Options
PPTP VPN Routing Issue
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
in Off-Topic
I am stumped by this and would like to ask for some help. My company has two locations. Let’s call them HQ (head quarters) and BO (branch office). The BO location has just moved into a new facility. It is a large room in another company’s warehouse. We have a single data port to plug into and we will not be able to use the L2TP/IPSec VPN that we had been using to connect the BO and the HQ. We have two network barcode stations that are used for labor reporting. I decided I would connect the BO via a PPTP VPN using a server with two NICs. We will call this BORouter. It’s a Server 2008 box with RRAS installed. The connection is configured as a persistent connection in RRAS and should be routable. Routes exist in the routing table on BORouter for the 192.168.1.0/24 (HQ Network) and the 192.168.3/24 (BO Network). This device connects back to the HQ to a static IP and PPTP is forwarded through the SonicWALL to a Server 2003 system with ONE network card. We will call this machine HQRRAS.
Now here is the deal. With NAT enabled on the PPTP interface on BORouter I am able to connect from client computers to resources on the HQ Network. With no NAT enabled, it does not work. I have tried two solutions. I added static routes on the SonicWALL for the BO Network. And when that did not work I enabled RIPv2 on both the SonicWALL and the BORouter. I could see the routes propagate but I could still not ping between hosts on the two networks. I’m stumped! No idea what it might be.
Summary
* Two Networks 192.168.1.0/24 and 192.168.3/24
* Connected via a PPTP VPN
* Routes exist between the two networks but communications between hosts fail.
* When NAT is enabled on the BORouter I can ping from 192.168.3.0/24 to 192.168.1.0/24.
I tend to think it is something on the BORouter. But I am really not sure.
Now here is the deal. With NAT enabled on the PPTP interface on BORouter I am able to connect from client computers to resources on the HQ Network. With no NAT enabled, it does not work. I have tried two solutions. I added static routes on the SonicWALL for the BO Network. And when that did not work I enabled RIPv2 on both the SonicWALL and the BORouter. I could see the routes propagate but I could still not ping between hosts on the two networks. I’m stumped! No idea what it might be.
Summary
* Two Networks 192.168.1.0/24 and 192.168.3/24
* Connected via a PPTP VPN
* Routes exist between the two networks but communications between hosts fail.
* When NAT is enabled on the BORouter I can ping from 192.168.3.0/24 to 192.168.1.0/24.
I tend to think it is something on the BORouter. But I am really not sure.
Comments
-
Options
wastedtime
Member Posts: 586 ■■■■□□□□□□
I think we are assuming you did it already and that your conclusion is right. Congratz on finding the problem.
J/K
Did you try sniffing the traffic on both ends? -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
wastedtime wrote: »I think we are assuming you did it already and that your conclusion is right. Congratz on finding the problem.
J/K
Did you try sniffing the traffic on both ends?
No, I have not done that yet. I will give it a try. I'll have to be at the other locatation so it might take a day or two... Thanks, good suggestion. I'll be able to see if the data is actually being routed out or not. -
Options
wedge1988
Member Posts: 434 ■■■□□□□□□□
This seems odd. Try below. its a bit of help i'spose...
These might be stupid, but stupid sometimes works- Server 2008 has built in firewall capabilities (as though you didnt know that already, right?)
- RRAS becomes the firewall when you install it (Didnt forget i hope)
- check event viewr. Its not security related because its cross-domain is it?
- try OSPF, not sure, bur RIP might be trying to connect acress a dead connection somehow. (Not sure how though)
oh and one more thing, you cant cross subnets, they should be part of each other or routed (duh thats obvious, he said that!)~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
This seems odd. Try below. its a bit of help i'spose...
These might be stupid, but stupid sometimes works
Stupid sometimes gets you to where you need to go by looking at things with fresh eyes.Server 2008 has built in firewall capabilities (as though you didnt know that already, right?)
RRAS becomes the firewall when you install it (Didnt forget i hope)
This was one of the first things I checked. It cannot be this, though, as
with NAT enabled I am able to access resources on the 192.168.1.0/24 network from a client on the 192.168.3.0/24 network. Of course I am always able to access the 192.168.1.0/24 network from the BORouter system. Is this assumption correct? I will need to confirm. The Windows Firewall is disabled, I know that.
I know this is impossible becuse the client PCs are all on the same domain as the systems in the HQ network.check event viewr. Its not security related because its cross-domain is it?try OSPF, not sure, bur RIP might be trying to connect acress a dead connection somehow. (Not sure how though)
I will give this a try as well. I had considered OSPF but since I was seeing RIPv2 propogate the routes and it still wasn't working, I didn't bother.Let us know how you get on, this is interesting
oh and one more thing, you cant cross subnets, they should be part of each other or routed (duh thats obvious, he said that!)
I will update, and yes, it's routed. -
Optionswedge1988
Member Posts: 434 ■■■□□□□□□□
well i think that was worth a post
anyways, as investigators say, if its not the obvious, use the inobvious. as in:- try changing the network card or router port.
- create a test lab and try without firewalls
- check netbios settings. disable them!
still interested on this one. ~ wedge1988 ~ IdioT Certified~
MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
