VPN to server from Win2k pro client 1

[da209]

This is probably more of a 2k pro question because the server can be reached from a win 98 client with no problems. Server is 2000, trying to connect with pptp. 2k pro connects but all i can do is ping server private and external ip addresses, dns resolves internet host names but can't do internal names. can't see anything. ipconfig output makes no sense. get ip but mask is strange and dhcp...:no? then where did that ip come from? tcp/ip properties for vpn connection has dhcp enabled.



DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.38
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.38
DNS Servers . . . . . . . . . . . : 192.168.1.1
Primary WINS Server . . . . . . . : 192.168.1.1

 

[John Lewis]

Actually more of a VPN question than a server or pro question, but that's OK.

First, how it's supposed to work. . .

A PPTP connection creates a virtual interface on both ends of the tunnel, one on the server and one on the client. The sole purpose of these vIFs is to service the PPTP tunnel. The IPs assigned to these are endpoint addresses and do not lie on any other network, even if the numbering falls in line with another network that one end of the tunnel is connected to, thus the 255.255.255.255 mask. Technically, routing should never occur across this connection without a route being added manually -- a machine should not assume routing based upon the network that the connection appears to be a part of.

Now the Microsoft feature-bug.

Microsoft clients never strictly adhere to the rules. Behavior varies from version to version, but officially, 2K is supposed to add a route to the server side network on the client machine under certain circumstances.

The address assigned to the endpoints must lie within the range that would normally fall on the server side network.

The client may not be otherwise connected to another network or host with the same network address or a network address that would include the server network in it's scope. (Actually, that one must be true for routing to work in general.) That one's kinda hard to read, so for example if your server side network was 192.168.2.0 mask 255.255.255.0 and the client was connected to or routed to another network 192.168.0.0 mask 255.255.0.0, a host on the server side network with an IP of 192.168.2.10 could fall within the scope of the 192.168.0.0 network, so the route would fail.

The VPN connection may not be configured as the default route. (The 'use default gateway on remote network' box must be false.)

If you can adjust your setting so that all of those criteria are met, you should be good to go.

On another note, DHCP = no is correct, the address is not a DHCP address for the purpose of the VPN. The address is sent to the client by the server. Depending upon the configuration, the server might request an address for the connection by DHCP, but the VPN client does not make the DHCP request for itself.

 

[da209]

Thanks for the great explaination but already got it working. My local home network was using the same private addresses as office network. When I'd ping 192.168... I was actually hitting my broadband router not the domain controller. Deleting the 192...0 route to LAN address got it to work.