1

(question initially asked on Server Fault, but marked to post here).

Before anything, I should confess that I am a true Network-Rooky. As a hobby project I have set up a few things across my house:

  • A switch connecting all computers and server
  • Windows Server (connected to the switch and the wan (separate NIC), running RAS to function as the gateway to the internet, DHCP and DNS (to catch one or two domains, for easy server access, the rest is forwarded to 8.8.8.8 and 8.8.4.4)).
  • A linksys router with dd-wrt for mobile access to the LAN (connected LAN to Switch, DHCP disabled, Local IP, Gateway and DNS pointing to server).

I made sure all IPv6 settings are disabled on all devices/protocols, by a tip of a colleague.

Now, the strange thing is, that when I connect a laptop to this access point, everything (seems) to work fine and as expected. But my phones (android) seem to have some trouble. Delayed webpages, sometimes not loading at all, chat programs not receiving messages sometimes.

I have tried a DNS Lookup tool on my phone, as I suspect the DNS being the problem. And indeed, when webpages stop loading the dns lookup wanders off to.. Unknown places. While an ip will give me the webpage.

I know this is probably a quite vague description, but then again it's a strange problem. I was hoping any of you had some pointers on where to start and debug this (I just don't know how to pinpoint the problem making googling it pretty difficult)?

If any more information is required please let me know, thanks in advance!

EDIT

After more investigation, it seems like Android ignores the DNS all together (even when configured statically). When I run a NSLookup tool, I get nothing. When NSLookup to specifically my server/google/etc, I get a result right away.

I have tried to set-up the access point as router, with it's own subnet, server connected to the WAN. And then there is no problem anymore, but connecting it like this would be completely pointless...

EDIT2

As requested an overview of IP address as they where at the moment of the issue:

  • Windows Server (2012 R2):
    • LAN (bridged) 10.0.0.1 (255.0.0.0)
    • WAN 192.168.1.10 (255.255.255.0) Gateway: 192.168.1.1
  • Clients (via DHCP): 10.0.1.x (255.0.0.0) Gateway 10.0.0.1, DNS 10.0.0.1
  • AccessPoint: 10.0.0.15 (255.255.255.0)

DHCP:

  • Enable DNS Dynamic updates: yes (always)
  • Discard A and PTR records when lease is deleted: yes
  • Lease time: 1 day
  • Forwarders: 8.8.8.8, 8.8.4.4
  • Scope options:
    • Router: 10.0.0.1
    • DNS Servers: 10.0.0.1, 8.8.8.8
    • Name Servers: 10.0.0.1
Improve this question
9
  • See this answer for allocating static IP addresses for the Android phones.
    – harrymc
    Commented May 2, 2019 at 18:36
  • @harrymc Thanks for the pointer, but I have already tried that :)
    – Xyv
    Commented May 2, 2019 at 20:46
  • Do you know how often this happens (every 5 mins? hourly? daily?)? How long does it last when it happens? Does it "come good" on its own or do you need to reconnect? Does it always work immediately after connecting? Does configuring the DHCP server to send a secondary DNS address help?
    – Bob
    Commented May 3, 2019 at 6:32
  • I'd also consider taking a look at MTUs and possible fragmentation. Or maybe EDNS issues? Also, what happens if you configure DHCP to only send public DNS servers?
    – Bob
    Commented May 3, 2019 at 6:49
  • @bob When the problem occurs it seems like it stays there, reconnecting won't help. Unless you connect to a different network first... I'm sorry I'm so vague.. but I cannot grasp the situation either XD Only using public DNS doesn't work either.
    – Xyv
    Commented May 3, 2019 at 9:10

2 Answers 2

Reset to default
1

What I have tried in the meantime, is to redesign my network a bit. Instead of having the Windows Server running RRAS, I chose to have a separate router. Then have the DHCP point to that as gateway but still force the clients to use the local DNS.

This seems to be working on all devices, but I am still flabbergasted about why the situation with RRAS wouldn't be working.

Improve this answer
4
  • So, just to be clear, you're still hosting DHCP and DNS on Windows? You don't have a separate DHCP server running on the router? The only thing you changed is the gateway address that DHCP hands out?
    – Bob
    Commented May 3, 2019 at 9:19
  • @Bob Correct, I just have a gateway separated from the server. But the Server is still the only DHCP and DNS in the network.
    – Xyv
    Commented May 3, 2019 at 9:23
  • @Xyz Can you tell us the IP addresses of each device and all the DHCP configs (screenshots would work there)? Please edit them into the question. Also, the Windows Server version might help.
    – Bob
    Commented May 3, 2019 at 9:27
  • @Bob: I already advised using static IP, which didn't help.
    – harrymc
    Commented May 4, 2019 at 9:47
-2

According to all accounts, although your setup is possible, it requires a lot of fiddling. This might be an authorization problem, where the connection settings in Android do not match those of the server, but might also be a feature of RRAS that is unsupported by the phone.

A hint might be found in the following Microsoft Support article Cannot establish an L2TP VPN connection between an Android device and a TMG server:

This issue occurs because the Android device restarts Compression Control Protocol (CCP) negotiation after the Point-to-Point Protocol (PPP) connection is established. This behavior triggers the RRAS server to treat the Android device as a Network Access Protection (NAP) capable device and to try to authenticate the device. The TMG server then denies the request to authenticate the device, and the issue that is described in this Microsoft Knowledge Base (KB) article occurs.

Although this article does not address directly your problem, and the offered hotfix is most likely not relevant to your version of Windows, it does point to the problem perhaps being that of the wrong identification of the Android device by RRAS, leading perhaps to a protocol problem.

The above might indicate that RRAS may misidentify your phone as another kind of device and could use a protocol that your phone does not understand, so things may get stuck.

Not using RRAS, this is all the information I can offer. You have a solution that works, which is to avoid using RRAS. But as you intend to continue analyzing the problem, I hope that the above hint will prove useful. You might try to trace the messages that pass between the phone and RRAS in order to pinpoint when exactly they get stuck.

Improve this answer
8
  • This answer is a bit orthogonal to the question. RRAS provides both VPN and NAT gateway functionality; Xyv seems to only be using the NAT gateway part. Your answer is only relevant to the VPN part, which is presumably not enabled here.
    – Bob
    Commented May 3, 2019 at 6:21
  • @Bob: The RRAS could mistake the phone as described in the quote in my answer, and launch a protocol that the phone cannot answer. Some of the solutions I listed may pertain to the VPN part, but not having access to an RRAS I cannot tell for sure which ones.
    – harrymc
    Commented May 3, 2019 at 7:50
  • There should be no PPP involved at all if it's simply using it as a gateway. So "after the [PPP] connection is established" from your quote is not applicable here. As the support article describes, it's only applicable if you've configured RRAS for L2TP. I don't have a screenshot on hand but I can tell you from experience that the RRAS wizard separates VPN and NAT - and, while you can configure both, unless the OP has configured VPN none of this would apply. Even if it were configured for VPN, unless Android is instructed to connect to it via L2TP, there will be no PPP connection at all.
    – Bob
    Commented May 3, 2019 at 7:58
  • From RRAS on 2016, Security tab says "The Authentication provider validates credentials for remote access clients and demand-dial routers.". But this is what a NAT-only config looks like - notice "router" is enabled but "remote access" is not enabled at all. And a "remote access client" must use a application protocol (layer ~5, incl. L2TP), not just any network device configured to use it as a gateway (layer 3)
    – Bob
    Commented May 3, 2019 at 8:02
  • So what's the actual solution to OP's problem? You literally just handed OP a link that you admit has nothing to do with his version of windows, and various speculative solutions with no reasons to why they would work.
    – Journeyman Geek
    Commented May 3, 2019 at 8:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .