VPN Troubles

[Tim Mulholland]

Here is my scenario:

2 Vista Machines, both on different home networks.
Windows 2003 Server in office as VPN server

I can connect just fine from both machines to the VPN. Authentication goes
smoothly, etc. No problems connecting. Appears to work fine. I am assigned
the correct IP address and DNS servers.

I cannot, however, access anything on the work network. It's almost as if
i'm not really connected. I still can access the internet and my home
networks. But nothing on the work network.

If i modify the VPN properties and check the "Use default gateway on remote
network" and reconnect, i can suddenly access everything on my work network.
However, this means ALL of my internet traffic is going through the VPN,
which is not good.

One day, i was able to actually connect without the default gateway checkbox
and have it work properly. THe next day it stopped working. It almost seems
random.

I have another machine (XP) on one of my home networks and it connects just
fine. That's why i'm posting this in a Vista forum.

Thanks for any help you can share with me.

-Tim

 

[Robert L [MVP - Networking]]

For the security reason it is better to use "Use default gateway on remote
network". If for some reasons you don't want to do so, you may need to change the vista VPN client routing table.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Here is my scenario:

2 Vista Machines, both on different home networks.
Windows 2003 Server in office as VPN server

I can connect just fine from both machines to the VPN. Authentication goes
smoothly, etc. No problems connecting. Appears to work fine. I am assigned
the correct IP address and DNS servers.

I cannot, however, access anything on the work network. It's almost as if
i'm not really connected. I still can access the internet and my home
networks. But nothing on the work network.

If i modify the VPN properties and check the "Use default gateway on remote
network" and reconnect, i can suddenly access everything on my work network.
However, this means ALL of my internet traffic is going through the VPN,
which is not good.

One day, i was able to actually connect without the default gateway checkbox
and have it work properly. THe next day it stopped working. It almost seems
random.

I have another machine (XP) on one of my home networks and it connects just
fine. That's why i'm posting this in a Vista forum.

Thanks for any help you can share with me.

-Tim

 

[Tim Mulholland]

Hi Bob,

Thanks for your response.
Could you explain the security reasons for this a bit? Or at least point me to an article that does so? I'm just curious.

The network connection at the server is not that speedy (just a DSL line) so routing all internet traffic through it can get... well... boring while waiting for things to download. That's why i'd prefer not to use the remote connection as the default gateway.

I did discover that, when the problem was occurring, i could add a static route to my routing tables and things would work - immediately. This lasts as long as i keep that connection active. But i have to do it every time i connect. I tried using the -p switch to tell the route command to make it persistent, but it still loses it as soon as i disconnect. Since you pointed me towards modifying the VPN client routing table, do you have any pointers about this problem? Also, since i'm the curious type, could you explain why it is occurring on Vista when it doesn't seem to occur on XP?

Thanks in advance,

-Tim
For the security reason it is better to use "Use default gateway on remote
network". If for some reasons you don't want to do so, you may need to change the vista VPN client routing table.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Here is my scenario:

2 Vista Machines, both on different home networks.
Windows 2003 Server in office as VPN server

I can connect just fine from both machines to the VPN. Authentication goes
smoothly, etc. No problems connecting. Appears to work fine. I am assigned
the correct IP address and DNS servers.

I cannot, however, access anything on the work network. It's almost as if
i'm not really connected. I still can access the internet and my home
networks. But nothing on the work network.

If i modify the VPN properties and check the "Use default gateway on remote
network" and reconnect, i can suddenly access everything on my work network.
However, this means ALL of my internet traffic is going through the VPN,
which is not good.

One day, i was able to actually connect without the default gateway checkbox
and have it work properly. THe next day it stopped working. It almost seems
random.

I have another machine (XP) on one of my home networks and it connects just
fine. That's why i'm posting this in a Vista forum.

Thanks for any help you can share with me.

-Tim

 

[Aanand Ramachandran]

Hi Tim,
What Bob has explained below is called split-tunneling. Here is some info about it

http://www.microsoft.com/technet/community/columns/cableguy/cg1003.mspx

The initial part of the above article talks about split tunneling.

When all traffic (both internet and intranet) is sent through the VPN server it goes through the croporate network which enables monitoring of the traffic. Also, an admin can setup filters on the RAS server to block traffic to certain IP addresses.

thanks
Aanand
Hi Bob,

Thanks for your response.
Could you explain the security reasons for this a bit? Or at least point me to an article that does so? I'm just curious.

The network connection at the server is not that speedy (just a DSL line) so routing all internet traffic through it can get... well... boring while waiting for things to download. That's why i'd prefer not to use the remote connection as the default gateway.

I did discover that, when the problem was occurring, i could add a static route to my routing tables and things would work - immediately. This lasts as long as i keep that connection active. But i have to do it every time i connect. I tried using the -p switch to tell the route command to make it persistent, but it still loses it as soon as i disconnect. Since you pointed me towards modifying the VPN client routing table, do you have any pointers about this problem? Also, since i'm the curious type, could you explain why it is occurring on Vista when it doesn't seem to occur on XP?

Thanks in advance,

-Tim
For the security reason it is better to use "Use default gateway on remote
network". If for some reasons you don't want to do so, you may need to change the vista VPN client routing table.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Here is my scenario:

2 Vista Machines, both on different home networks.
Windows 2003 Server in office as VPN server

I can connect just fine from both machines to the VPN. Authentication goes
smoothly, etc. No problems connecting. Appears to work fine. I am assigned
the correct IP address and DNS servers.

I cannot, however, access anything on the work network. It's almost as if
i'm not really connected. I still can access the internet and my home
networks. But nothing on the work network.

If i modify the VPN properties and check the "Use default gateway on remote
network" and reconnect, i can suddenly access everything on my work network.
However, this means ALL of my internet traffic is going through the VPN,
which is not good.

One day, i was able to actually connect without the default gateway checkbox
and have it work properly. THe next day it stopped working. It almost seems
random.

I have another machine (XP) on one of my home networks and it connects just
fine. That's why i'm posting this in a Vista forum.

Thanks for any help you can share with me.

-Tim