How to access shared folders over Windows Server 2008 VPN from Windows 7 client?
Solution 1:
With the "Use default gateway on remote network" option turned off on the VPN connection (VPN Connection > Properties > Networking Tab > IPv4 (List Item) Properties > Advanced Button), you get what's called a "split tunnel". The way it's supposed to work is that instead of all your traffic going through the VPN, all your Internet traffic goes through your normal default gateway, and only select traffic, addressed to your VPN server or network, will go through the VPN tunnel.
The problem is that Windows 7 routing tables are wrong by default. FAIL!!!
It generates bad tables, so that it does not properly route traffic over the VPN. For example, my VPN was set to connect to a server called "my.domain.com". Suppose my.domain.com's IP is 1.2.3.4. When I ran a "route print" command on the client, I could see that the entry for 1.2.3.4 was pointing to my local gateway, instead of the gateway for the VPN server. The VPN server's gateway can be found by either looking at the gateways listed in the "route print" command's output on the client that's connected to the VPN, or on the VPN server go to "Server Manager > Roles > Network Policy and Access Services > Routing and Remote Access > IPv4 > General", and the "Internal" interface's IP Address is the gateway you need. Suppose, for example, it's 1.2.3.100.
There were even other entries in the table that seemed to be circular. So, I used a command like this on the client: "route delete 1.2.3.4" to delete the incorrect route for my VPN server's IP, and added a correct one with a command like this "route add 1.2.3.4 mask 255.255.255.255 1.2.3.100 IF 28", where 1.2.3.100 was the gateway of my VPN server, and the "28" was the InterFace (IF) number for my VPN connection listed in the output of the "route print" command.
After that, when I entered "\my.domain.com\" in Explorer, it was properly routing the traffic through the VPN tunnel. It arrived on the network, appearing to come from a local IP (statically allocated via "Server Manager > Roles > Network Policy and Access Services > Routing and Remote Access (Properties) > IPv4 Tab > IPv4 Address Assignment Group > Static Address Pool Option), and so it made it through the firewall exception for File and Printer Sharing on the "public" network which restricted remote addresses to the ranges in the static pool that I specified.