Hello everyone.
My problem is the following: I have two LANs addressed the following way:
Address: 1.50.117.0 1.29.95.0
Mask: 255.255.255.0 255.255.255.0
(don't worry about the non-standard LAN IPs: both LANs are part of a fiber-optic WAN connected to the Iternet through NAT servers, using private addressing).
Now, I successfully enstabilished a VPN tunnel between two machines, with these addresses:
VPN client VPN server
Address: 1.50.117.1 1.29.95.1
VPN addr: 10.0.0.2 10.0.0.1
Now, my problem is the following: from the VPN client machine I can see the entire 1.29.95.x subnet, but I can't do the reverse! From the VPN server I can see only the other tunnel endpoint byt not the rest of the 1.50.117.x network.
Obviously I checked the routing tables (I list only the routes added automatically for the VPN connection):
VPN client (1.50.117.1)
------------------------------------------------------------------------------------
Address Mask Gateway Interface
------------------------------------------------------------------------------------
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.1
10.0.0.1 255.255.255.255 10.0.0.2 10.0.0.1
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1
------------------------------------------------------------------------------------
VPN server (1.29.95.1)
------------------------------------------------------------------------------------
Address Mask Gateway Interface
------------------------------------------------------------------------------------
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1
10.0.0.2 255.255.255.255 10.0.0.1 10.0.0.2
------------------------------------------------------------------------------------
On the client all works fine: as you can see there is a default gateway through the VPN tunnel (0.0.0.0 through 10.0.0.2) and there are entries for the other endpoint and for the local endpoint. However, I added a route to the 1.29.95.x network successfully:
route add 1.29.95.0 mask 255.255.255.0 10.0.0.2
On the server, you immediatly note that there is a route missing: the one to the default gateway through the VPN server. I tried to add it as long as the route to the 1.50.117.x subnet:
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
route add 1.50.117.0 mask 255.255.255.0 10.0.0.1
Surprisingly BOTH COMMANDS FAILED with the error "Parameter is incorrect" (which parameter?). After many tries, it seem the only IP that Windows wants routed through the VPN tunnel is that of the VPN client. So the command....
route add 10.0.0.2 10.0.0.1
... is the ONLY successful command on the server pointing to the 10.0.0.1 gateway (VPN server-side endpoint).
Both machines are using Windows XP Pro SP1. What is the problem? I just can't stand with me not being able to add that simple route back to the client's LAN.
Also be aware that:
- I tried toggling the "Clients are able to specify their IP addresse" option
- I tried toggling the "Use remote network default gateway" option
- HKLM\System\CurrentControlSet\Services\Parameters\IPEnableRouter is set to 1.
- I cannot change the two LANs subnet addresses to match each other!
It must be possible to add that route back to the client. Either it is possibile, or it is a bug in the IP protocol implementation!
Thanks in advance.
--
LDV
My problem is the following: I have two LANs addressed the following way:
Address: 1.50.117.0 1.29.95.0
Mask: 255.255.255.0 255.255.255.0
(don't worry about the non-standard LAN IPs: both LANs are part of a fiber-optic WAN connected to the Iternet through NAT servers, using private addressing).
Now, I successfully enstabilished a VPN tunnel between two machines, with these addresses:
VPN client VPN server
Address: 1.50.117.1 1.29.95.1
VPN addr: 10.0.0.2 10.0.0.1
Now, my problem is the following: from the VPN client machine I can see the entire 1.29.95.x subnet, but I can't do the reverse! From the VPN server I can see only the other tunnel endpoint byt not the rest of the 1.50.117.x network.
Obviously I checked the routing tables (I list only the routes added automatically for the VPN connection):
VPN client (1.50.117.1)
------------------------------------------------------------------------------------
Address Mask Gateway Interface
------------------------------------------------------------------------------------
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.1
10.0.0.1 255.255.255.255 10.0.0.2 10.0.0.1
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1
------------------------------------------------------------------------------------
VPN server (1.29.95.1)
------------------------------------------------------------------------------------
Address Mask Gateway Interface
------------------------------------------------------------------------------------
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1
10.0.0.2 255.255.255.255 10.0.0.1 10.0.0.2
------------------------------------------------------------------------------------
On the client all works fine: as you can see there is a default gateway through the VPN tunnel (0.0.0.0 through 10.0.0.2) and there are entries for the other endpoint and for the local endpoint. However, I added a route to the 1.29.95.x network successfully:
route add 1.29.95.0 mask 255.255.255.0 10.0.0.2
On the server, you immediatly note that there is a route missing: the one to the default gateway through the VPN server. I tried to add it as long as the route to the 1.50.117.x subnet:
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
route add 1.50.117.0 mask 255.255.255.0 10.0.0.1
Surprisingly BOTH COMMANDS FAILED with the error "Parameter is incorrect" (which parameter?). After many tries, it seem the only IP that Windows wants routed through the VPN tunnel is that of the VPN client. So the command....
route add 10.0.0.2 10.0.0.1
... is the ONLY successful command on the server pointing to the 10.0.0.1 gateway (VPN server-side endpoint).
Both machines are using Windows XP Pro SP1. What is the problem? I just can't stand with me not being able to add that simple route back to the client's LAN.
Also be aware that:
- I tried toggling the "Clients are able to specify their IP addresse" option
- I tried toggling the "Use remote network default gateway" option
- HKLM\System\CurrentControlSet\Services\Parameters\IPEnableRouter is set to 1.
- I cannot change the two LANs subnet addresses to match each other!
It must be possible to add that route back to the client. Either it is possibile, or it is a bug in the IP protocol implementation!
Thanks in advance.
--
LDV
