Windows network share not working over double VPN

Question

Scenario: Server A connected to Draytek router A on subnet 192.168.1.0/24. Server B connected to Draytek router B on subnet 192.168.2.0/24. Site to site VPN between routers A and B. Single Windows domain covering both networks.

We then have a dial-in VPN to router A. VPN User can connect to Windows shares on server A. VPN user can ping server B successfully. However attempts to access Windows shares on Server B fail.

Local users on subnet A can connect OK to shares on server B and vice versa.

Any ideas what we need to fix to enable VPN users to access network shares on both servers A and B?

Often this fall as a DNS issue, can you naviguate by IP to the server B share ? — yagmoth555, Apr 04 '17 at 20:12

score 0 · Answer 1 · answered Apr 04 '17 at 20:13

There are a few things missing from your question to know which direction to take this. First, are your remote access (dial in) VPN users getting their network addresses from a pool in a third subnet, or subnet A?

Most likely the remote access VPN users are getting addresses from a third subnet (192.168.3.0/24 for example). You need to make sure that the routing for the VPN users knows how to send to the subnet B, unless the default route for the remote users is the VPN.

The inverse is true, that you need to verify that the routing tables for Router B have the VPN user subnet included in the Site-to-Site VPN profile, as that would cover the routing on that end.

If all of the routing is verified, then you should double check that your firewall rules have rules matching Subnet B to remote access and that Router A has rules allowing the VPN subnet to subnet B.

Both router A and Router B should have NAT rules (most likely exemptions), that also need to include the VPN subnet on both ends.

Thanks - the VPN user gets an IP in subnet A eg 192.168.1.200. It is actually all working when I tested just now on my own machine so I think it may just be latency issues. — timanderson, Apr 05 '17 at 02:42

score 0 · Answer 2 · answered Apr 05 '17 at 02:50

This is working OK now. The main change we needed was to add the dns suffix in the advanced properties of the VPN connection. Note this is quite hidden in Windows 10. You have to use the Adapter Settings in the old control panel, not the modern UI for VPN connections. The dns suffix is in Properties - Networking - Internet Protocol 4 - Properties - Advanced. We also set the DNS server for the connection. It would be better to use DHCP but we had difficulty getting this to work.

Windows network share not working over double VPN

2 Answers2