VPN & PPTP                            Help Us!

How to setup VPN
Can't access the Internet while using VPN
 Can't access the remote network after unchecking  "Use default gateway on Remote Network"
Client VPN IP address must be used as a default gateway
Can my VPN server as a VPN server and also act as a router
 Can XP Home have multi VPN connections open simultaneously, like NT and W2K Pro?
Can't Ping External Network Adapter After Configuring RRAS as a VPN Server
Can't run logon script by using VPN
 Do not install VPN on a system with ICS running
 Port 42 for name resolution
 Unable to access the resources on the network
 VPN XP Client Disconnects After One Minute
 VPN logon using NT logon ID and password
VPN Win98 can access the resources but not W2K/XP

 

Can't access the Internet while using VPN

Symptom: after establishing a VPN connection, you may not be able to access the Internet because the VPN takes over your existing connection and all traffic to use the VPN default gateway on the remote network. The remote network may not allow VPN clients to access the Internet via their gateway.

Resolutions:
1) Disable the "use default gateway on remote network" option in the properties of the VPN connection.  To do that, go to VPN Connection->Properties->Network->TCP/IP->Properties->Advanced-, uncheck  "Use default gateway on Remote Network".
2) Edit route table manually if you know how to or check routing page on this web site.

Can't access the remote network after unchecking  "Use default gateway on Remote Network"

Symptom: After following above instruction and uncheck "Use default gateway on Remote Network" on VPN connection, you can't access to the remote network any more. For example, your LAN network is 192.0.0.0 and default gateway is 192.0.0.1; the VPN is 192.0.1.0 and gateway 192.0.1.1.that is connecting to the remote network 10.0.0.0. After establishing the VPN connection and unchecking  "Use default gateway on Remote Network", your computer use 192.0.0.1 as gateway instead of 192.0.1.1 and can't find a way to 10.0.0.0 network.

Resolution: you need modify the route table manually or refer to our Routing page on this web. Or check "Use default gateway on Remote Network" on VPN connection.

Client VPN IP address must be used as a default gateway

Symptom: you setup a VPN server and assign the VPN server IP as a VPN default gateway. While VPN clients connecting to the VPN server, they can't access to the network.

Resolution: the gateway IP address should be the client's IP assigned by the VPN server, not the IP address of the VPN server's Internet interface. You can only determine the IP address of the VPN client's virtual interface when the client is connected by double-clicking the virtual private networking connection object when the VPN connection is active. In the resulting Status dialog box, click the Details tab. Or use ipconfig /all command.

Can my VPN server as a VPN server and also act as a router

SYMPTOMS:  If you enable VPN on a server, the RRAS will accept incoming VPN connections only and secures the RRAS by enabling filters that only accept PPTP or L2TP traffic. Then network traffic over the VPN connections and the internal LAN connection are normal but the RRAS will not forward packets over the interface except PPTP or L2TP traffic.

RESOLUTION: If you want your server to be a VPN server and also act as a router,  you should select Manually configured server from above options and configure the RRAS as a router. For installed RRAS as VPN server, you can enable the RRAS as a router manually. To do this, 1) right-click VPN server from Routing and Remote Access>properties, select the Enable this computer as a Router. 2) Right-click Ports in RRAS Manager>Port>Properties. Check Remote access connections (inbound only) for both WAN Miniport (PPTP) and WAN Miniport (L2TP) by going to Configure.

NOTE: If you should manage packet filtering on the interface connected to the Internet carefully. Otherwise, you are opening your VPN server to attack from the Internet.

Can XP Home have multi VPN connections open simultaneously, like NT and W2K Pro?

This is not supported in the Home edition.

Can't Ping External Network Adapter After Configuring RRAS as a VPN Server

SYMPTOMS: After you configure the RRAS as a virtual private network (VPN) server in Windows 2000 Server with two or more network adapters, pinging the external network adapter does not work. This behavior occurs only while RRAS is running. Pinging the external network adapter succeeds when RRAS is stopped.

RESOLUTION: When you use the Routing and Remote Access Server Setup Wizard to configure RRAS as a VPN server, Input and Output filters are automatically configured on the external network adapter to process only VPN traffic. To allow pinging to and from the external network adapter, add Inbound and Outbound filters to the adapter to allow ICMP packets to be processed on the adapter. To do this, go to Routing and Remote Access>Server Name>IP Routing>General, In the right pane, right-click the adapter that has been configured as the external adapter, and then click Properties>Input Filters>Add, In the Protocol box, click ICMP. Do the same on  Output Filters.

Can't run logon script by using VPN

Symptoms: When trying to log on to a domain from a w2k/xp VPN client, you may not be able to run logon script and access to group policies, roaming profiles, and home folders. The following event may also be logged in the System event log: "Event ID 5719
No Windows NT or Windows 2000 domain controller is available for domain {domain name} the following error occurred: There are currently no logon servers available to service the logon request." This problem occurs only if the client is configured to use p-node or m-node for NetBIOS name resolution. This node type may have been set manually, or through a Dynamic Host Configuration Protocol (DHCP) lease that sets DHCP option 46.

Resolutions: 1) You can run regedit to change the mode to hybrid mode NetBIOS name resolution.
2) Or download the latest service pack for Windows 2000.

Click for help

 Your feedback and contributions to this web site

Do not install VPN on W2K with ICS running

Many users have reported that they were experienced some difficulties after installing VPN on w2k/xp running ICS and ICS clients may receive "Error: Page Can Not be Displayed" message. The reason is that establishing a VPN connection on the ICS Host modifies the Routing Table on the ICS Host. that will forces all clients that try to connect to the Internet to use the VPN routing table instead of the ICS routing table used to connect to the Internet service provider (ISP). This can create the following issues:

Port 42 for name resolution

To use VPN, you may need to open port 42 for name resolution.

Unable to access the resources on the network

1) Check the DNS and WINS setting. 2) Verify that either the protocol is enabled for routing or the Entire network option is selected for LAN protocols being used by the VPN clients.

VPN XP Client Disconnects After One Minute

SYMPTOMS: After you install SP1 for XP, your computer may drop VPN connections after about 55 seconds. This behavior may occur if ICS is enabled.

RESOLUTION:  1) disable ICS. 2) contact Microsoft Product Support Services to obtain the fix.

VPN logon using NT logon ID and password

To let a user logon from VPN using the same NT logon ID and password, you can 1) setup the VPN user ID and password same as NT ID and password; 2) you can authenticate to a Radius and then point to the NT domain server for PPTP user authentication.

VPN Win98 can access the resources but not W2K/XP

We're trying to use a Win2k and w98 laptops to our office over a VPN to our office.  from this location the Win2K client will connect correctly and authorize correctly, but you cannot browse the remote network.  You cannot ping a remote network address, nothing.  At the same location a Win98 client will connect correctly and browse the network no problem.  What's the difference in the networking of the two that would cause this to happened?

A: Win2k and XP both use DNS to find other machines  whereas Win98 uses NetBIOS or Wins. So, you will need to set up the DNS on VPN Server or clients.

Click for help

 Your feedback and contributions to this web site

   Main Menu