none
PPTP VPN 2012 server can't ping VPN clients (routing?)

    Question

  • I have followed online tutorials to set up a PPTP VPN allowing remote clients to access the file shares on the server. The server is hosting both the VPN and the file shares.

    I used the static IP pool as there is no DHCP set up. it hands out IPs to clients successfully on connection and the clients are able to see the server and access the file share. The server is at 10.10.42.100 (VPN address) and hands out IPs from 10.10.42.101-105. Clients are also given a netmask of 255.255.255.255.

    However, there is a piece of software that wants to access the SQLserver on the server as well. This is failing. In thee process of troubleshooting this, I have discovered that while the clients can see the server and ping it (and get file shares), the server cannot ping the clients or see shares on them.

    I have checked the windows firewall on all machines and incoming ICMP (ping) packets are permitted in private, domain, and public realms. There is no active domain for the environment in any case. The server is a VPS.

    The VPN manager seems to add routes that should lead back to the clients, but it doesn't seem to work. I am attaching (slightly obfuscated) routing tables below:

    Client Routing table

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.118     20
             10.0.0.0        255.0.0.0     10.10.42.100     10.10.42.103     11
         10.10.42.103  255.255.255.255         On-link      10.10.42.103    266
         64.34.111.14  255.255.255.255      192.168.1.1    192.168.1.118     21
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          169.254.0.0      255.255.0.0         On-link    169.254.155.61    261
       169.254.155.61  255.255.255.255         On-link    169.254.155.61    261
      169.254.255.255  255.255.255.255         On-link    169.254.155.61    261
          192.168.1.0    255.255.255.0         On-link     192.168.1.118    276
        192.168.1.118  255.255.255.255         On-link     192.168.1.118    276
        192.168.1.255  255.255.255.255         On-link     192.168.1.118    276
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link    169.254.155.61    261
            224.0.0.0        240.0.0.0         On-link     192.168.1.118    276
            224.0.0.0        240.0.0.0         On-link      10.10.42.103    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link    169.254.155.61   9999
      255.255.255.255  255.255.255.255         On-link     192.168.1.118    276
      255.255.255.255  255.255.255.255         On-link      10.10.42.103    266
    ===========================================================================
    Persistent Routes:
      None

    Server routing table
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      64.xx.yyy.1     64.xx.yyy.14    266
           10.10.42.0    255.255.255.0     10.10.42.100     64.xx.yyy.14    266
         10.10.42.100  255.255.255.255         On-link      10.10.42.100    279
         10.10.42.101  255.255.255.255     10.10.42.101     10.10.42.100     24
         10.10.42.103  255.255.255.255     10.10.42.103     10.10.42.100     24
          64.xx.yyy.0    255.255.255.0         On-link      64.xx.yyy.14    266
         64.xx.yyy.14  255.255.255.255         On-link      64.xx.yyy.14    266
         64.xx.yyy.15  255.255.255.255         On-link      64.xx.yyy.14    266
        64.xx.yyy.255  255.255.255.255         On-link      64.xx.yyy.14    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      64.xx.yyy.14    266
            224.0.0.0        240.0.0.0         On-link      10.10.42.100    279
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      64.xx.yyy.14    266
      255.255.255.255  255.255.255.255         On-link      10.10.42.100    279
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0      64.xx.yyy.1  Default
    ===========================================================================

    I would appreciate any assistance in figuring out where to look to resolve this issue. I need the server to be able to ping the clients.




    • Edited by Keith Nunn Monday, February 13, 2017 8:37 PM really fixed table I hope
    Monday, February 13, 2017 8:16 PM

All replies

  • I found this thread and got hopeful. https://social.technet.microsoft.com/Forums/office/en-US/f42e45d2-d009-46cd-9b2f-4f9632e9ec6a/windows-2012-r2-pptp-vpn-allows-connection-but-cant-rdppingetc?forum=winserver8gen

    However, as this poster, I have tried a pile of things. I had not noticed the 'Routing' Role. I added it like this poster, but unfortunately, that didn't solve it either.

    Monday, February 13, 2017 8:27 PM
  • Hi Keith,

    Which IP address did you use to ping client? Is it in static address pool or is it original address?

    >>the server cannot ping the clients or see shares on them.

    Have you checked if clients could ping each other?

    Please check if there are error events exist on server.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 15, 2017 5:26 AM
  • Thanks for your response John.

    I used the static address pool. In this case, I was pinging the server at 10.10.42.100 and the clients at 10.10.42.101 and 102.

    The clients could not ping each other. The server could not ping the clients. The clients could both ping the server.

    The clients would respond to pings on their respective LANs, so I'm guessing the ICMP packets from the VPN never made it to them.

    I am assuming the issue is in the VPN config, but I'm not sure where to look. I couldn't see any error conditions in the server event viewer that seemed pertinent, but I also saw no categories that seemed focussed on the VPN at all.

    Wednesday, February 15, 2017 6:04 PM
  • Hi Keith,

    >>I added it like this poster, but unfortunately, that didn't solve it either.

    Did you have add manually add route entry on router for clients?

    >>The clients would respond to pings on their respective LANs

    You could catch traffic to check if VPN server is sent data to correct way.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Thursday, March 02, 2017 9:37 AM
    Thursday, February 16, 2017 10:15 AM
  • Hi Keith,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 02, 2017 9:37 AM