Windows Server 2008 R2 RAS VPN: access server on internal interface ip

short question: I'm usually a linux admin but need to setup a Win2k8 R2 server for a student project. The server is running as VM on a root server and has a public internet IP assigned. Additionally I need a VPN server to access some services running on the server. I managed to set up a working VPN gateway via the Routing and RAS service which assigns clients an IP in the private subnet 192.168.88.0/24 with the Interface "Internal" listening on 192.168.88.1. Additionally I set up the external interface as NAT interface.

So I can connect to the VPN server, get an IP assigned and the server additionally does NAT and I can access the internet over the VPN connection. The only thing I additionally need, is that I can access the server itself over that internal IP (e.g. client 192.168.88.2, server 192.168.88.1) as I want to access some services which I don't like to expose to the internet and restrict them to connected VPN clients.

Does anybody have a hint, which configuration I'm missing here to be able to access the server over the VPN connection?

EDIT: VPN clients get assigned the IP from the private subnet with subnetmask 255.255.255.255, I guess that might be the reason I can't access the server on the private IP address although it's in the same network range. Any ideas how to change this? I defined a static address pool in the Routing and RAS service, but I can't change the netmask there.

EDIT2: I can't access the server from the client, but I can fully access the client from the server (ping, HTTP). I guess it has to do with firewall configuration.

Thanks in advance, Mathias


Solution 1:

subnet 255.255.255.255 is normal, because you are using PPP (point-to-point type of VPN connection). Also, you can look, at the vpn client, ipconfig /all , and you will see that your client has some ip, for example: 192.168.88.200, and there is remote gateway (your vpn server, intranet ip), which is for example: 192.168.88.1.

When you setup IP addressing on RRAS, please make shure that servers VPN ipaddress is not the same as servers local ip address, for example: Server LAN: 192.168.88.1 Server VPN address: 192.168.88.2 Client IP: 192.168.88.2

Also, if you need to visit server, go to 192.168.88.2, not 192.168.88.1., This is normaly solved by using DNS server, and RRAS registers both IPs in DNS.

Also if you need to access LAN side, you need to enable ARP Proxy, so your vpn clients can go to lan subnet and vice versa.