MS VPN Client - fail aquiring gateway setting?
Last Updated: Feb 27 2005 16:35, Started by
Tyby
, Feb 27 2005 12:54
·
0
#1
Posted 27 February 2005 - 12:54
Mediu:
Windows 2003 server standard edition configurat ca DC, cu serviciile auxiliare de networking configurate relativ corect (DHCP, DNS) ... Am configurat RRAS ca Virtual Private Network (VPN) access and NAT server. (http://www.microsoft...server_role.asp) Clientii se conecteaza, nu am erori de nici o coloare, doar ... Probleme: 1. Am configurat DHCP Relay agent catre adresa locala ... e ok ... da IP-urile corect catre clienti din interior sau exterior ... dar nu imi da Default gateway pentru ppp link. (desi e bifata optiunea de Use default gateway on remote network in setarile clientului VPN. Pentru clienti din reteaua locala, imi da IP din aceeasi clasa (192.168.0.x), iar la gateway imi da ACELASI IP ca cel al ppp-link-ului: PPP adapter spine: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.10 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 192.168.0.10 DNS Servers . . . . . . . . . . . : 192.168.0.254 Pentru clientii din internet, imi da gateway 0.0.0.0 ... Any ideea?! 2. Nu ma pot conecta pe L2TP ... nu am nici o eroare, pur si simplu imi da connecting to server_name ... si sta, si sta ... tinand cont ca server_name e la 3 m de cablu de mine, nu cred ca e chestie de link fizic ... Any ideea here, too?! Brain-storming #1: Am avut oarece probleme in conditiile in care ma conectez la un RAS Server aflat in retea locala cu setari de IPuri din aceeasi clasa (192.168.0.0/24). Mai precis: eu sunt intr-o retea locala 192.168.0.0/24 (cu IP 192.168.0.1), si ies printr-un router cu IP 192.168.0.254 ... ma conectez la reteaua remote (somewhere over the internet), care are setarile LOCALE identice: 192.168.0.0/24, cu ACEEASI adresa pe router ( 192.168.0.254), router care e si VPN (RAS) server. Am incercat sa fac un scope diferit in DHCP (VPN Scope), pe 10.0.0.0/24, da' nu vrea nici mort sa dea IPuri din clasa aia clientilor VPN! La un moment dat nu voia deloc! Am renuntat atunci din lipsa de timp si inexistenta unei necesitati imediate a conexiunii VPN. Brain-storming #2: Windows 2000 Server cu o SINGURA interfata de retea, pe care sunt configurate 2 IPuri: - unul extern ("routabil") dintr-un subnet de 4, subnet routat prin IPul primar de un AT AR330, care face si NAT (192.168.0.0/24) & Firewall pentru clientii din spate / server. - unul local (192.168.0.x) - serverul este DC & file, DHCP & Exchange Server. Ma intereseaza realizarea unei conexiuni VPN cu reteaua respectiva (sau macar cu win2k server) pentru accesare POP3 intr-un mod secure ... Evident, windoaza NU vrea sa faca RRAS ca n-are minim 2 interfete de retea ... Pe AT-AR330 nu am reusit sa configurez VPN sa lucreze cu un client MS nici mort (nu vrea si pace!). Nu exclud o eroare umana (adica je :) ), si sunt deschis oricaror propuneri. PS: nu vreau sa discutam - nu aici - natura solutiei adoptate cu routarea subnetului si existenta a 2 IPuri diferite pe aceeasi interfata ... Asa a fost sa fie ... Multam pentru idei! ;) |
#2
Posted 27 February 2005 - 13:17
:lol: man, da' stiu ca dai cu tunu' can te apuci tu sa ridici probleme ;) ...
iti raspund la toate, dar acum,rapid, pentru problema 1, cu gateway-ul: cand bifezi Use default gateway on remote network NU inseamna ca default gateway pe client va fi acel IP. Ce va face in schimb este sa adauge o noua ruta default ... in asta consta diferenta. Incearca un route print si vezi daca e vreo diferenta. revin cu detalii si la restul problemelor spor ;) Edited by PreTXT, 27 February 2005 - 13:26. |
#3
Posted 27 February 2005 - 13:34
Evident, io am probleme serioase! :D :P
Man, stiu ce zici tu ... de fapt tocmai aia spuneam. Ca nu inseamna ca asta trebuie sa facea, dar - din pacate - asta face. Si NU MAI AM NET pe clientul conectat la serverul VPN dupa ce se realizeaza conexiunea ... pentru ca ii da IP-ul 192.168.0.10 cu gateway 192.168.0.10 ... si de aici e evident! :( Sau nu inteleg eu ce zici ... route print? imi baga default gateway fiind IPul PPP link-ului!!! Si imi trece default gw meu pe metric 21 !!! uite la primele 2-3 randuri ... 192.168.0.12 e noul IP de pe ppp =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.12 192.168.0.12 1 0.0.0.0 0.0.0.0 192.168.0.254 192.168.0.1 21 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 20 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.12 255.255.255.255 127.0.0.1 127.0.0.1 50 192.168.0.111 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.254 255.255.255.255 192.168.0.1 192.168.0.1 20 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 20 192.168.0.255 255.255.255.255 192.168.0.12 192.168.0.12 50 192.168.1.0 255.255.255.0 192.168.1.1 192.168.0.1 20 192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.1 192.168.0.1 20 224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 20 224.0.0.0 240.0.0.0 192.168.0.12 192.168.0.12 1 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 255.255.255.255 255.255.255.255 192.168.0.12 192.168.0.12 1 Default Gateway: 192.168.0.12 =========================================================================== |
#4
Posted 27 February 2005 - 13:38
Problema2: cum ai configurat L2TP-ul ala ? Cum e setat IPSec-ul ?
Poti sa postezi un log al conexiunii, eventual si isakmp.log-ul ? Edited by PreTXT, 27 February 2005 - 13:39. |
#5
Posted 27 February 2005 - 14:00
uite, man .. poate nu am fost eu explicit:
Quote VPN Client Default Route By default, the Use default gateway on the remote network option is enabled. When the VPN client establishes a link with the VPN server, a new default route is created on the VPN client and appears in the VPN client’s routing table. You can view the new route by opening a command prompt and typing the route print command. This new default route replaces the old default gateway that may have been set on the VPN client when the dial-up connection was established. If a dial-up connection is used, the default gateway is typically the ISP’s router. This allows the dial-up clients to access the Internet. However, when the new default route is added, the VPN clients that have the Use default gateway on remote network cannot access the Internet, because the clients now use the VPN interface to route packets to remote (non-local) networks. As a VPN administrator, this is exactly what you want. You do not want VPN clients to be able to access your private network and the Internet at the same time. Doing so creates a significant security risk since the VPN client can become a gateway between the Internet and the private network. si uite si aici: http://support.micro...1&Product=winxp later_edit: AICI ai si variante de configurare Edited by PreTXT, 27 February 2005 - 16:15. |
#6
Posted 27 February 2005 - 15:58
Brainstorming #2
port forwarding din router + Single NIC VPN (vezi Appendix B ) ca sa treci mai departe in RRAS wizard alege Custom Configuration spor ;) Edited by PreTXT, 27 February 2005 - 15:58. |
#7
Posted 27 February 2005 - 16:35
Brainstorming #1: raman la parerea ca ai nevoie sa asignezi clientilor adrese dintr-un alt range ... ai vazut cum functioneaza (povestea cu rutele), deci iti dai seama ce nebunie iese ...
vezi aici dupa off-subnet ... cam asta ar trebui sa incerci, zic eu ... P.S. in link-ul ala (l-am dat si mai sus) ai si niste troubleshooting steps, poate ajuta ;) |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users