Can't access internal machines via VPN 1

[rpg121]

I'm learning about servers so just bear with me. I can create successful VPM connections to my server but I can't access, ping or see any of the computers that are inside the network. I refered to Windows 2000 server help and it says I need to make a static route. Is this right, how do I do that and is there anything else I need to do?


Thanx in advance to anybody who replies, much appreciated,

Josh Bart

 

[John Lewis]

First, make sure the VPN connection is good and rule out addressing problems there. Start the VPN connection. Once it is established, right click on the icon on the task bar for the VPN connection and select 'status'. If you don't have the icon on the taskbar, open Network and Dialup connections and right click on the VPN connection there and select 'status'.

Once the status box is up, click on the details tab. Should have a server IP address and a client IP address. You should be able to ping both of these. If not, routing is not the problem.

Assuming that goes well, routing is the most likely problem, so open a command window. Type the following:

ROUTE ADD xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx

Replace the first set of xxx's with the network address of the remote network you are trying to reach. The 255.255.255.0 is the subnet mask of the remote network, I assumed the 255.255.255.0, you might need to adjust to match the configuration of the remote network. Replace the second set of xxx's with the client VPN IP you found in the status box earlier.

If you don't get an error, all is well and you should be able to reach the remote network.

The route will last as long as the VPN connection. If you take it down, the route will go away. If you get the same VPN address each time you connect, you can make the route stay by adding /p to the command.

 

[milesy]

I now this a little late as the original post is now some 4 months old.

I am in the same possition as above and tryed the suggested route by it came back with the following

ROUTE: BAD ARGUMENT 169.254.105.19

At the command prompt I typed:-

Route 169.254.105.15 255.255.255.0 169.254.105.19
Local Machine Remote Server

I have a win 2000 server with routeing and remote access set up and I can see the shares on the server but cannot see any of the computer or the server on the network.

Any Ideas?

 

[John Lewis]

First thing that I notice is that you are missing the 'ADD' directive.

Looks like you have bigger problems, though. Could be fairly simple to clear up. The 169.254 addresses would indicate that you are using APIPA (automatic private IP addressing) somewhere. Is your entire network configured this way, or just the VPN connection? Either way, should be changed.

A) Your server side network should use a private IP addressing scheme, either with fixed IPs or through a DHCP server. If you want to route over your VPN, it is much easier if your network address is matched to the appropriate mask as defined in the RFC that specifies the private ranges.

B) Your VPN server should be configured with a block of IPs that lie within your network. If you are using DHCP, these should be excluded from the pool. Although the VPN can use DHCP to get addresses, it can cause problems if the DHCP server doesn't respond very quickly.

C) If you have a network on the client side (even a simple firewall that uses a private IP can qualify), the private network address there needs to be different than your server side network.

D) The VPN server should be the default gateway for all of the computers on the server side network. If this is not possible, an alternative would be to set up a routing on those computers, pointing all private addresses to the VPN server.

If you get all of those things satisfied, and all of your computers are service packed current, the routes should happen automatically without any additional routing commands.

 

[milesy]

Thanks for the reply.

I did put the "ADD" in and still the same error.

Please bear with me if I sound green. The person how took care of all the PC's and the server where I work was fired and I was asked if I could help sort things out. I had very little experiance with servers or networks before I started. But now I have a win 2000 server and 14 win 2000pro machines.
The server uses active directory and I have a domain called 'Office'
All the win 2000pro machines are on a 100Mbit network with 2 network printers.
I have a net gear router which assignes IP addresses to all the workstations, the server I have set with a static ip(is that right)
The VPN server has its own NIC for VPN I have set up the server so it gives out IP addresses for the VPN
e.g my LAN IP 169.254.105.2 - 169.254.105.15 by my router,
then 16 to 20 assigned by server for VPN

So I think I have got points A and B correct
I did not fully understand point C
and I'll betrying point D In the morning

Many thanks

 

[bell1996]

The correct command to add a static route is;

route add x.x.x.x mask y.y.y.y z.z.z.z

where x.x.x.x == a subnet or host (ie. subnet 192.168.1.0)
where y.y.y.y == a mask (ie. 255.255.255.0 )
where z.z.z.z == gateway on LAN (ie. 192.168.1.1)