|
|
Hello,
I work in a small office (11 people) where many of us do several different
jobs.
I myself generally do most of the IT type stuff as well os my "real" job.
Because of that we often need to do things when we aren't in the office, so
a couple years ago I installed a NetGear VPN router (FVS338). I had a devil
of a time getting the VPN Client software to give me a usable connection. I
eventually got it to work, though it likely isn't an optimal solution.
The salespersons can VPN in from their laptops and use CRM which connects to
an internal server, other can VPN in and get tot he SQL Server, and I can VPN
from home and manage the servers. At least until I added a Windows Server
2008 machine. For some reason it doesn't respond to anything coming through
the VPN.
I can ping and RDP to the Win2008 Server from my work desktop, but can't do
either from a laptop connected to the LAN using VPN. I thought it was
probably a firewall thing and temporarily shutdown windows firewall to test
that, but it still didn't respond to ping or other connections.
The internal LAN uses 192.168.2.x subnet, but each VPN client has their own
subnet that I started assigning sequentially from 192.168.5.x to
192.168.14.x. As I said above, this is probably not optimal, and it is a bit
of a pain to setup each machine's VPN Client, but I just couldn't get it to
work any other way.
I hope there is a simple solution involving a configuration change on the
Win2008 box, but if not, I am more than willing to consider other more
sophisticated solutions inculding setting up a "real" VPN server if it would
allow XP and Vista laptops to use the built in VPN ability to connect to the
LAN and get an actual internal IP address.
Thanks,
Scott
|
|
Not enough information. The server's Windows firewall may be
suppressing the VPN clients - tried to disable that? Can you connect
from the server to VPN clients? What does tracert show and how that's
different from connections to W2K3 servers?
--
Svyatoslav Pidgorny, MCSE, RHCE
-= F1 is the key =-
Scott S. wrote:
[Quoted Text] > Hello,
>
> I work in a small office (11 people) where many of us do several different
> jobs.
> I myself generally do most of the IT type stuff as well os my "real" job.
>
> Because of that we often need to do things when we aren't in the office, so
> a couple years ago I installed a NetGear VPN router (FVS338). I had a devil
> of a time getting the VPN Client software to give me a usable connection. I
> eventually got it to work, though it likely isn't an optimal solution.
>
> The salespersons can VPN in from their laptops and use CRM which connects to
> an internal server, other can VPN in and get tot he SQL Server, and I can VPN
> from home and manage the servers. At least until I added a Windows Server
> 2008 machine. For some reason it doesn't respond to anything coming through
> the VPN.
>
> I can ping and RDP to the Win2008 Server from my work desktop, but can't do
> either from a laptop connected to the LAN using VPN. I thought it was
> probably a firewall thing and temporarily shutdown windows firewall to test
> that, but it still didn't respond to ping or other connections.
>
> The internal LAN uses 192.168.2.x subnet, but each VPN client has their own
> subnet that I started assigning sequentially from 192.168.5.x to
> 192.168.14.x. As I said above, this is probably not optimal, and it is a bit
> of a pain to setup each machine's VPN Client, but I just couldn't get it to
> work any other way.
>
> I hope there is a simple solution involving a configuration change on the
> Win2008 box, but if not, I am more than willing to consider other more
> sophisticated solutions inculding setting up a "real" VPN server if it would
> allow XP and Vista laptops to use the built in VPN ability to connect to the
> LAN and get an actual internal IP address.
>
> Thanks,
> Scott
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
|
|
On Nov 5, 9:46 pm, Scott S. <Sco...[ at ]community.nospam> wrote:
[Quoted Text] > Hello,
>
> I work in a small office (11 people) where many of us do several different
> jobs.
> I myself generally do most of the IT type stuff as well os my "real" job.
>
> Because of that we often need to do things when we aren't in the office, so
> a couple years ago I installed a NetGear VPN router (FVS338). I had a devil
> of a time getting the VPN Client software to give me a usable connection. I
> eventually got it to work, though it likely isn't an optimal solution.
>
> The salespersons can VPN in from their laptops and use CRM which connects to
> an internal server, other can VPN in and get tot he SQL Server, and I can VPN
> from home and manage the servers. At least until I added a Windows Server
> 2008 machine. For some reason it doesn't respond to anything coming through
> the VPN.
>
> I can ping and RDP to the Win2008 Server from my work desktop, but can't do
> either from a laptop connected to the LAN using VPN. I thought it was
> probably a firewall thing and temporarily shutdown windows firewall to test
> that, but it still didn't respond to ping or other connections.
>
> The internal LAN uses 192.168.2.x subnet, but each VPN client has their own
> subnet that I started assigning sequentially from 192.168.5.x to
> 192.168.14.x. As I said above, this is probably not optimal, and it is a bit
> of a pain to setup each machine's VPN Client, but I just couldn't get it to
> work any other way.
>
> I hope there is a simple solution involving a configuration change on the
> Win2008 box, but if not, I am more than willing to consider other more
> sophisticated solutions inculding setting up a "real" VPN server if it would
> allow XP and Vista laptops to use the built in VPN ability to connect to the
> LAN and get an actual internal IP address.
>
> Thanks,
> Scott
Windows server 2008/xp/vista has support for teredo using which u can
access ur office directly over internet.. U can use remote assistance
in vista/2008 or third party http://www.lanoninternet.com to access a
pc resource over internet..AS RDP is already encrypted u can safely
use it over internet...
|
|
Thanks for the guidance. Sorry I took so long to get back to you ... my
father-in-law passed away so I've been out of the office a bit.
As I stated in my post, I did try it with the Firewall turned off.
I have since tried pinging and using tracert in both directions from the
laptop, Win2k3 Server and the Win2k8 Server.
From the laptop there was no difference, except for the failure to contact
the 2k8 server.
The 2k8 server's tracert appeared to be attempting to sending directly to
the Internet. Looking closer I realize that machine has 2 NICs, 1 with is
directly connected to the Internet. So I added a route:
route add 192.168.0.0 MASK 255.255.0.0 192.168.2.1
After that I could then get pings and tracert to work in both directions
between the Win2k8 Server and the laptop, but RDP still fails.
I tried again with the firewall off, but it still fails. I can connect to
every other Windows server on the LAN using Remote Desktop, just not the new
Windows 2008 Server. Yet I can ping the machine. And when I do try to
connect, the failure is immediate, unlike before when it would try for a
while before timing out.
So at this point I don't know if the firewall is an issue, but something
else certainly is. Could it be the RDP server itself denying connections
based on subnet?
Thanks,
ScottS
"S. Pidgorny" wrote:
[Quoted Text] > Not enough information. The server's Windows firewall may be > suppressing the VPN clients - tried to disable that? Can you connect > from the server to VPN clients? What does tracert show and how that's > different from connections to W2K3 servers? > > -- > Svyatoslav Pidgorny, MCSE, RHCE > -= F1 is the key =- > > Scott S. wrote: > > Hello, > > > > I work in a small office (11 people) where many of us do several different > > jobs. > > I myself generally do most of the IT type stuff as well os my "real" job. > > > > Because of that we often need to do things when we aren't in the office, so > > a couple years ago I installed a NetGear VPN router (FVS338). I had a devil > > of a time getting the VPN Client software to give me a usable connection. I > > eventually got it to work, though it likely isn't an optimal solution. > > > > The salespersons can VPN in from their laptops and use CRM which connects to > > an internal server, other can VPN in and get tot he SQL Server, and I can VPN > > from home and manage the servers. At least until I added a Windows Server > > 2008 machine. For some reason it doesn't respond to anything coming through > > the VPN. > > > > I can ping and RDP to the Win2008 Server from my work desktop, but can't do > > either from a laptop connected to the LAN using VPN. I thought it was > > probably a firewall thing and temporarily shutdown windows firewall to test > > that, but it still didn't respond to ping or other connections. > > > > The internal LAN uses 192.168.2.x subnet, but each VPN client has their own > > subnet that I started assigning sequentially from 192.168.5.x to > > 192.168.14.x. As I said above, this is probably not optimal, and it is a bit > > of a pain to setup each machine's VPN Client, but I just couldn't get it to > > work any other way. > > > > I hope there is a simple solution involving a configuration change on the > > Win2008 box, but if not, I am more than willing to consider other more > > sophisticated solutions inculding setting up a "real" VPN server if it would > > allow XP and Vista laptops to use the built in VPN ability to connect to the > > LAN and get an actual internal IP address. > > > > Thanks, > > Scott > > > * http://sl.mvps.org * http://msmvps.com/blogs/sp * > |
|
I read up on Teredo, but since we don't use IPv6 it doesn't appear to be a
solution.
Also, since many different machines need to be connected to, and few have a
public IP, it isn't possible to make RDP directly accessible from the
Internet to each.
Remote assistance required someone in the office to initate, and the whole
point is I need access when I'm not in the office, and that is typically when
the office is closed (evenings, nights, and weekends).
"mosesvas" wrote:
[Quoted Text] > On Nov 5, 9:46 pm, Scott S. <Sco...[ at ]community.nospam> wrote: > > Hello, > > > > I work in a small office (11 people) where many of us do several different > > jobs. > > I myself generally do most of the IT type stuff as well os my "real" job. > > > > Because of that we often need to do things when we aren't in the office, so > > a couple years ago I installed a NetGear VPN router (FVS338). I had a devil > > of a time getting the VPN Client software to give me a usable connection. I > > eventually got it to work, though it likely isn't an optimal solution. > > > > The salespersons can VPN in from their laptops and use CRM which connects to > > an internal server, other can VPN in and get tot he SQL Server, and I can VPN > > from home and manage the servers. At least until I added a Windows Server > > 2008 machine. For some reason it doesn't respond to anything coming through > > the VPN. > > > > I can ping and RDP to the Win2008 Server from my work desktop, but can't do > > either from a laptop connected to the LAN using VPN. I thought it was > > probably a firewall thing and temporarily shutdown windows firewall to test > > that, but it still didn't respond to ping or other connections. > > > > The internal LAN uses 192.168.2.x subnet, but each VPN client has their own > > subnet that I started assigning sequentially from 192.168.5.x to > > 192.168.14.x. As I said above, this is probably not optimal, and it is a bit > > of a pain to setup each machine's VPN Client, but I just couldn't get it to > > work any other way. > > > > I hope there is a simple solution involving a configuration change on the > > Win2008 box, but if not, I am more than willing to consider other more > > sophisticated solutions inculding setting up a "real" VPN server if it would > > allow XP and Vista laptops to use the built in VPN ability to connect to the > > LAN and get an actual internal IP address. > > > > Thanks, > > Scott > > Windows server 2008/xp/vista has support for teredo using which u can > access ur office directly over internet.. U can use remote assistance > in vista/2008 or third party http://www.lanoninternet.com to access a > pc resource over internet..AS RDP is already encrypted u can safely > use it over internet... > |
|
Hi Scott,
Any joy? I have almost the same issue...
Our existing VPN server (win2k3) has been working fine for years for
our remote access needs. I have recently added a win2k8 box, with
firewall enabled and correct ports open, but cannot rdc / ping / see the
machine over VPN.
When networked in the office, all of the above work aok. I have also
disabled the firewall on the win2k8 box, just in case, but still no
access over VPN.
Even if I VPN using network admin credentials, remote desktop to the
domain controller / VPN server, I still cannot see the win2k8 server.
When plugged into the office, everything works fine.
I'm thinking maybe win2k8 security policy is in place, but will have to
wait 'till tomorrow to take a look.
Anyone else have any ideas?
nb: this is all using the same IP range. In the office 192.168.35.1 to
100, VPN is 192.168.35.101 to 150, same subnet.
--
bilf
------------------------------------------------------------------------
bilf's Profile: http://forums.techarena.in/members/bilf.htm
View this thread: http://forums.techarena.in/server-security/1066607.htm
http://forums.techarena.in
|
|
You are describing exactly my problem and I have not been able to solve it
for RDP.
I haven't tried anything else in some time, but I thought ping worked when
the firewall was off and I was able to get ping to work by changing the
firewall settings, but I won't bet on it.
I had hoped being in the same subset would fix it, but since you have the
same subset and it still doesn't work, then no joy there.
I also assume it is the security policy since shuting down the firewall
doesn't help. But I have no idea how to see that, let alone change it.
I haven't gone on a vacation since I set the machine up, so there hasn't
been a case when I couldn't just come into the office if needed. But if I
don't solve this soon, I'm going to try RDPing into the DC, then RDP from
that to the Win2k8 machine ... it seems a pain, but it sounds possible as a
work around.
Scott
"bilf" wrote:
[Quoted Text] > > Hi Scott, > > Any joy? I have almost the same issue... > > Our existing VPN server (win2k3) has been working fine for years for > our remote access needs. I have recently added a win2k8 box, with > firewall enabled and correct ports open, but cannot rdc / ping / see the > machine over VPN. > > When networked in the office, all of the above work aok. I have also > disabled the firewall on the win2k8 box, just in case, but still no > access over VPN. > > Even if I VPN using network admin credentials, remote desktop to the > domain controller / VPN server, I still cannot see the win2k8 server. > When plugged into the office, everything works fine. > > I'm thinking maybe win2k8 security policy is in place, but will have to > wait 'till tomorrow to take a look. > > Anyone else have any ideas? > > nb: this is all using the same IP range. In the office 192.168.35.1 to > 100, VPN is 192.168.35.101 to 150, same subnet. > > > -- > bilf > ------------------------------------------------------------------------ > bilf's Profile: http://forums.techarena.in/members/bilf.htm> View this thread: http://forums.techarena.in/server-security/1066607.htm> > http://forums.techarena.in> > |
|
hi Scott,
I've managed to get rdc over vpn working, and hope this helps (but
unsure if it will, it looks like something went screwy dduring the
initial setup)
At the office I performed a tracert from the domain controller, and saw
it was resolving the win2k8 to 192.168.xx.28.
Ipconfig on the win2k8 gave 192.168.xx.2 (assigned by DHCP).
So I removed the win2k8 server from active directory (on the domain
controller), set a static IP on the win2k8 server, rebooted (it said I
had to), logged in as local admin, re-joined the domain. I then
flushed the dns on my machine.
And I can now rdc over vpn. Yay!
I hope that this helps, I can understand the frustration of waiting a
day between attempts. Please let me know if this helps.
--
bilf
------------------------------------------------------------------------
bilf's Profile: http://forums.techarena.in/members/bilf.htm
View this thread: http://forums.techarena.in/server-security/1066607.htm
http://forums.techarena.in
|
|
|