Daniel Brooker 
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
 |
| 10/15/2007 04:48 AM |
|
One of my clients recently changed ISP & I'm struggling work out the best configuration and get the VPN services working as expected.
Initially, I configured the ADSL modem to do the PPPoE authentication and it seemed to pick-up some sort of DHCP address [ not the single IP assigned to us by the ISP ]. I configured the external NIC on the server to have both a private network address [ so it could communicate with the ADSL modem ] and the public IP address assigned by the ISP.
Have since found out that this is not really a supported configuration; but Internet access and email services worked find. The problem was that the VPN would connect but none of the internal resources were accessible.
Have adjusted the configuration so that the ADSL modem is in Bridge Mode and run the CEICW configured for a PPPoE connection. Again Internet access and email services are as expected but the VPN connects but no internal resources can be accessed.
Wasn't sure how to configure the external NIC of the server after running the CEICW so have set it to DHCP [ which of course never gets an address ].
Strangely enough, you can connect to the VPN and actually RDC it the server if the 169.254.x.x address is used.
Any thoughts on best configuration of this connection or how to resolve the VPN issue would be greatly appreciated.
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1717
|
| 10/15/2007 10:46 AM |
|
| what router are you using?? |
|
|
|
|
|
Daniel Brooker
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1717
|
| 10/15/2007 04:13 PM |
|
ok, my thoughts on best configuration are :
make the router responsible for the internet connection - fix whatever the problem is with the router not picking up an IP from your ISP.
assign a static IP in a private address range to the internal interface of the router.
this range should be different to that of your SBS servers internal network. eg, if your sbs network is 192.168.16.x/24 then the router/ server external network should be 192.168.0.x/24
assign another IP in that range to your servers external NIC. remove the public IP from your server.
when you have the internet connection sorted correctly, open up the required ports for pptp vpn traffic - tcp 1723, forward them onto the servers external IP.
attempt your vpn connection.
|
|
|
|
|
|
Daniel Brooker
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
|
| 10/16/2007 04:17 PM |
|
Robert :
Thanks for your input.
I've reset my configuration in the method that you suggested [ router handing authentication, public IP on router external and private on router internal [ different to SBS internal network ] ; external server NIC with private IP on same subnet as router ].
Unfortunately the symptoms appear similar to before; the VPN connects as expected [ authenticate, register on network ] but I still can't access any internal resources. The VPN sits there for a couple of minutes and then disconnects.
I've 'reset' the remote access settings using the wizard, but this doesn't seem to have improved/resolved the situation.
Not sure if this might help with the troubleshooting, but the dial-in remote access has & still is working without any problem.
Any ideas regarding where I should be looking next would be greatly appreciated.
|
|
|
|
|
|
robert pearman
United Kingdom
Member since
2/23/2007
Platinum Membership
Posts: 1717
|
| 10/16/2007 04:31 PM |
|
"Not sure if this might help with the troubleshooting, but the dial-in remote access has & still is working without any problem." - can you elaborate on that?
can you show us an ipconfig /all from server and also from a client whilst vpn is connected. |
|
|
|
|
|
Daniel Brooker
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
|
| 10/17/2007 01:51 AM |
|
Robert :
Regarding the dial-up; was thinking that this might indicate that the RRAS is correctly set-up. Is this a mistaken belief?
As requested, please find attached the IPCONFIGs from the SBS server and a connected VPN client.
|
 Attachment: 11017532273471.txt
Attachment: 11017532275054.txt
|
|
|
|
|
Daniel Brooker
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
|
| 10/25/2007 04:17 AM |
|
Was wondering if anyone else had any thoughts regarding this issue, or if there was any additional information that I could provide to assist with the troubleshooting?
Thanks in advance. |
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 11720
|
| 6/26/2008 01:28 AM |
|
Hi Daniel,
I don't know if you are still dealing with this, but you are missing the WINS on the SBS internal nic. Also, why is the remote client showing two DNS entries?
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|
Daniel Brooker
Australia
Member since
10/15/2007
Platinum Membership
Posts: 14
|
| 8/26/2008 01:25 AM |
|
Hi Marina,
Thanks for your comments.
The remote client had manually set DNS entries, but I hadn't spotted the missing WINS entry on the SBS internal nic, so thanks for pointing that out.
The eventual ‘solution’ was to install a hardware router in front of the SBS external interface and let that handle the Internet connection. Not great, but at least everything is up and running and the client is happy.
Thanks again for the assistance/comments.
|
|
|
|
|
|
Marina Roos
The Netherlands
Member since
3/24/2005
Forum Admins
Posts: 11720
|
| 8/26/2008 01:46 AM |
|
Hi Daniel,
On the contrary, it is the best thing you could have done. Letting a server handle the PPPoE connection never works.
|
|
| Marina Roos Smallbizserver.Net Administrator | Mission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain' |
|
|
|
|