VPN within a Remote Desktop session

remote-desktop vpn

I connect to a server on my local network via Remote Desktop. I then need to make a VPN connection out to the internet from within that Remote Desktop session. However that immediately disconnects my remote desktop session.

What's happening here and is there a way I can fix it?

Extra Information:

Local Computer #1:

  • Initiates RDP Session to #2
  • Windows 7
  • 10.1.1.140/24

Local Computer #2:

  • Windows Vista
  • 10.1.1.132/24
  • Initiates VPN connection to public IP
  • VPN is PPTP
  • Set to obtain IP and DNS automatically
  • 'Use Default Gateway on Remote network' is unselected
  • 'Enable LMHosts' is selected
  • 'Enable Netbios' over TCP/IP is selected
  • Has the ability to be multi-homed (ie. has 2 nic's)

Public facing ADSL Router:

  • VPN Server
  • receives connection from #2 via external IP
  • Internal network is 192.168.0.0/24

I can make a VPN connection from my PC with no problems (no RDP involved).

Tom suggested using dual NIC's in a comment below. I have dual NIC's in the box (#2 above) but I'm not sure how to set them up properly, or how to assign the VPN to use one over the other.

I tried setting the extra NIC to be on the same private network (10.1.1.200/24), starting the VPN and then trying to RDP to either of the NIC's, 10.1.1.132 or 10.1.1.200 but didn't have any luck. Is there some way I can tell the VPN to use one NIC over the other?

As requested - here are my routing tables from PC#2:

Before VPN is connected:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     20
         10.1.1.0    255.255.255.0         On-link        10.1.1.132    276
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.255  255.255.255.255         On-link        10.1.1.132    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
===========================================================================

and after VPN is connected:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     20
         10.1.1.0    255.255.255.0         On-link        10.1.1.132    276
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.255  255.255.255.255         On-link        10.1.1.132    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
      192.168.0.0    255.255.255.0    192.168.0.254    192.168.0.234    267
    192.168.0.234  255.255.255.255         On-link     192.168.0.234    522
    remote-vpn-ip  255.255.255.255       10.1.1.254       10.1.1.132     21
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.234    522
===========================================================================

I even tried hooking up the second interface (10.1.1.232) and playing with the default routes:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     21
         10.1.1.0    255.255.255.0       10.1.1.254       10.1.1.232     11
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.232  255.255.255.255         On-link        10.1.1.232    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
      192.168.0.0    255.255.255.0    192.168.0.254    192.168.0.235    267
    192.168.0.235  255.255.255.255         On-link     192.168.0.235    522
    remote-vpn-ip  255.255.255.255       10.1.1.254       10.1.1.132     21
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
        224.0.0.0        240.0.0.0         On-link        10.1.1.232    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link        10.1.1.232    266
  255.255.255.255  255.255.255.255         On-link     192.168.0.235    522

Solution 1:

What's happening is that you're effectively cutting off the IP route from the server to yourself - hence the RDP session loss. You can fix it by setting up the VPN in a way that it's bound to a second interface (physical or virtual) so that both the VPN and RDP link can coexist. How you do this depends enormously on a range of very detailed configurations that we don't know right now, so if you want help with this you'll have to come back to us with a LOT more information, just as much as you can please.

Solution 2:

This can be usual practice - by default, on a windows box, (this may have changed), all traffic gets forced down the VPN tunnel, so yes, your RDP will drop.

I suggest, going to the advances settings of your VPN on your server, and making sure it doesn't send all traffic via the VPN.

Also, check that the destination network doesn't use the same subnet settings as you do, otherwise again, you'll experience the symptoms you describe.

Solution 3:

I had this problem before, and the solution is "split tunneling", this means, send the Internet Traffic to the default gateway, and the traffic to the VPN network using the Tunnel.

What you have to do is set up a static route to your machine in Computer #2. And setting the priority for this route to 0

So the end result will be a default route 0.0.0.0/0 to the IP address of the VPN Gateway, and a static route to your machine using the default gateway.

In windows what you would do is something like this:

 route add 10.1.1.140 netmask 255.255.255.255 <defaultGW> -P

where defaultGW is the ip address of your router.

This will ensure that traffic going to 10.1.1.140 will not be routed to the tunnel.

if you have physical access to computer #2, connect to the VPN and let us know the routing table of the machine:

route print

one before connecting to the vpn and one after.

Whit this information, we can help you up setting the "split tunnel"

Hope to be of assistance

Solution 4:

Hard to tell without more information, but many VPN clients have the nasty habit of (logically) deconnecting their host computer from the LAN while setting up the VPN connection. I.e., you can be connected either to your LAN, or to the VPN, but not both.

If your VPN client does this, obviously your RDP session would be killed as a side effect of cutting you off from the LAN.

I'm not sure why VPN clients do this, whether it's an intentional measure (security?) or just a side effect of reconfiguring the network, but I have often encountered it.

Check the manual for details, and for how to fix this.

Related

pg_dump backup compression
ulimit -n not changing - values limits.conf has no effect
Command line tools to analyze Apache log files [closed]
Mirrored Mode RAM: Is it worth it?
How to keep time on resumed KVM guest with libvirt?
What is the Rowhammer DRAM bug and how should I treat it?
How to assign an empty value to a variable in Ansible?
Suspicious .htaccess File
How long should resize2fs take on a 1TB partition?
Should I be using iptables or ufw?
Best way to clone a live linux system
Mandelbrot-like sets for functions other than $f(z)=z^2+c$?