VPN Trouble

[cygan]

I have problem viewing or pinging my client's workplace PC's over VPN.
At my client's workplace I have an SBS 2003 Server Standard Edition, which has been configured for RRAS and VPN. The server has a single NIC -configured to an IP of 192.168.1.105 with a subnet 255.255.255.0. The internet connection is through a router with an IP of 192.168.1.1. There are three more computers on the network which are connected through a switch.The router connects to the switch. All connections have been derived from the switch.The IP 's are manually assigned within the 192.168.1.X segment. Port 1723 has been forwarded on the router. DHCP is not turned on in the RRAS, but a static IP range of 192.168.1.25 to 192.168.1.49 has been assigned for connecting clients.

I have created a VPN client-PPTP on my home PC (XP Pro). I can connect to the server through the VPN dialer that I have created. My home router has an IP of 192.168.1.1, and my Pc has a static IP 192.168.1.85.

The VPN connection goes through fine, but I am unable to browse or ping any computer or server at my client's workplace. I have checked and none of the IP's are conflicting. The workplace computers and my home PC are in two separate workgroups, but I assume, that is OK since at my other clients' places, we have multiple workgroups.

I have also read an article from Microsoft where we have to tweak the registry for IPnat.

Can someone help , please?

 

[spidey07]

You'll need to forward IP protocol 50 to the VPN server. This is not a TCP port number, it is actually IP protocol number. This is used for the actual tunnel traffic.

 

[cygan]

Dear Spidey,

Do all routers have that facility, because I can't find any section to forward protocols. However I have set the source protocol to PPTP, before which even the connection wasn't going through

Thanx

 

[cygan]

One more thing I wanted to inform you was that when I observed the packets on my home pc after connecting through VPN was that packets were only sent, but not received.The rceeived packets figure remained stationary all through out.

Thanx

 

[spidey07]

Also do a route print. It's unusual to use the same subnets like that with a VPN, your client computer might think those addresses are local and not send them through the tunnel. Although most times it's the NAT breaking ip protocol 50. Look for other terms like vpn passthrough and forward. I don't know much about windows vpns but you can should also set it up for "nat traversal", this will wrap the tunnel packets in udp or tcp. Then you would forward those to the vpn server.

 

[cygan]

Like you said, the client computer must not be passing the requests through the tunnel. have changed the IP range of the workplace to 192.168.16.x. I wanted to try the VPN thing today, but couldn't. I shall try to try the VPN tomorrow morning and let you know. Hope that works.

Thanx a lot for your help.

 

[RebateMonger]

Yeah, don't have your remote network and your local network on the same subnet. Your PC has no way of knowing which way to send the traffic (across the local network adapter or the VPN network), since both networks appear identical.

When setting up an SBS server, never use any "common" subnet settings for the local network. A 192.168.1.x network is just asking for VPN troubles since everybody's home routers use either that or 192.168.0.x. That's the exact reason why SBS 2003's setup wizards try to get you to use 192.168.16.x for the SBS local network.

 

[cygan]

Thank you Spidey * RM for all your help. I changed the Ip range at the workplace to 192.168.16.x and it worked. Thank you for all your help

 

[bobdole369]

Very common problem. See if your work IP range is 192.168.1.0/24, and your home IP range is 192.168.1.0/24, then any packets destined for the same subnet are not sent through the tunnel! It thinks its local!