none
Can Only Access PCs on VPN by IP Address

    שאלה

  • Hello,

    I've configured a Windows Server 2008 R2 server to work as a VPN so that I might access my home network whilst I'm away from home. I've forwareded all the proper ports, and setup everything correctly. When I use my Windows 7 laptop to connecto to the VPN, I can access all the computers on my home network remotely, but only via their Internal IP addresses; nor am I able to use the Homegroup...

    So I looked up what was wrong and it turns out I needed a DNS server. So, I installed Windows Server 2008 R2 on a separate physical server, and configured it. However, it's still not resovling the Internal IP addresses. Am I supposed to configure the VPN server (with RRAS) to work in concert with the DNS server or something? If so, how exactly do I do that?

    Thanks


    Computer

    יום ראשון 10 יוני 2012 20:23

תשובות

  •   No, You do not need to change anything in RRAS. You do need to make sure that your VPN client is actually using the correct DNS server.

      The VPN client will usually inherit the DNS server that the RRAS server is configured to use. If that is not the one you want to use, manually configure the DNS address in the properties of the VPN client.


    Bill

    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום ראשון 10 יוני 2012 23:29
  • Hi roxxas2,

    Thanks for posting here.

    Please take look the chapter "Name resolution" in the blog post below:

    Remote Access Design Guidelines – Part 4: IP Routing and DNS

    http://blogs.technet.com/b/rrasblog/archive/2009/03/17/remote-access-design-guidelines-part-4-ip-routing-and-dns.aspx

    So it is depend on the DNS addresses that we assigned to the internal facing interface on RRAS host.

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support


    • נערך על-ידי Tiger Li יום שלישי 12 יוני 2012 08:36
    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום שלישי 12 יוני 2012 08:36
  • In addition to the suggestions provided, what names are you using trying to access internal resources? NetBIOS names, such as "computerName" or FQDN such as "computername.internaldomain.local?"

    If NetBIOS, and I noticed you want to use the "HOMEGROUP," then that kind of hints towards NetBIOS name support, which is what the homegroup feature uses, similar to Network Neighborhood. I would suggest to use WINS to support this:

    WINS - What Is It, How To Install It, WINS Replication Partner Design Guidelines, How to Configure DHCP Scopes For WINS Client Distribution, and more:
    Published by acefekay on Oct 27, 2010 at 6:18 PM
    http://msmvps.com/blogs/acefekay/archive/2010/10/27/wins-what-is-it-how-to-install-it-and-how-to-configure-dhcp-scopes-for-wins-client-distribution.aspx

    .

    As far as using DNS and/or WINS with VPN clients, in your DHCP Scope in Windows DHCP, you must specify Option 006 as only the internal DNS server, and configure a DHCP Relay Agent, or make sure the VPN server itself is confgured in its own NIC the WINS server and ONLY configured the DNS server you installed and NOT the router or ISP's DNS address in the NIC.

    YOu'll want all machines to use WINS, otherwise not all machines will be registered into the WINS database, resulting in inconsistent results.

    More info on the relay agent and other VPN notes that you may find helpful:

    ================================
    ================================
    RRAS (VPN) DHCP Options

    By default, DHCP Options are NOT passed to a RRAS client (dialup or VPN). Instead, this information is taken directly from the RAS server's NIC settings, and may not be the DNS or WINS server addresses you want to give the VPN clients. If a RAS server has WINS or DNS entries, these entries are passed to the client. 

    If you want to test this theory, you can put a fake WINS address in the server's NIC's WINS settings, reboot the server, then connect a client, and see if it gets the fake WINS address from the server.

    However, if you configure the RRAS server as a DHCP Relay agent, it will pass the DHCP options to the client.

    Understanding DHCP IP Address Assignment for RAS Clients
    http://support.microsoft.com/kb/160699/EN-US

    IP Address Assignment
    http://technet.microsoft.com/en-us/library/dd469712(WS.10).aspx

    Thread Discussion: DNS DHCP option 006 not being applied to VPN clients via RRAS
    This is a good discusion with specifics about how an IP config is passed to a RRAS client and DHCP relay agents
    http://www.petri.co.il/forums/showthread.php?t=35748

    Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing Options
    http://www.isaserver.org/img/upl/vpnkitbeta2/dhcprelay.htm

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום שלישי 12 יוני 2012 14:06

כל התגובות

  •   No, You do not need to change anything in RRAS. You do need to make sure that your VPN client is actually using the correct DNS server.

      The VPN client will usually inherit the DNS server that the RRAS server is configured to use. If that is not the one you want to use, manually configure the DNS address in the properties of the VPN client.


    Bill

    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום ראשון 10 יוני 2012 23:29
  • Okay, but quick question, how do I configure my RRAS server to use my DNS server?

    Computer

    יום שני 11 יוני 2012 00:02
  • Hi roxxas2,

    Thanks for posting here.

    Please take look the chapter "Name resolution" in the blog post below:

    Remote Access Design Guidelines – Part 4: IP Routing and DNS

    http://blogs.technet.com/b/rrasblog/archive/2009/03/17/remote-access-design-guidelines-part-4-ip-routing-and-dns.aspx

    So it is depend on the DNS addresses that we assigned to the internal facing interface on RRAS host.

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support


    • נערך על-ידי Tiger Li יום שלישי 12 יוני 2012 08:36
    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום שלישי 12 יוני 2012 08:36
  • In addition to the suggestions provided, what names are you using trying to access internal resources? NetBIOS names, such as "computerName" or FQDN such as "computername.internaldomain.local?"

    If NetBIOS, and I noticed you want to use the "HOMEGROUP," then that kind of hints towards NetBIOS name support, which is what the homegroup feature uses, similar to Network Neighborhood. I would suggest to use WINS to support this:

    WINS - What Is It, How To Install It, WINS Replication Partner Design Guidelines, How to Configure DHCP Scopes For WINS Client Distribution, and more:
    Published by acefekay on Oct 27, 2010 at 6:18 PM
    http://msmvps.com/blogs/acefekay/archive/2010/10/27/wins-what-is-it-how-to-install-it-and-how-to-configure-dhcp-scopes-for-wins-client-distribution.aspx

    .

    As far as using DNS and/or WINS with VPN clients, in your DHCP Scope in Windows DHCP, you must specify Option 006 as only the internal DNS server, and configure a DHCP Relay Agent, or make sure the VPN server itself is confgured in its own NIC the WINS server and ONLY configured the DNS server you installed and NOT the router or ISP's DNS address in the NIC.

    YOu'll want all machines to use WINS, otherwise not all machines will be registered into the WINS database, resulting in inconsistent results.

    More info on the relay agent and other VPN notes that you may find helpful:

    ================================
    ================================
    RRAS (VPN) DHCP Options

    By default, DHCP Options are NOT passed to a RRAS client (dialup or VPN). Instead, this information is taken directly from the RAS server's NIC settings, and may not be the DNS or WINS server addresses you want to give the VPN clients. If a RAS server has WINS or DNS entries, these entries are passed to the client. 

    If you want to test this theory, you can put a fake WINS address in the server's NIC's WINS settings, reboot the server, then connect a client, and see if it gets the fake WINS address from the server.

    However, if you configure the RRAS server as a DHCP Relay agent, it will pass the DHCP options to the client.

    Understanding DHCP IP Address Assignment for RAS Clients
    http://support.microsoft.com/kb/160699/EN-US

    IP Address Assignment
    http://technet.microsoft.com/en-us/library/dd469712(WS.10).aspx

    Thread Discussion: DNS DHCP option 006 not being applied to VPN clients via RRAS
    This is a good discusion with specifics about how an IP config is passed to a RRAS client and DHCP relay agents
    http://www.petri.co.il/forums/showthread.php?t=35748

    Configuring the DHCP Relay Agent to Support VPN Client TCP/IP Addressing Options
    http://www.isaserver.org/img/upl/vpnkitbeta2/dhcprelay.htm

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • סומן כתשובה על-ידי Tiger Li יום חמישי 14 יוני 2012 01:32
    יום שלישי 12 יוני 2012 14:06