locked
vpn server RRS feed

  • Question

  • when a client is connected to the network via vpn they do not have access to the internet. we want to allow our users to be able to have internet access through the vpn. we want them to not only have access to our network resources but also to be able to go on the internet. what do i have to do in RRAS to make this happen. we are running our vpn server on Windows Server 2012 Standard. please help me
    Thursday, December 20, 2012 6:44 PM

Answers

All replies

  • Where do you want the clients to hop onto the internet? Locally or through the VPN tunnel?
    Thursday, December 20, 2012 9:46 PM
  • when the clients are connected to the vpn. we want them to be able to go on the internet. so i guess that means through the vpn tunnel. 
    Friday, December 21, 2012 1:11 PM
  • Hi,

    Thank you for the post.

    If you want let remote clients access internet from your RRAS server, please refer to the link below:

    How to deploy RRAS based VPN server that gives dedicated IP to remote users/machines and allow them to access Internet using a dedicated public IP address

    http://blogs.technet.com/b/rrasblog/archive/2009/07/30/rras-as-vpn-server-providing-dedicated-ip-assigned-to-remote-vpn-clients.aspx

    Regards,


    Nick Gu - MSFT

    • Marked as answer by 朱鸿文 Friday, January 4, 2013 5:57 AM
    Friday, December 21, 2012 3:05 PM
  • now i can get to some websites but now i can not access some of the internal resources please help

    at this moment it is a trade-off i can access either network resources OR have access to the internet. how do i fix this?????

    i did what you have in the link Nick but that blocked internet access

    • Edited by bgreen-ims Friday, December 21, 2012 4:33 PM
    Friday, December 21, 2012 4:13 PM
  • we need both not one or the other
    Friday, December 21, 2012 4:34 PM
  • also the remote computers have dynamic IP addresses not static
    Friday, December 21, 2012 5:55 PM
  • Hello,

    In the VPN TCP/IP properties, under advanced, uncheck 'use remote gateway as default..' and manually set the DNS on the VPN adapter to use the DNS servers from the LAN you are VPN'ing to.


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog

    Friday, December 21, 2012 5:57 PM
  • now i have a new problem while a client is connected it does not say the name of the domain so now network resources are unavailable. somehow all my static routes are gone and i do not remember them so now i have a major problem. i can connect to the vpn but network resources are not accessible but the internet is. please help me set my static routes.

    we have the 192.168.1.0 network, 192.168.10.0 network, and the 172.16.28.0 network. the ip addresses given out to vpn clients are in the 172.16.32.0 network. 

    please help me set my static routes to allow for internet and network resource accessibility. 

    Friday, December 21, 2012 7:32 PM
  • Hi,

    Thank you for the post.

    According to the description, this issue is related to Split tunneling. When you create vpn connection, The "Use Default Gateway on the Remote Network" option is enabled by default. Then the VPN client connects to the VPN server, a new default route is created on the VPN client and VPN client now uses the VPN interface to route packets to remote (non-local) networks after the new default route is added. When you remove this option, you should add a static route at each client.

    Split Tunneling for Concurrent Access to the Internet and an Intranet

    http://technet.microsoft.com/library/bb878117

    Regards,


    Nick Gu - MSFT

    • Proposed as answer by Nick Gu - MSFT Thursday, December 27, 2012 1:41 AM
    Monday, December 24, 2012 3:17 AM
  • is there any way to get them to be able to go on the internet without doing anything to the client machines. i mean like a route on the server instead because we do not have access to all the clients who VPN in they are traveling and we cant get access to them. i need to know if it is possible to do it using only the VPN server.
    Monday, December 24, 2012 1:54 PM
  • Hi,

    Thank you for the update.

    By default, “Use Default Gateway on the Remote Network” option is selected when you create VPN connection, so if there is route or firewall(TMG) on the server, just enable remote VPN on TMG server and then create policy to allow VPN users access the internet. If you deploy VPN on RRAS server, refer to the following links:

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/64c226cf-0b94-4374-a457-fbf5a15b6734

    http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/8db49948-1962-408b-9996-4a9584b3500d

    Regards,


    Nick Gu - MSFT

    • Proposed as answer by Nick Gu - MSFT Thursday, December 27, 2012 1:41 AM
    • Marked as answer by bgreen-ims Thursday, December 27, 2012 1:26 PM
    Tuesday, December 25, 2012 3:47 AM