A
Aman Singer
Hi, All.
I have recently set up a PPTP VPN. It's working
well except that, though I can access LAN resources from
the system making a VPN connection, I cannot access
anything on the internet. They are pingable, but
inaccessible.
I'm using, on the server side, Windows XP Pro SP2. This is
behind a Linksys BEFSR41 router with all needed ports
forwarded to make the PPTP connection.
The PPTP connection is being made with a Windows XP Pro
SP2 machine on a different network. The two machines are
not using any other VPN software, but
only that which comes included in XP.
Now, the client machine connects to the server perfectly.
It sees the shares on the server and elsewhere on the
network the server is on. It can access
the router configuration and other local sites on the
network. However, It can't access the internet through the
VPN. That is, it can only access local
resources. This is despite the fact that it can ping
remote resources, and it can traceroute to them (the
traceroute shows it's going through the VPN connection).
Web connections,
mail connections, and telnet connections are all
impossible (Outlook and IE say they cannot find the
server, and telnet says that it failed to connect).
I have gone through the settings as well as I can, and
have done several google searches without result. The only
way I can access the internet when connected to the VPN is
to uncheck the "use default gateway on remote network" box
in the advanced dialogue of the TCP-IP properties. While
this does give me access to the internet, it doesn't give
me internet access through the VPN, and there are reasons,
such as an SMTP server set to accept connections from only
specific IPs, that it would be nice to connect to the
internet through the PPTP tunnel, rather than through the
default local gateway.
I have enabled IP forwarding following the instructions in
MSKB 315236
http://tinyurl.com/5rmh2
on the VPN server. I have also tried to add static
routes but, no matter what I do with the routes, I can't
seem to get it to use the PPTP tunnel for anything
except LAN traffic. When I enter something like
route add 216.51.232.100 mask 255.255.255.255 192.168.1.1
(that last is my gateway) metric 1
I get a statement to the effect that
The route addition failed: Either the interface index is
wrong or the gateway does not lie on the same network as
the interface. Check the IP Address Table for
the machine.
When I include an if to specify the interface (which I
think is 0x150006, but am not sure because there are two
SLIP/PPP WAN adapters, I've tried both with
the same result), the same message is displayed. How the
gateway could not lie on the same network as the interface
and how, at the same moment, the gateway
could be reachable by HTTP and residing in the same subnet
as the system is beyond me completely. What's also beyond
me is how a site can be tracerouted,
pinged, and pathpinged and yet not be accessible via HTTP
or any other protocol.
I have also tried adding a default route to the routing
table
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 (I've
put an interface here and left it off with the same
result).
Again, the gateway which I can access perfectly is said
not to lie on the network.
Thanks in advance for any assistance.
Aman
I have recently set up a PPTP VPN. It's working
well except that, though I can access LAN resources from
the system making a VPN connection, I cannot access
anything on the internet. They are pingable, but
inaccessible.
I'm using, on the server side, Windows XP Pro SP2. This is
behind a Linksys BEFSR41 router with all needed ports
forwarded to make the PPTP connection.
The PPTP connection is being made with a Windows XP Pro
SP2 machine on a different network. The two machines are
not using any other VPN software, but
only that which comes included in XP.
Now, the client machine connects to the server perfectly.
It sees the shares on the server and elsewhere on the
network the server is on. It can access
the router configuration and other local sites on the
network. However, It can't access the internet through the
VPN. That is, it can only access local
resources. This is despite the fact that it can ping
remote resources, and it can traceroute to them (the
traceroute shows it's going through the VPN connection).
Web connections,
mail connections, and telnet connections are all
impossible (Outlook and IE say they cannot find the
server, and telnet says that it failed to connect).
I have gone through the settings as well as I can, and
have done several google searches without result. The only
way I can access the internet when connected to the VPN is
to uncheck the "use default gateway on remote network" box
in the advanced dialogue of the TCP-IP properties. While
this does give me access to the internet, it doesn't give
me internet access through the VPN, and there are reasons,
such as an SMTP server set to accept connections from only
specific IPs, that it would be nice to connect to the
internet through the PPTP tunnel, rather than through the
default local gateway.
I have enabled IP forwarding following the instructions in
MSKB 315236
http://tinyurl.com/5rmh2
on the VPN server. I have also tried to add static
routes but, no matter what I do with the routes, I can't
seem to get it to use the PPTP tunnel for anything
except LAN traffic. When I enter something like
route add 216.51.232.100 mask 255.255.255.255 192.168.1.1
(that last is my gateway) metric 1
I get a statement to the effect that
The route addition failed: Either the interface index is
wrong or the gateway does not lie on the same network as
the interface. Check the IP Address Table for
the machine.
When I include an if to specify the interface (which I
think is 0x150006, but am not sure because there are two
SLIP/PPP WAN adapters, I've tried both with
the same result), the same message is displayed. How the
gateway could not lie on the same network as the interface
and how, at the same moment, the gateway
could be reachable by HTTP and residing in the same subnet
as the system is beyond me completely. What's also beyond
me is how a site can be tracerouted,
pinged, and pathpinged and yet not be accessible via HTTP
or any other protocol.
I have also tried adding a default route to the routing
table
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 (I've
put an interface here and left it off with the same
result).
Again, the gateway which I can access perfectly is said
not to lie on the network.
Thanks in advance for any assistance.
Aman