10.0.0.1     24
     109.228.20.0    255.255.252.0         On-link    109.228.20.174    261
   109.228.20.174  255.255.255.255         On-link    109.228.20.174    261
   109.228.23.255  255.255.255.255         On-link    109.228.20.174    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.10.0    255.255.255.0         10.0.0.5         10.0.0.1     24
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    109.228.20.174    261
        224.0.0.0        240.0.0.0         On-link          10.0.0.1    279
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    109.228.20.174    261
  255.255.255.255  255.255.255.255         On-link          10.0.0.1    279
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     109.228.20.1       1
===========================================================================

Now, the problem comes when I try to make this a static route. First of all, I specify the static route using the dial-in properties for the user:

Assigning the static route to the dial-in user

After the client has established its connection, the routing tables looks thus:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     109.228.20.1   109.228.20.174      6
         10.0.0.1  255.255.255.255         On-link          10.0.0.1    279
         10.0.0.4  255.255.255.255         10.0.0.4         10.0.0.1     24
         10.0.0.5  255.255.255.255         10.0.0.5         10.0.0.1     24
     109.228.20.0    255.255.252.0         On-link    109.228.20.174    261
   109.228.20.174  255.255.255.255         On-link    109.228.20.174    261
   109.228.23.255  255.255.255.255         On-link    109.228.20.174    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.10.0    255.255.255.0         10.0.0.5         10.0.0.1     23
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    109.228.20.174    261
        224.0.0.0        240.0.0.0         On-link          10.0.0.1    279
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    109.228.20.174    261
  255.255.255.255  255.255.255.255         On-link          10.0.0.1    279
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     109.228.20.1       1
===========================================================================

Note: It appears that the metric I have specified has been ignored, as the table shows a metric of 23.

Now, when I try to ping, I get a general failure:

C:\Users\Administrator>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

As a relative newbie, I simply don't understand why this route is not working. It looks spot on and the only difference (although I guess it could be the key factor) is the difference in the metric (i.e. it is 24 when assigned by hand using route add, but 23 when it is a static route).

I would appreciate any help!

Thanks,

Ben