Announcement

Collapse
No announcement yet.

Routing problem PPTP VPN (Win2003)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Routing problem PPTP VPN (Win2003)

    Hello, I’m a system administrator at a medium sized company. Our server all running on Windows 2003. To let our employees connect to our network we let them use PPTP (via a Windows 2003 server). It is not the best and secure way but it worked for us fine for several years.

    The problems began 1 month ago. All VPN users complained that they could not connect to the network. I investigated the problem and noticed a strange behavior:
    Users could establish a VPN tunnel, but once connected they could not get access to the network. You could ping the (internal) IP of the server if you had a connection but no other server? So I expected a routing problem. It seems that the server doesn’t route the traffic to the network.

    First I tried to fix it my self (I’m MCSA) but after a day of trail and error I contacted a support company with more experienced people than me. After 2 days they give up as well. The only solution we found was to reinstall (or enable) the “routing and remote access” on another server. So I just run the wizard, do the manual config (we have only 1 LAN connection), select VPN, changed the firewall to the new server and done. It worked again. And we didn’t looked any further for the cause. We suspected that a security update was messing with the settings, so we disabled the automatic updates on the newly configured server.

    BUT, today we experienced the same problem on the other server. Now to come up with a quick solution we tried to enable it on other servers (patched and unpatched servers). But without success, every time we configure it and test the server we can only connect but cannot access the rest of the network. You can only ping or even rdp to the VPN server itself.

    Does anyone have experienced the same problem? And more important does anyone has a solution for me?

  • #2
    Re: Routing problem PPTP VPN (Win2003)

    I haven't personally dealt with exactly this kind of routing issue. Have you tried uninstalling any updates or hotfixes that were applied around the time that the server started behaving this way? How about trying system restore if it's enabled on that server (system restore can cause weird things to happen sometimes though). Any event log errors or warnings at about the time this started? How about event log entries when someone connects?

    I know how frustrating these phantom issues can be. BTW, nice nickname.

    Signed,
    Wesley
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

    Comment


    • #3
      Re: Routing problem PPTP VPN (Win2003)

      There are few questions in my mind. If you could answer?
      a. You use DHCP to distribute IP's address or give it through VPN static pool?
      b. Is your internal network ip's different from the VPN internal IP(i mean here VLANs)?
      c. Once your client are connected what IP do they receive?
      d. What firewall software do you use?
      Best Regards ,
      Manish Nadkarni

      Comment


      • #4
        Re: Routing problem PPTP VPN (Win2003)

        Thanks for the replies.

        Some answers:
        @Wesley
        - There are no errors in the event log (only log-on and log-off events). I looked at the logs from the RRAS (file logs) but I can see any abnormalities from what I can understand from them.
        - Since we disabled the updates from the second server, and it worked for about a month, I can't see why it should be related to an update?
        System restore isn't available on the server. Already put my hope into that option last time.

        @virus
        A. Using DHCP relay (this works see C)
        B. No, the clients break out to the internal network, no restrictions
        C. They receive an IP like the internal users, in the same range. You can not distinct VPN and normal users by looking at the IP. Also the VPN users receive the correct DNS settings, alto they cannot resolve it because the DNS servers aren't available due to the situation.
        D. We use an hardware firewall. Since the user can create a VPN, they aren't restricted by the firewall anymore. We have no DMZ or other mechanisms to restrict internal traffic.
        Last edited by WesleyVH; 14th May 2009, 06:49.

        Comment


        • #5
          Re: Routing problem PPTP VPN (Win2003)

          Originally posted by WesleyVH View Post
          - Since we disabled the updates from the second server, and it worked for about a month, I can't see why it should be related to an update?
          Quite right. That one flew under my radar. Truly, truly bizarre. One of those issues that drives me nuts. Have you rebuilt the TCP/IP stack? Uninstalled the network cards and reinstalled them? That kind of troubleshooting is what I like to call "flailing", but if it works... who cares? At least it can narrow the problem down.
          Wesley David
          LinkedIn | Careers 2.0
          -------------------------------
          Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
          Vendor Neutral Certifications: CWNA
          Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
          Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

          Comment


          • #6
            Re: Routing problem PPTP VPN (Win2003)

            Does your 2003 server have Windows Firewall turned on?

            Comment

            Working...
            X