locked
RRAS / VPN issue - RRS feed

  • Question

  • I've been banging my head against a wall with this, and have searched high and low. I need to know if I am missing something or doings something wrong.

    I have the following:

    192.168.11.x - Core VLAN where servers sit. Router/modem for the network sits here as well at 192.168.11.2.

    RRAS server - 192.168.11.13

    AD/DHCP/DNS Server - 192.168.11.9

    192.168.15.x - Client VLAN - this is where my VPN clients would be, specifically
    192.168.15.199 - 192.168.15.224 is reserved for VPN users.

    Each VLAN's switch address is 192.168.15.254 and 192.168.11.254, respectively.

    I have RRAS installed on the above server. Configured to use IP addresses from the aforementioned address pool. DHCP Relay points to 192.168.11.9.

    Here's where I'm at:

    Locally, and outside of my network I can connect to the VPN. I get prompted for username, password & domain. It took me a while to get here (curse you, Internet guides not mentioning GRE is UDP!) I can authenticate. I get an IP address (192.168.15.199, and so on).

    When I do an ipconfig, it lists my IP address and the correct DNS Server (192.168.11.9), but does not list a DHCP server. I'm 100% positive that's because I told RRAS to pick from a specific address pool. Furthermore, it does not list a default gateway. Therefore, I cannot route to anything else on the network; and can only see and/or ping the RRAS server that is giving me the VPN in the first place.

    If I tell RRAS to use DHCP ... those DHCP packets don't actually get relayed to the DHCP server. I presume this is an issue with a switch somewhere that does the VLANs, or something else, I haven't done much troubleshooting here. In the DHCP Scope options, I have the router 003 option set for Default Routing & Remote Access Class.

    Am I doing something wrong? Do I need to add a routing protocol? (I've been wary of this, I was unsure if it would mess up routes and other things going on with our Sonicwall & or switches). I've tried adding several static routes several different ways and run into the same issue; despite restarting RRAS.

    I apologize if this is a little long; I like providing as much information as possible.

    I feel very stupid with this issue since it should be something relatively simple and or straight-forward, unless the fact I'm putting the clients on a different VLAN is just not possible.
    Thursday, July 19, 2012 5:23 PM

Answers

  • Hi ,

    Thanks for posting here.

    > When I do an ipconfig, it lists my IP address and the correct DNS Server (192.168.11.9), but does not list a DHCP server. I'm 100% positive that's because I told RRAS to pick from a specific address pool. Furthermore, it does not list a default gateway. Therefore, I cannot route to anything else on the network; and can only see and/or ping the RRAS server that is giving me the VPN in the first place.

    Actually VPN client will by default use the remote VPN server’s PPP interface as it’s default gateway (you can verify the routing table form client when the tunnel is established) and we need to adjust the routing entries on clients if want to allow VPN clients to access other internal subnets ,subnets are in different address spaces form where the VPN client obtained and of course the RRAS server should first have the proper routing entry to the gateway router that connects both subnets .

    The blog post below mentioned the details, please take look and try to adjust it and see if the traffic will be properly routed :

    Cannot reach beyond the RRAS server from VPN clients?

    http://blogs.technet.com/b/rrasblog/archive/2006/02/09/419100.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Friday, July 20, 2012 2:30 AM

All replies

  • When the issue seems to simple you have to go to the simpler questions.
    Does this happen to your client only?
    Thursday, July 19, 2012 5:55 PM
  • Clients on the LAN, or clients that successfully connect.
    Thursday, July 19, 2012 5:59 PM
  • Hi ,

    Thanks for posting here.

    > When I do an ipconfig, it lists my IP address and the correct DNS Server (192.168.11.9), but does not list a DHCP server. I'm 100% positive that's because I told RRAS to pick from a specific address pool. Furthermore, it does not list a default gateway. Therefore, I cannot route to anything else on the network; and can only see and/or ping the RRAS server that is giving me the VPN in the first place.

    Actually VPN client will by default use the remote VPN server’s PPP interface as it’s default gateway (you can verify the routing table form client when the tunnel is established) and we need to adjust the routing entries on clients if want to allow VPN clients to access other internal subnets ,subnets are in different address spaces form where the VPN client obtained and of course the RRAS server should first have the proper routing entry to the gateway router that connects both subnets .

    The blog post below mentioned the details, please take look and try to adjust it and see if the traffic will be properly routed :

    Cannot reach beyond the RRAS server from VPN clients?

    http://blogs.technet.com/b/rrasblog/archive/2006/02/09/419100.aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Friday, July 20, 2012 2:30 AM
  • Hi,

    Please feel free to let us know if the information was helpful to you.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Tuesday, July 24, 2012 2:15 AM