How to set up routing for RRAS VPN connections
I have a NAT/firewall running DHCP for the LAN configured to forward the VPN ports directly to the Windows 2008R2 server behind the firewall on NIC1. The LAN switch is also connected to the firewall for internet access.
RRAS/VPN is setup on the Windows server which is also the DC and local DNS server at this point. NIC2 on the server connects to the LAN switch and connectivity to the internet and LAN works fine for the local subnet (192.168.1.0).
VPN clients can connect but then they cannot connect to any office network or internet addresses nor can they resolve DNS unless the "use default gateway on remote network" option is turned off, then the internet is available to them.
This looks like a routing table issue but I don't know how to set that up properly. Any ideas?
IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : LDMSERV2
Primary Dns Suffix . . . . . . . : LDM.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LDM.local
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VPN HOST:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II
Physical Address. . . . . . . . . : 78-2B-CB-33-A7-99
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.8
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II
Physical Address. . . . . . . . . : 78-2B-CB-33-A7-98
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.8
127.0.0.1
Primary WINS Server . . . . . . . : 192.168.1.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Solution 1:
Here's what I did to get it to work.
- Configured Remote Access Logging and Policies (Right-click > Launch NPS)
- Added a policy to allow my remote access users to access the network (this alone did not remedy the situation and may not have been the issue but I did it anyway)
- Under Routing and Remote Access Properties > IPv4 tab, switched to Static address pool
- Set up an address space that was unused by the NAT/DHCP server for the RRAS DHCP pool (192.168.1.201-250)
- Selected Enable broadcast name resolution and used NIC2 (the LAN subnet) as the Adapter for DHCP/DNS/WINS
Everything resolved after that! Thank you everyone for your help and for the other ServerFault articles that pointed me in the right direction.