setting up a vpn server..

[dispid]

ive never done this before and id like some info on how to go about creating a vpn server.. i think your supposed to go through the wizard, but when i get to the part about selecting a connection device.. alli see listed is my Parallel port (lpt1). do i have to have a ras for a vpn? or is it as easy as going through the wizard? the help in w2k hasnt been to helpful so i have come here for more info..
thanks.

 

[dispid]

ALSO..
whenever i try to open up the RRAS MMC I get the following error..

"the connection attempt failed.
the server is not connected."

and whenever im in the Routing and Remote Access panel in the mmc and i right click on my server to click properties i get another error..

"you do not have the required permissions to view the properties."

i am logged in as Administrator.. what needs to be done to fix this? i am trying to install a vpn server on w2k server

 

[Andrzej]

I have exactly the same trouble, and no hint to solution
The only guess about the reason is the following: my Windows 2000 Server was installed over NT 4.0, maybe inheriting some registry and other settings. I am almost sure the clean reinstall will fix the problem.
Unfortunately, I already have too many software installed to reinstall it all in reasonable time.

 

[peterve]

Remove RRAS, re-enable it, and choose custom installation.
Check your RAS ports, and enable some PPTP ports...
Assign a range of IP addresses to be used by the remote clients...
Microsoft has a nice whitepaper on this subject (step by step guide how to set up a PPTP VPN server)
If it doesn't work, let me know... Peter Van Eeckhoutte
peter.ve@pandora.be

 

[Andrzej]

Menu item 'Disable Routing and Remote Access' does not work (it does something, but the item stays enabled, and 'Configure and Enable' menu item stays disabled).
Also, I can't stop 'Remote Access Connection Manager' and 'Telephony' services, and can't change 'Routing and Remote access' startup type from 'Disabled' to anything else (it swithes back to 'Disabled' after reboot).

 

[peterve]

remove the routing & remote access system,
apply SP1
install RRAS
apply SP1

then try to reconfigure it.. Peter Van Eeckhoutte
peter.ve@pandora.be

 

[pandaman]

I have the same RRAS problem you are both describing. It has happened to me on two seperate Win2k machines that were both clean installs, so it is not an upgrade problem.
It is preventing me from correctly setting up an ISA Server 2000 VPN. I'm going to try the good old remove, reinstall and apply SP but I'm not convinced.
I'll let you know how I get on.

~Andy.

 

[Guest_imported]

This problem can be solved by activate the remote registry service.

 

[Andrzej]

Wow! Thanks!

 

[Guest_imported]

When I connect to the VPN I lose internet surfing ability.
What have I done wrong?

 

[HelpImStuck]

if you have port blocking enabled on your tcp/ip settings..it might also cause that..

 

[peterve]

check the default gw address,
also make sure you get the correct DNS servers,
try to tracert to a internet IP address
Peter Van Eeckhoutte
peter.ve@pandora.be

 

[Guest_imported]

I have a new pc box with Windows 2000 server install (fresh) and service pack 2 -> I have two nic cards one on the privite Lan -the other a static IP from out ISP provider at work. I use the vpn wizard and go through the steps. Also making sure my username has dial-up permission and run the vpn connection manager off a laptop dialed up on the internet. I try to connect and get no answer. I see the external nic card gets activity and then get's "no answer" from the laptop....I have read numerous sites explaining the install of this vpn server on windows 2000 server-but this is driving me insane.....i'm using privite ip addresses- instead of dhcp (for the vpn server) also made sure that i have remote access policy created with my user account in that group too. I don't know why this darn thing won't work right??!! Can you shed some light please?
Thanks,

 

[Jpoandl]

rbenedit,

I've set up Win2K VPN a few times now. When I run into problems, It is best to remove any un-needed equipment. For example, I would remove all routers or ISP's from the equation. Just try to connect to your VPN machine directly...but use the VPN connection. You should still see the client connect in the VPN PORT monitoring MMC.

I say this because, I've experienced many problems related to either the router configurations or the firewall configs. But when you take those pieces of equipment out and your VPN server works...you have the ability to say "hey it aint my problem..there is a router issue here or a firewall issue."

Joseph L. Poandl
MCSE 2000

 

[Vero]

I'm trying to setup a RAS/VPN server, I followed Microsoft guide, but it doesn't work. I have the same problem in both services: computers doesn't appear in client my network places, clients can ping only the server, clients can find other computer and connect to network drivers. I don't know how to work around this problem. Can someone help me?

 

[Jpoandl]

Vero,

How are you assigning the client VPN ip addresses. In a small environment it is easiest just to use an address pool rather than DHCP.

When you assign the VPN address pool make sure it is in the same subnet as your private IP address and other workstations (unless in a routed environment). For example, if your private VPN server address is 10.1.1.1 and your "internet" assigned IP is 208.2.3.4, you should set a pool like 10.1.1.10 to 10.1.1.20. This way, when your users connect via the VPN, they get an IP address that your private network uses.

Also, I don't think you are going to see the rest of the network with having a DNS (WIN in 4.0 environment) or host tables on your clients. But I'm not too sure... Joseph L. Poandl
MCSE 2000

 

[Vero]

Thank you Joseph for your answer. First I setup remote access via modem, I use a static pool of addresses. I choose two free public address, one for the server one for the client, so server and client are in the same subnet. The server has a nic for intranet/internet connection with a public address but on another subnet. I think this is not a problem because IP routing is enabled on my server. The problem is that ras client can ping only the ras server, other computers on my network have public IP address in the same subnet of the ras client, but I can't ping them. I can connect those computers with FIND or connect network drive. It seems like..... I don't know, if you have any idea pleas tell me. Thank you again

 

[Jpoandl]

When the VPN client connect to the server (via VPN client dialer) the server will then give a VPN IP address to the client machine.

[This IP address should be set in your IP address pool on the VPN server. This IP address in this pool should be on the same subnet as your internal client computers.]

You should be able to verify that you recieved an IP address from the server. You can see this on the client if you type IP Config /all from a command prompt.

Also, you should be able to verify this on the server by looking at your VPN ports. You should see that one is active and be able to get information about the connection.

Once you are connected, you should be able to ping the VPN server by IP address. In addition, you should be able to ping the internal clients if they belong to the same subnet as the server. Usually in a small environment, this is the case. You client machines should be able to ping the dial-ed in machine (i think).



VPN Server with 2 nics may look something like this:
Public NIC = 208.23.45.79
Internal NIC = 10.1.1.1

VPN Client may get IP assigned by ISP...lets say 167.21.34.45 Then you use the VPN connection dialer to dial the public IP address of the VPN server (208.23.45.79) After the connection is accepted, the server will give the client an IP address in its Pool (make sure you have pleny available in your pool for multiple connections). The given ip address for the client would be something like 10.1.1.11 (a workable internal IP address). If you do IPCONFIG /all on the client you will see the ISP IP address and the VPN assigned IP address.

I assume you are connecting though...so I won't go through the user account configuration....

Hope some of this helps...
Joseph L. Poandl
MCSE 2000

 

[Vero]

I used IPCONFIG/all and it seems that the IP addresse are correct. Let's say I had a server with two NICS, one with a public address, 137.204.57.92, and one with private address , 192.168.12.1, and I use an addresses static pool of the private subnet, 192.168.12.10/20, a client deal the public IP address of the VPN server and obtain the IP address 192.168.12.11, the first address is assigned to the virtual interface of the server, can it be able to ping computers on the subnet 137.204.57, or only the computers on subnet 192.168.12?
Thank you

 

[Jpoandl]

OK 137.x.x.x is PUBLIC. It looks like 192.168.12.x is your private network.

When you client gets a VPN connection it receives a 192.168.12.x address. (This is good. This make sence to me.)

After the connection is complete your VPN client should be able to PING all computers on the 192.168.12.x internal private network.

The VPN client should not be able to ping the 137.x.x.x public address through the VPN connection.


Hope this helps..
Joseph L. Poandl
MCSE 2000