Static routes for VPN clients not working in Windows Server 2008 R2 RRAS
I was eventually able to resolve this problem by creating an answer-only demand dial interface in RRAS for each router, thereby creating a site-to-site VPN link from each router to the server and creating the hub-and-spoke VPN topography that I wanted. I could then assign a static route for each LAN through the appropriate interface and hey presto, it all works nicely.
Related videos on Youtube
Ben Abbott
Updated on September 18, 2022Comments
-
Ben Abbott over 1 year
I am configuring a simple hub-and-spoke VPN using Windows Server 2008 R2 and RRAS. It is going very well and I now have a router configured to establish a VPN connection to the server. However, I have having problems configuring the static route so that the server can see the LAN behind the router.
When the router establishes the VPN connection, it is assigned an IP address of 10.0.0.5 (the VPN IP address of the internal interface created by RRAS is 10.0.0.1). The LAN behind the router is 192.168.10.0/24, so for testing, I created a route using the following command:
route add 192.168.10.0 mask 255.255.255.0 10.0.0.5
This works perfectly. I can ping a computer on the remote LAN; for example:
C:\Users\Administrator>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: Reply from 192.168.10.2: bytes=32 time=506ms TTL=127 Reply from 192.168.10.2: bytes=32 time=536ms TTL=127 Reply from 192.168.10.2: bytes=32 time=508ms TTL=127 Reply from 192.168.10.2: bytes=32 time=506ms TTL=127
Here is the routing table at this point:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 109.228.20.1 109.228.20.174 6 10.0.0.1 255.255.255.255 On-link 10.0.0.1 279 10.0.0.4 255.255.255.255 10.0.0.4 10.0.0.1 24 10.0.0.5 255.255.255.255 10.0.0.5 10.0.0.1 24 109.228.20.0 255.255.252.0 On-link 109.228.20.174 261 109.228.20.174 255.255.255.255 On-link 109.228.20.174 261 109.228.23.255 255.255.255.255 On-link 109.228.20.174 261 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.10.0 255.255.255.0 10.0.0.5 10.0.0.1 24 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 109.228.20.174 261 224.0.0.0 240.0.0.0 On-link 10.0.0.1 279 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 109.228.20.174 261 255.255.255.255 255.255.255.255 On-link 10.0.0.1 279 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 109.228.20.1 1 ===========================================================================
Now, the problem comes when I try to make this a static route. First of all, I specify the static route using the dial-in properties for the user:
After the client has established its connection, the routing tables looks thus:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 109.228.20.1 109.228.20.174 6 10.0.0.1 255.255.255.255 On-link 10.0.0.1 279 10.0.0.4 255.255.255.255 10.0.0.4 10.0.0.1 24 10.0.0.5 255.255.255.255 10.0.0.5 10.0.0.1 24 109.228.20.0 255.255.252.0 On-link 109.228.20.174 261 109.228.20.174 255.255.255.255 On-link 109.228.20.174 261 109.228.23.255 255.255.255.255 On-link 109.228.20.174 261 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.10.0 255.255.255.0 10.0.0.5 10.0.0.1 23 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 109.228.20.174 261 224.0.0.0 240.0.0.0 On-link 10.0.0.1 279 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 109.228.20.174 261 255.255.255.255 255.255.255.255 On-link 10.0.0.1 279 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 109.228.20.1 1 ===========================================================================
Note: It appears that the metric I have specified has been ignored, as the table shows a metric of 23.
Now, when I try to ping, I get a general failure:
C:\Users\Administrator>ping 192.168.10.2 Pinging 192.168.10.2 with 32 bytes of data: General failure. General failure. General failure. General failure.
As a relative newbie, I simply don't understand why this route is not working. It looks spot on and the only difference (although I guess it could be the key factor) is the difference in the metric (i.e. it is 24 when assigned by hand using route add, but 23 when it is a static route).
I would appreciate any help!
Thanks,
Ben