none
Enable Incoming VPN Connections and access the client subnet RRS feed

  • Question

  • Configuring a Windows Os to act as a server and accept incoming vpn connections, there is an option to allow clients to access server local area network: see image below


    Can someone please tell me if even the server will be able to access other pc on the same client subnet ?

    Thanks.



    • Edited by GLSis2 Monday, June 17, 2019 5:07 PM
    Sunday, June 16, 2019 8:52 PM

All replies

  • Hi,

    If you check the option, the VPN clients can access local resources.

    Of course, the server can access other PCs on the same subnet.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, June 17, 2019 2:34 AM
    Moderator
  • Hi,

    so, both the client and the server will also be able to access the other PCs in the remote subnets

    Any idea if the vpn server on Windows can accept connections from routers that support ipsec tunnels with settings like shown in this page ?





    • Edited by GLSis2 Monday, June 17, 2019 4:33 PM
    Monday, June 17, 2019 4:31 PM
  • Hi,

    Do you mean that connecting the incoming VPN over a IPsec tunnel?

    I think it is OK. 

    For your reference:

    https://www.howtogeek.com/135996/how-to-create-a-vpn-server-on-your-windows-computer-without-installing-any-software/ 

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.  

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, June 18, 2019 6:46 AM
    Moderator
  • Hello GLSis2,

    There has possibly been some misunderstanding in this thread about which "subnets" are being referred to.

    One can draw a distinction between a "point-to-site" VPN and a "site-to-site" VPN.

    In your initial post, the image shown is related to configuring the server (site) side of a "point-to-site" VPN. In this set-up, systems in the "site" (where the VPN server sits) cannot access other systems on the client side - the VPN connection is only available to the single (point) client.

    The page that you referenced shows a "site-to-site" configuration - one should be able to configure something compatible with that configuration by creating new "Connection Security Rules" in the "Windows Defender Firewall with Advanced Security" MMC snap-in.

    Gary

    Tuesday, June 18, 2019 9:09 AM
  • In this set-up, systems in the "site" (where the VPN server sits) cannot access other systems on the client side - the VPN connection is only available to the single (point) client.

    Hello Gary.

    Yes, only the vpn client and the vpn server can access other pc on remote subnets. Other pc on the same subnet are unaware of the vpn and the relative routing information.

    Tuesday, June 18, 2019 10:05 AM