-1

Thanks in advance for any help.

I apologise if anything doesn't make sense. I haven't done any professional networking before, only studied it at uni 3 years ago and everything is a little blurred. We are a software company trying to create some development environments behind a VPN.

I have created a windows VPN service in windows server 2012 R2 using RAS to a new network I have created in AWS.

The VPN works perfectly well and I can RDP into my current server when connected. Yet most the work I do I would like to still be part of my companies local network, in which I click and enable the "Use default gateway on remote network" flag in the IPv4 settings on my local machine, like I do when we connect to our clients with success it stops working and I can not ping or find my servers. Uncheck the default gateway and it works again.

My early suggestion is an address conflict?

The AWS Network runs on the 172.16.* . * range (255.255.248.0 netmask) with 255.255.255.0 subnets

Our internal network uses the 192.168.* . * subnets (unsure of the full details, as we did not do our internal network) yet I found that there is a DHCP Server on 172.30.0.254, could this be causing the conflict even though they would be different netmasks?

Below is the routing table. I am trying to RDP into 172.16.0.123 which works if the use default gateway is unchecked, yet can't find it when it is flagged. I have been assigned the internal ip of 10.0.0.21 when the VPN is successful.

enter image description here

Has anyone come across any similar issues?

Cyassin
  • 107
  • 6
  • Your understanding / usage of the "Use default gateway on remote network" box is confusing me. Update your question with the IP address of a server that you can't reach and the exact state that the checkbox is in when you can't reach it. The output of `route print` when you can't reach that server would help, too. – Evan Anderson Nov 26 '14 at 00:38
  • I have little understanding of the "Use default gateway", all I know is I was shown to use it when I wanted to stay on the local network while I VPN to clients. I have updated question with the routing table. – Cyassin Nov 26 '14 at 00:54
  • Take some time, create a layer 3 network diagram showing which networks are used where. Past that routing issues are most often resolved by the proper use of traceroute, and packet captures. – Zoredache Nov 26 '14 at 01:03
  • 1
    This still makes no sense. Don't show us a screenshot of what appears to be something from your RRAS server. Show us the output of `route print | clip` from the client computer when it is connected to the VPN. – Evan Anderson Nov 26 '14 at 01:16
  • Apologies to everyone, I got the use default gateway flag around the wrong way. It is when it is turned off it should be able to be part of both networks. I have resolved the issue. As you can see the RRAS was assigning VPN clients in the 10.0.0.* range. I changed this to be part of the 172.16.0.* range and it fixed everything. Sorry for all the confusion, tired and needed to step away from it all. Brain is mush. – Cyassin Nov 26 '14 at 01:18
  • Flag it to be closed for being unclear. – Cyassin Nov 26 '14 at 01:20

1 Answers1

2

I'm guessing you want to route basically all traffic through the VPN.

Without seeing your routing tables, my suggestion is the usual problem in this case: the VPN traffic can't itself go over the VPN.

Ensure that you have a route for the VPN endpoint specifically (i.e. you aren't relying on the default route to get to the VPN server you connect to on the client); that route should not go over the VPN. That should fix it.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • Added routing table to question. My question to your answer, is why can't the traffic pass when the use default gateway on remote network flag is checked? The local machine is thinking the traffic belongs on the local network rather than the vpn network? – Cyassin Nov 26 '14 at 00:57
  • The idea is that unless it has a specific route for the VPN endpoint, it will use the default one... but obviously the VPN traffic has to go through the local, non-VPN gateway. It's a bit confusing at first. – Falcon Momot Nov 26 '14 at 02:26