Thanks Bill. I appreciate your input and feedback.
All clients are remote, in that they are all home users. I did indeed
disable the "use default gateway" switch, mostly for bandwidth reasons at
the main site. I didn't want all Internet traffic going through the VPN and
then back out the corporate Internet. At the time, it seemed the lesser of
two evils.
As it stands, my only solution has been to assign static IPs through AD
dial-in permissions, then write a script for each user that adds the remote
route based on the assigned IP. Not a wonderful solution, but since I also
have to have them map drives, I guess it's not such a terrible hassle to add
that in.
Out of curiosity, how do I enable Internet routing through RRAS? I know
that's a newbie question, but I'm somewhat of a newbie to RRAS. Unless I
disable that switch, users get no internet at all, only access to the
corporate systems.
Thanks,
Myxx
"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
>
>
> "Myxx" <(E-Mail Removed)> wrote in message
> news:0NLkk.2436$(E-Mail Removed)...
>> Hey Windows Server community,
>>
>> Got a quick one to run by you all. Thanks for taking the time to read
>> through it, and for any responses.
>>
>> I've got a 2-site organization. Each site has independent Internet T1,
>> as well as an MPLS T1 joined by 2 Cisco routers. All devices inside the
>> network use the MPLS routers as their default gateways. So, no problem
>> with talking back and forth. All that is fine.
>>
>> Where I have a problem is with static routes through RRAS.
>>
>> The RRAS server (for PPTP VPN connections) is in one office at
>> hypothetical IP 10.0.0.3, and it's gatway is the MPLS router at
>> hypothetical 10.0.0.5. So no problems with routing there.
>>
>> The remote office server is on IP192.0.0.2, with a gateway of 192.0.0.5,
>> the MPLS router.
>>
>> Users in each office can connect to local and MPLS connected systems
>> without a problem. However, when any user attempts to connect to the
>> VPN, they only get routes for the subnet local to the RRAS server.
>> Though I have created static routes in the RRAS configuration area, those
>> routes aren't propogated out to the client.
>>
>> I can do manual 'route add' to get the routes to the clients, using the
>> PPP interface as the gateway, but that's a lame solution, that doesn't
>> really scale, especially to a non-technical audients. And I don't want
>> to create post-vpn connection batch files they have to run each time.
>> However, when I add the routes manually, all traffic can get through, and
>> all servers are accessible. So it's not a routing problem per se, it's a
>> static route problem.
>>
>> Any thoughts out there as to why this might be happening, and what I can
>> do to get it working?
>>
>> Thanks!
>>
>
> Where are the remote clients? Are they connecting from outside (ie not
> in either site)?
>
> You should not need any routes on the client. By default it will send
> all traffic through the VPN connection (unless you disable the "use
> default gateway...." switch). If you disable that it will only send subnet
> traffic through the tunnel for the subnet matching the received IP.
>
> If you have disabled that switch you are on your own. You cannot
> pre-configure routes because there is no address you can use as the
> gateway address (since this isn't allocated until the VPN connection is
> made). In RRAS you can use a demand-dial interface, but that doesn't exist
> in the client OS.
>
> The only viable solution is to have a script which runs when the client
> connects. The script would need to get the IP address of the connection
> and plug it into the route commands.
|
Similar Threads
Linear Mode
