none
Configuring VPN access on Windows SBS 2011

    Allgemeine Diskussion

  • Hi folks,

    I require some assistance setting up VPN access on SBS 2011. I've competed the following:

    - Configured the server using the wizard.

    - Opened port 1723 on the router

    - From an external Windows 7 machine ran the VPN connection wizard. Connected and logged in with domain admin crdentials.

    From there I recieve the connected notification, but I'm unable to ping the SBS server.

    Any help much appreciated!

    J

    Sonntag, 10. Juni 2012 08:27

Alle Antworten

  • Is DHCP running on router or on SBS server? If DHCP has been configured for dynamic allocation (if on SBS server) can you try configuring it for static pool and then try connecting on VPN an let us know?
    Sonntag, 10. Juni 2012 11:08
  • Its not a good idea to have DHCP on anything other than SBS. I would assume that the external windows 7 machine is on a different subnet and therefore won't be able to ping the SBS server without setting up RRAS or NAT of some sort

    http://blog.ronnypot.nl/?p=693

    If you have already done all the above then there could be an issue with GRE 47 that some routers dont support which is required for a VPN connection

    http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/4812206b-792b-446f-9311-e92b15f013b5

    Hope this helps,

    Jason

    Sonntag, 10. Juni 2012 17:05
  • DHCP is running on the SBS server. Once the VPN connects it picks up an address, but I still can't ping anything. (Detials below)

    I'm not sure on how to configure GRE 47 on my router, it may not be possible. 

    Windows IP Configuration


    PPP adapter **********.local:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 192.168.2.24
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . : 0.0.0.0

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 10.1.1.7
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.1.1.1

    Tunnel adapter isatap.{F6C56267-070F-419B-ADAA-23FF6E57FE9E}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Tunnel adapter isatap.{C9BD6B06-6D49-4A71-8639-9045691875A0}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Montag, 11. Juni 2012 10:02
  • The gateway on the PPP adapter isnt correct, what is the router you have?
    Montag, 11. Juni 2012 10:12
  • Apologies it could be correct,what are the dns settings also

    ipconfig /all

    Montag, 11. Juni 2012 10:17
  • Windows IP Configuration

       Host Name . . . . . . . . . . . . : *****-PC
       Primary Dns Suffix  . . . . . . . : ******.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ******.local

    PPP adapter pendragon.local:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : *******.local
       Physical Address. . . . . . . . . :
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.2.24(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . : 0.0.0.0
       DNS Servers . . . . . . . . . . . : 192.168.2.2
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Con
    r
       Physical Address. . . . . . . . . : 00-1E-C9-59-E1-78
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.1.1.7(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.1.1.1
       DNS Servers . . . . . . . . . . . : 10.1.1.3
                                           10.1.1.4
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{F6C56267-070F-419B-ADAA-23FF6E57FE9E}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{C9BD6B06-6D49-4A71-8639-9045691875A0}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Montag, 11. Juni 2012 10:23
  • Did you change the DHCP allocation to static as Mohitkapoor advised? The router on the SBS network will have a setting to let VPN connections thru - this will enable the GRE 47

    Montag, 11. Juni 2012 11:26
  • Have you made any progress on this issue?

    Cheers

    Jason

    Dienstag, 12. Juni 2012 06:30
  • Sorry I've been tied up, will try the above suggestions tonight and report back!

    Dienstag, 12. Juni 2012 07:01
  • Ah no probs, I think first and foremost you should confirm that your router at the SBS site supports GRE 47 and if it does enable it. Let us know how you get on.

    Cheers

    Jason

    Dienstag, 12. Juni 2012 07:29
  • Static DHCP pool configured.

    Unable to find the GRE 47 passthrough. Not sure if the router supports it and unable to find any documentation. Belkin F7D2401 v1

    Any ideas?

    Cheers,

    Dienstag, 12. Juni 2012 07:44
  • I looked at the manual, the router should work as it supports vpn, pptp passthrough etc but wasnt very helpful in how to enable the feature. Look for PPTP passthrough, VPN passthrough settings or something similar to enable the feature in the configuration web page.

    Are you pinging the sbs server IP and client IP's or are you pinging computer names, have you tried pinging external. Does that work?

    Dienstag, 12. Juni 2012 09:27
  • Once connected to the VPN I'm unable to ping the server, router, or a external website by IP. 

    I've placed the server outside the firewall using DMZ.

    Updated to latest firmware.

    Still can't find anything relating to VPN/PPTP passthrough.

    Dienstag, 12. Juni 2012 10:05
  • Can you confirm that the user account you are logging on with has vpn access

    SBS Console - Users and Groups - Users - USERNAME - Edit user account properties -Remote Access

    Checkbox "User can access virtual private network"


    • Bearbeitet Skinnez Dienstag, 12. Juni 2012 12:06 correction
    Dienstag, 12. Juni 2012 12:01
  • Confirmed. The account also authenticates
    Dienstag, 12. Juni 2012 12:08
  • Have you tried disabling client and SBS server machine firewalls to identify firewall issues.

    On your Client machine what is ?

    DNS Servers . . . . . . . . . . . : 192.168.2.2


    • Bearbeitet Skinnez Dienstag, 12. Juni 2012 12:12
    Dienstag, 12. Juni 2012 12:12
  • Firewall on SBS server disabled.

    Client DNS set to 192.168.2.2

    Still not able to ping ther server etc...

    Dienstag, 12. Juni 2012 12:21
  • Also the Client firewall

    I meant what does the IP point at - for example router/modem??

    Have a look at the attached, refers to belkin router although not your exact model but might help

    http://www.dslreports.com/forum/r14341511-how-to-assign-the-protocol-47-gre-to-the-port

    http://forums.speedguide.net/showthread.php?199820-VPN-and-Router-problems

    If you could try a different router or explore the router firewall i bit more that would eliminate that.

    Dienstag, 12. Juni 2012 12:28
  • Have you tried to remote desktop the SBS server or any of the other clients on the SBS network??
    Dienstag, 12. Juni 2012 13:00
  • Yes, internally working fine. I'll check over the previous sugguestion and report back. Cheers for the help!
    Dienstag, 12. Juni 2012 13:05
  • Client firewall disbaled.

    192.168.2.2 points to the SBS Server

    I can't find anything relating to VPN on the router, may have to try replacing

    Mittwoch, 13. Juni 2012 07:10
  • Have you tried to ping the computer name of the server and not the ip?
    Mittwoch, 13. Juni 2012 08:55
  • Hi guys, 

    Yes Skinnez tried that thanks.

    Decided to invest in new router, hopefully that will resolve the VPN issue. Can anyone recommend a model?

    Capable of VPN, also wireless connectivity.

    Dienstag, 29. Januar 2013 08:31