RAS/VPN routing on client?

[Guest]

HI!
I’m setting up a VPN/RAS solution between a Win2003 server and a XP client,
both of them behind NAT firewall. So far it’s not working.

However I have some questions regarding the client and routing.
How does the client know to which network to send a package to?
For example, if I want to reach the local NAT router on the XP’s LAN (IP
198.168.0.1), the same address will also be available on the other side of
the VPN tunnel (the NAT router on the Win2003’s LAN).
To get this working that must be a routing table supporting more than 1(one)
gateway address in the XP itself?? Is it?? Or is it some other totally
different way to do it?


Reg
Jocke

 

[Robert L [MS-MVP]]

As you said the routing table will do the job for you. you can compare the routing table before and after VPN using route print command. however, if both sites are using the same IP range, the VPN won't work (in most cases).

RRAS/VPN Q & A collections Both sites are in the same IP range · Browsing over VPN · Can use IP but no name · Can't access the remote computer with Cisco VPN ...
www.chicagotech.net/Q&A/vpnq&a.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
HI!
I’m setting up a VPN/RAS solution between a Win2003 server and a XP client,
both of them behind NAT firewall. So far it’s not working.

However I have some questions regarding the client and routing.
How does the client know to which network to send a package to?
For example, if I want to reach the local NAT router on the XP’s LAN (IP
198.168.0.1), the same address will also be available on the other side of
the VPN tunnel (the NAT router on the Win2003’s LAN).
To get this working that must be a routing table supporting more than 1(one)
gateway address in the XP itself?? Is it?? Or is it some other totally
different way to do it?


Reg
Jocke

 

[Yves Leclerc]

First, the two LANs, local and Win2003, should not have the same IP scheme.
There needs to be only one 192.168.0.xxx network and the other should have
another IP scheme.

 

[David Johnstone]

First, the two LANs, local and Win2003, should not have the same IP scheme.

There needs to be only one 192.168.0.xxx network and the other should have
another IP scheme.

Wouldn't it be ok if one were e.g. 192.168.178.xxx and the other
192.168.181.xxx?

Thanks, David

 

[David Johnstone]

The answers in this thread have been of great use to me, but
I still have a few problems.

I've set up a VPN Server and Client, and have it basically
working but a few issues to resolve.

Both ends are PC's, both behind separate DSL Router/Firewalls,
both resolvable by dyndns. Both are running Windows XP prof.

Within the server network, the router has the internal address
192.168.181.1 and the VPN server 192.168.181.20.
On the client side the router has internal address 192.168.178.1
and the client 192.168.178.20. Both routers of course have WAN
addresses assigned by the ISP's too.

On the client I have two network connections active, the LAN
connection to the router/internet, and the VPN (virtual)
connection (which in reality of course goes via the LAN).

In the default state after setting all that up, the problem on
the client is that all internet traffic is routed over the VPN,
i.e. it actually uses the internet connection of the server,
and is of course limited by the low ADSL upload. I have proven
this by looking at the network traffic.

The routing table looks like this:-

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 09 92 c8 fb ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x3 ...00 11 09 92 ca ee ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
0x40005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 169.254.1.1 169.254.1.1 1
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.20 21
85.180.150.12 255.255.255.255 192.168.178.1 192.168.178.20 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.1.1 255.255.255.255 127.0.0.1 127.0.0.1 50
169.254.255.255 255.255.255.255 169.254.1.1 169.254.1.1 50
192.168.178.0 255.255.255.0 192.168.178.20 192.168.178.20 20
192.168.178.20 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.178.255 255.255.255.255 192.168.178.20 192.168.178.20 20
224.0.0.0 240.0.0.0 192.168.178.20 192.168.178.20 20
224.0.0.0 240.0.0.0 169.254.1.1 169.254.1.1 1
255.255.255.255 255.255.255.255 169.254.1.1 169.254.1.1 1
255.255.255.255 255.255.255.255 169.254.1.1 2 1
255.255.255.255 255.255.255.255 192.168.178.20 192.168.178.20 1
Default Gateway: 169.254.1.1
===========================================================================
Persistent Routes:
None

and I assume the problem is the default gateway. When I change it with
route add 0.0.0.0 mask 0.0.0.0 192.168.1
it seems to solve the problem.

My questions, many thanks for any input:-

Is this a reasonable thing to do? If so, how do I make a default gateway
persistant? Is there any way I can set up my VPN server so that new
clients don't have to change their routing tables?
Shouldn't VPN work "out of the box" without having to change routing tables?

Are the IP addresses the VPN DHCP server assigns, like 169.254.1.1, reserved
for internal LAN use? If not, how does anyone know where to route them?

TIA,
David