locked
DHCP Issues with VPN Connections on Server 2012 R2

    Question

  • (Trying R2 Setup forum, since I'm using R2 now instead of vanilla 2012)  I reinstalled Windows Server 2012 R2 today and I am struggling with VPN access using DHCP.  If I define a static block of addresses, it works - however this is NOT a correct configuration.  How can I configure Server 2012 to allow connecting clients to get addresses from the network router's DHCP service?

    Setup process:

    1. Install Windows Server 2012
    2. Install Remote Access role with "Direct Access and VPN (RAS)" feature only
    3. Run "Getting Started" wizard and deploy VPN only
    4. "Configure and Enable Routing and Remote Access"
      Custom Configuration
        VPN Access checked
    5. Configure NPS

    After this, I can only connect with a static IP block defined.  I am testing with the local computer, a LAN computer and a remote computer; using PPTP and L2TP/IPSec.  Connections work fine only with a static block.

    I was randomly able to connect and get DHCP addresses from my router once earlier today, and I thought I had it set up correctly finally.  I rebooted the server to make sure it was durable, and I could no longer connect without a static block.

    The router is a standard consumer 192.168.1.x gigabit router.  It has options for all manners of VPN passthrough; however when I am attempting a connection to 127.0.0.1, it behaves the same way as a connection that goes through the router (won't connect with a DHCP IP address, will connect with a static block IP address).

    While a connection is being attempted, there is a brief period of time, about 3 seconds, where if I refresh the "Remote Access Clients" list in RRAS I see the user that is attempting to connect.  There is no network address listed, but the user is there until the DHCP request fails and the connection is terminated.

    RAS Event log message:

    RoutingDomainID- {00000000-0000-0000-0000-000000000000}: CoId={NA}: The user {unimportant} connected to port VPN0-127 has been disconnected because no network protocols were successfully negotiated.

    Sunday, September 15, 2013 1:51 AM

All replies

  • Hi,

    Have you configured DHCP relay agent correctly?

    Since clients and server are in different broadcast domains, DHCP relay agent is necessary for clients to get IP addresses.

    You can refer to the following articles:

    Configure the Way RRAS Assigns IP Addresses to VPN Clients

    http://technet.microsoft.com/en-us/library/dd469667.aspx

    Configure the IPv4 DHCP Relay Agent

    http://technet.microsoft.com/en-us/library/dd469685.aspx

    Tuesday, September 17, 2013 11:47 AM
    Moderator
  • Hi Daniel, 

    I've consulted those articles repeatedly and ensured I'm configured as they say.  Additionally, the DHCP host and vpn server are in the same network.  (the DHCP host addresses the vpn server)  For now I've bagged this issue; I'll use a static block and deal with the unfortunate ramifications.  

    Tuesday, September 17, 2013 4:21 PM