Unable to access internet resources over VPN

A

Aman Singer

Hi, All.
I have recently set up a PPTP VPN. It's working
well except that, though I can access LAN resources from
the system making a VPN connection, I cannot access
anything on the internet. They are pingable, but
inaccessible.
I'm using, on the server side, Windows XP Pro SP2. This is
behind a Linksys BEFSR41 router with all needed ports
forwarded to make the PPTP connection.
The PPTP connection is being made with a Windows XP Pro
SP2 machine on a different network. The two machines are
not using any other VPN software, but
only that which comes included in XP.
Now, the client machine connects to the server perfectly.
It sees the shares on the server and elsewhere on the
network the server is on. It can access
the router configuration and other local sites on the
network. However, It can't access the internet through the
VPN. That is, it can only access local
resources. This is despite the fact that it can ping
remote resources, and it can traceroute to them (the
traceroute shows it's going through the VPN connection).
Web connections,
mail connections, and telnet connections are all
impossible (Outlook and IE say they cannot find the
server, and telnet says that it failed to connect).
I have gone through the settings as well as I can, and
have done several google searches without result. The only
way I can access the internet when connected to the VPN is
to uncheck the "use default gateway on remote network" box
in the advanced dialogue of the TCP-IP properties. While
this does give me access to the internet, it doesn't give
me internet access through the VPN, and there are reasons,
such as an SMTP server set to accept connections from only
specific IPs, that it would be nice to connect to the
internet through the PPTP tunnel, rather than through the
default local gateway.
I have enabled IP forwarding following the instructions in
MSKB 315236
http://tinyurl.com/5rmh2
on the VPN server. I have also tried to add static
routes but, no matter what I do with the routes, I can't
seem to get it to use the PPTP tunnel for anything
except LAN traffic. When I enter something like
route add 216.51.232.100 mask 255.255.255.255 192.168.1.1
(that last is my gateway) metric 1
I get a statement to the effect that

The route addition failed: Either the interface index is
wrong or the gateway does not lie on the same network as
the interface. Check the IP Address Table for
the machine.

When I include an if to specify the interface (which I
think is 0x150006, but am not sure because there are two
SLIP/PPP WAN adapters, I've tried both with
the same result), the same message is displayed. How the
gateway could not lie on the same network as the interface
and how, at the same moment, the gateway
could be reachable by HTTP and residing in the same subnet
as the system is beyond me completely. What's also beyond
me is how a site can be tracerouted,
pinged, and pathpinged and yet not be accessible via HTTP
or any other protocol.
I have also tried adding a default route to the routing
table
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 (I've
put an interface here and left it off with the same
result).
Again, the gateway which I can access perfectly is said
not to lie on the network.
Thanks in advance for any assistance.
Aman
 
G

Gary Fose [MSFT]

If you can ping the external IP through the VPN tunnel, then the issue is most likely one of the
follwing:

1. DNS name resolution. If you ping www.yahoo.com through your VPN connection, does that
get resolved to an IP address? If it does not, then that is because the VPN machine needs to
use the DNS servers on the romte network.

2. Your browser is set to use the local proxy and not the one on the remote network.

3. The firewall on the remote network is not set up to allow traffic from either the VPN client or
that IP range (depends on how the firewall is configured).

4. There is a firewall or proxy client on your VPN client for your local network/path.

5. We know routing is not an issue if you are getting ping returns. If there was an issue with
routing, no traffic would get back to you.

6. Do an ipconfig /all on an existing and the new machine and make sure all is set EXACTLY
the same (except for host, mac and ip address).

Check the above and resubmit the issue if it still exists with the results of the above actions.

HTH,
Gary

--------------------
'--'Content-Class: urn:content-classes:message
'--'From: "Aman Singer"
<aman@remove.everything.after.the.at.up.to.and.including.the.underscore_asinger.net>
'--'Sender: "Aman Singer"
<aman@remove.everything.after.the.at.up.to.and.including.the.underscore_asinger.net>
'--'Subject: Unable to access internet resources over VPN
'--'Date: Sun, 16 Jan 2005 13:48:35 -0800
'--'Lines: 75
'--'Message-ID: <[email protected]>
'--'MIME-Version: 1.0
'--'Content-Type: text/plain;
'--' charset="iso-8859-1"
'--'Content-Transfer-Encoding: 7bit
'--'X-Newsreader: Microsoft CDO for Windows 2000
'--'Thread-Index: AcT8FSFEEwIhLAHPSFiNHUYE4O0SSw==
'--'X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
'--'Newsgroups: microsoft.public.windowsxp.network_web
'--'Path: cpmsftngxa10.phx.gbl
'--'Xref: cpmsftngxa10.phx.gbl microsoft.public.windowsxp.network_web:210513
'--'NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
'--'X-Tomcat-NG: microsoft.public.windowsxp.network_web
'--'
'--'Hi, All.
'--' I have recently set up a PPTP VPN. It's working
'--'well except that, though I can access LAN resources from
'--'the system making a VPN connection, I cannot access
'--'anything on the internet. They are pingable, but
'--'inaccessible.
'--'I'm using, on the server side, Windows XP Pro SP2. This is
'--'behind a Linksys BEFSR41 router with all needed ports
'--'forwarded to make the PPTP connection.
'--'The PPTP connection is being made with a Windows XP Pro
'--'SP2 machine on a different network. The two machines are
'--'not using any other VPN software, but
'--'only that which comes included in XP.
'--'Now, the client machine connects to the server perfectly.
'--'It sees the shares on the server and elsewhere on the
'--'network the server is on. It can access
'--'the router configuration and other local sites on the
'--'network. However, It can't access the internet through the
'--'VPN. That is, it can only access local
'--'resources. This is despite the fact that it can ping
'--'remote resources, and it can traceroute to them (the
'--'traceroute shows it's going through the VPN connection).
'--'Web connections,
'--'mail connections, and telnet connections are all
'--'impossible (Outlook and IE say they cannot find the
'--'server, and telnet says that it failed to connect).
'--'I have gone through the settings as well as I can, and
'--'have done several google searches without result. The only
'--'way I can access the internet when connected to the VPN is
'--'to uncheck the "use default gateway on remote network" box
'--'in the advanced dialogue of the TCP-IP properties. While
'--'this does give me access to the internet, it doesn't give
'--'me internet access through the VPN, and there are reasons,
'--'such as an SMTP server set to accept connections from only
'--'specific IPs, that it would be nice to connect to the
'--'internet through the PPTP tunnel, rather than through the
'--'default local gateway.
'--'I have enabled IP forwarding following the instructions in
'--'MSKB 315236
'--'http://tinyurl.com/5rmh2
'--' on the VPN server. I have also tried to add static
'--'routes but, no matter what I do with the routes, I can't
'--'seem to get it to use the PPTP tunnel for anything
'--'except LAN traffic. When I enter something like
'--'route add 216.51.232.100 mask 255.255.255.255 192.168.1.1
'--'(that last is my gateway) metric 1
'--'I get a statement to the effect that
'--'
'--'The route addition failed: Either the interface index is
'--'wrong or the gateway does not lie on the same network as
'--'the interface. Check the IP Address Table for
'--'the machine.
'--'
'--'When I include an if to specify the interface (which I
'--'think is 0x150006, but am not sure because there are two
'--'SLIP/PPP WAN adapters, I've tried both with
'--'the same result), the same message is displayed. How the
'--'gateway could not lie on the same network as the interface
'--'and how, at the same moment, the gateway
'--'could be reachable by HTTP and residing in the same subnet
'--'as the system is beyond me completely. What's also beyond
'--'me is how a site can be tracerouted,
'--'pinged, and pathpinged and yet not be accessible via HTTP
'--'or any other protocol.
'--'I have also tried adding a default route to the routing
'--'table
'--'route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 (I've
'--'put an interface here and left it off with the same
'--'result).
'--'Again, the gateway which I can access perfectly is said
'--'not to lie on the network.
'--'Thanks in advance for any assistance.
'--'Aman
'--'
'--'
'--'


This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Allow simultaneous PPTP VPN connection and general Internet connectivity 1
vpn 1
Unable to ping server - connected to VPN 1
Default Gateway on VPN Connection 1
2 networks for diferent uses (wired and wirless) 3
slow file browsing over VPN Windows XP to Windows Server 2003 1
No access to local network resources when connected to VPN 6
PPTP-Tunnel seperated from normal traffic 2

Top