1

I have the following config:

enter image description here

"Laptop" VPNs in to "Server". Then, "Laptop" can fully access "Server". The problem: "Laptop" can't connect to "Desktop" (neither TCP/IP, nor ICMP (ping)).

On "Laptop", "Use Default gateway for remote network" is un-checked, to maintain internet connectivity during VPN session. On "Server", RRAS is configured as a router and according routing tables, everything should work.

On "Laptop", routes list 192.168.1.0/255.255.255.0 gateway 192.168.1.5. On "Server", routes list 192.168.1.0/255.255.255.0 gateway 192.168.1.3 (X). Am I not correct in thinking that when a packet comes from 192.168.1.5 for 192.168.1.4, "Server" should route it according to (X)?

Thank you!

UPDATE: Turned DHCP off at the router, and turned it on on the "Server" - everything works (and doesn't work) just like it did before.

Improve this question
6
  • Have you tried it with all firewalls off ? Which versions of XP on Laptop & Desktop ? Why do you use RRAS when the router can do everything for you ?
    – harrymc
    Commented Oct 13, 2011 at 18:38
  • All firewalls are off. Both laptop and desktop - XP SP3. The router is a very simple one; it doesn't have VPN features that I need.
    – Mr. TA
    Commented Oct 13, 2011 at 19:29
  • I meant whether the XP versions are Home or better. Also, does the router have port forwarding ? Does everything work without VPN ? Some info about how you created the VPN would also be useful.
    – harrymc
    Commented Oct 14, 2011 at 5:45
  • @harrymc: It's Windows XP Pro on both machines. The router does have port forwarding; I currently have ports 80 (HTTP), 1723 (VPN) and 3690 (SVN) routed to "Server". Everything other than the VPN problem above does work fine (the port forwarding, DNS, DHCP, etc.). I set up VPN by configuring RRAS, closely following steps from this article: techrepublic.com/article/… Only difference being that "Server" only has 1 NIC.
    – Mr. TA
    Commented Oct 14, 2011 at 10:53
  • When the VPN is attached can you ping "Desktop" by IP address? Can you contact/ping the Router at 192.168.1.1?
    – Ƭᴇcʜιᴇ007
    Commented Oct 17, 2011 at 5:29

2 Answers 2

Reset to default
3
+50

I do not have the setup to test anything, and there are too many settings that can cause this problem. It is probably caused by missing IP routes, or incorrect handling of the two sets of IP addresses (inside and outside of the VPN).

I have grouped below some links that discuss the same problem that you are experiencing, in the hope that one of them will apply to your setup :

Fix the four biggest problems with VPN connections
Section "Inability to reach locations beyond the VPN server".

Cannot reach beyond the RRAS server from VPN clients

VPN clients are unable to access resources beyond the VPN server

Configuring VPN Clients to Support Network Browsing

This series of articles contains lots of useful information : Remote Access Design Guidelines.

Improve this answer
2

Thanks harrymc for the links.

The problem was caused due to using the LAN subnet for the VPN. That led to the client and server getting the same VPN IP address - 192.168.1.5 - which apparently somehow confused RRAS.

I changed RRAS to create it's own static pool (instead of relaying DHCP) of different IPs (10.0.0.x). When connected, server got VPN IP of 10.0.0.1 and client 10.0.0.2. On the client, added a route for LAN IPs (192.168.1.XXX) to go through 10.0.0.2 - voila.

Improve this answer
2
  • You should do something about your bounty. It is awarded automatically to the designated answer, but as you cannot award points to yourself it will just get lost.
    – harrymc
    Commented Oct 18, 2011 at 14:34
  • @harrymc I awarded it to you, since I figured the problem out after reading one of the articles that you linked to.
    – Mr. TA
    Commented Oct 19, 2011 at 15:21

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .