Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vpn server 1

Status
Not open for further replies.
csutton

csutton

Programmer
Dec 27, 2000
213
US
Hi everyone,

I'm trying to setup my SBS2000 (Win 2K) server as a VPN server. It is sitting behind a router, and I am forwarding the correct ports and I know GRE (47) is passing (tested using the pptp ping utilities). Anyways,
my local computers are able to connect to the server w/o any problem, but no computers on the internet are able to connect. They basically time out (states it is connecting, then verifying username and password), saying "remote computer does not respond to network requests".

I made sure the username I'm connecting with is correct (and has remote dial-in/vpn connections enabled). As I said, it works fine locally.

When I configure this, I only have 1 network card in the server. Since it is sitting behind a wireless lan, I have the router forwarding the ports to the server for vpn. Can I set up the VPN server with just 1 NIC in it?

Anyone have any ideas or tutorials to do this? I have reviewed any tutorial I can find and still not working. It is not even authenticating (or so it appears).

Thank you! Thank you! Thank you!
 
Sort by date Sort by votes
Yes the VPN can run with only one NIC. Do you have the logging turned on? If so you can see if a remote users is connecting to the server (only to be dosconnected due to for instance authentication error).
 
Upvote 0 Downvote
Yes, logging is turned on, but not sure where to find the log files. (Are they text or are they in the event viewer??) Thank you...
 
Upvote 0 Downvote
On the remote open lmhosts.sam
Add a last line to point to the server by IP and Domain (the instructions are in the file).
Save as lmhosts without the extension.

Reboot.
Does that work? GlennA
MIS, IT, Gofer






 
Upvote 0 Downvote
You specify where the log files is. Default is something like C:\Winnt\System32\LogFiles\iaslog.log
 
Upvote 0 Downvote
you will see remote access entries in the event logs. i believe in the system log. this will offer a reason for denial if in fact you made it this far. we use a packet monitor called "packetmon" that is great for sniffing the packets comming in on the nic offering the destination and source ports thus allowing you to determine L2TP or PPTP issues. here is a link:



check the address associated with the L2TP and or PPTP ports in RRAS. this will be the nic address on the public network (your only nic in this instance). this has to be an address in a public address block and your router passing the packets to this address.

scottie
 
Upvote 0 Downvote
oh yea,

richgill is correct on that particular log file. there is a utility included with the 2000 server resource kit called IAS Parse Tool. just run it from the resource kit and it defaults to the default directory for the IAS log and will spill out all the logon attempts in detail.

scottie
 
Upvote 0 Downvote
Thank you all .. I will try tomorrow to see how it goes.. thanks
 
Upvote 0 Downvote
Maybe that's right! My VPN serer does have 2 NICs in it - even though one is disabled. Does this mean that RRAS wont work unless the server has 2 NICs even though it can function using only one??
 
Upvote 0 Downvote
Matt, I have a VPN server working just fine with only one nic. So who knows!?!?

csutton, are your client computers behind any kind of firewall? For example, if they were behind a linksys router you would have to enable "pptp pass-through". Or If you were masqing, using a linux box with ipchains you would need to add GRE support to get it to work.
 
Upvote 0 Downvote
Just to add to dankelt's post - also it's helpful to turn on your firewall's logging. That will soon tell you if clients are getting as far as the FW and if the FW is blocking their traffic. This, coupled with the VPN logs, should help you out.
 
Upvote 0 Downvote
Hey all,

I've tried this thru dial up accounts and from behind a router. I know my router/firewall is configured to allow PPTP to pass thru as I have it connecting to other vpn servers (router based).

I did not get a chance yet to test with the logging turned on. I will hopefully get to it this weekend.. other issues decided to creep into the picture (as always) :)
 
Upvote 0 Downvote
When you setup VPN in 2000 it you have to have to have a second NIC for incoming connections. If someone has done it and it works please post the info.

thanks
 
Upvote 0 Downvote
Just a thought, but when i set up clients to access a VPN server in the past i too couldn't get through. It then turned out that the clients werent using 128 bit encryption levels. the clients encryption level had to be the same as the servers encryption level.

this may have bugger all to do with your problem but as it hasn't been mentioned in any posts......thought i'd take the liberty

Regards

Krystian
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
210
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
259
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
221
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
249
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top