Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WK2 VPN IP Mess

Status
Not open for further replies.
ITGL72

ITGL72

MIS
Jul 2, 2001
105
0
0
US
I have a windows 2000 server on a 192.168.1.0 internal network. It’s the VPN server.

I noticed my problem when first connecting to the server. Its behind a DSL connection using a linksys router. Port forwarding is setup for VNC and VPN connection. I can connect via VNC and connect via VPN.

But on the VPN connection, I cannot PING other machines, or map drives. I cannnot even VNC to the same machine I am able to VNC to when I just hit the outside IP.

Heres what I have configured on the Routing and Remote Access MMC. I have it setup to issue from a static pool of IP addresses 192.168.1.222 through 192.168.1.227, HOWEVER FOR SOME REASON --> its not giving me a SUBNET MASK of 255.255.255.0! I cannot change it.

THIS IS THE W2K SERVER IP STATIC CONFIGURATION:

DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 166.102.165.13
166.102.165.11



THIS IS WHAT THE VPN CLIENT CONFIGURATION LAST TIME I CONNECTED:
Description . . . . . . . . . . . : WAN (PPP/SLIP) In
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.223
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.223
DNS Servers . . . . . . . . . . . : 166.102.165.13
166.102.165.11


Two things stand out for me when looking at the information. The SUBNET MASK it is giving the client is 255.255.255.255. But inside Routing and Remote Access were I look at the static pool of addresses, for 192.168.1.222 through 192.168.1.227 it issues a SUBNET MASK of 255.255.255.192 where I would expect 255.255.255.0.

Also, is the VPN clients Default Gateway supposed to be the same as the IP address it received?


ALSO, if I am connected on a network say at home that uses 192.168.1.0/24 and I connect to a remote network that is also using that 192.168.1.0/24 type network would this sort of conflict I am experiencing now occur?

I'm open to options... Thanks...
 
Sort by date Sort by votes
Well I am not sure about the subnet mask, but the other issue sounds like a DNS problem. The client pc's should have your server for their DNS and on the server you need to ad your isp dns to the forwarders.
 
Upvote 0 Downvote
Im trying to connect and ping via IP address, names are not used.

Thanks
 
Upvote 0 Downvote
Having the same network address on both sides of the VPN is a problem. A VPN connection is a point-to-point connection, you are connecting to the VPN server only, not the server side network. The subnet mask of the VPN interface on both the client and the server will always be 255.255.255.255 (single host). MS VPN servers and clients generally accomodate this situation by adding routes between the client and the server side network. Since your network addresses are the same on both side, this is not possible. If your client added a route to 192.168.1.0/24 through the VPN, your client side network would no longer be accessible, including your router so the underlying VPN connection would fail.

The temptation would be to change your home network to another network, but you really should change both. Everyone uses 192.168.1, so you really should use something different to make sure you don't run into the problem again.

If it is not possible to change either network, you should be able to connect to the VPN server (but not other hosts on the server side network) by using the address assigned to the server side of the VPN. Based upon your configuration, this will most likely be 192.168.1.222 most of the time. With the connection active, right click on the icon for the VPN connection and select properties to verify.

If you want to connect to VNC on the server using the server's VPN address, you may need to add the VPN interface to your VNC configuration, depending upon the flavor of VNC you are using and your other config options. On that note, VNC by itself is an extreme security issue (again depending upon flavor). You should remove the forwarding from your public address soon.

You should be able to map drives on the server using the server's VPN address without any changes, but you will not be able to map other machines on the network without changing addresses. Mapping by name is another can of worms. WINS is the technically correct method, but unless you already have a WINS server configured or large dynamic network, creating a lmhosts file on your client computer is probably your best bet. It is possible to broadcast netbios traffic across the VPN, but it is not a good idea, nor is it reliable.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
305
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Question
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
0
Views
1K
FrankSider12
F
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
196
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
125
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top