VPN Gateway

Goo Day to All,

I create a vpn and all configuration are ok, except the gateway

so my ipconfig /all are:

PPP adapter GMMP:

Connection-specific DNS Suffix . : tiago.loc
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-35-51-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.176
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.176
DNS Servers . . . . . . . . . . . : 192.168.0.11
192.168.0.11
Primary WINS Server . . . . . . . : 192.168.0.11


What is wrong is that gateway should be 192.168.0.1 and not my own ip
address, how can i change that gateway configuration?

Thanks

No it should not! The gateway you see is correct. The gateway address
should be the received IP address. This indicates that the gateway address
of the VPN client is the PPP interface, which is what you want it to be.
Traffic which is not local will go across the PPP link. Whatever your
problem is (and you didn't say what it was), the gateway address is not the
cause.

"Tiago" <(E-Mail Removed)> wrote in message
news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
> Goo Day to All,
>
> I create a vpn and all configuration are ok, except the gateway
>
> so my ipconfig /all are:
>
> PPP adapter GMMP:
>
> Connection-specific DNS Suffix . : tiago.loc
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-35-51-00-00-00
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.176
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . : 192.168.0.176
> DNS Servers . . . . . . . . . . . : 192.168.0.11
> 192.168.0.11
> Primary WINS Server . . . . . . . : 192.168.0.11
>
>
> What is wrong is that gateway should be 192.168.0.1 and not my own ip
> address, how can i change that gateway configuration?
>
> Thanks

But Why i can't ping other computers in my network? even the dns servers i
can't ping?

what i should do?

Thanks


"Bill Grant" wrote:

> No it should not! The gateway you see is correct. The gateway address
> should be the received IP address. This indicates that the gateway address
> of the VPN client is the PPP interface, which is what you want it to be.
> Traffic which is not local will go across the PPP link. Whatever your
> problem is (and you didn't say what it was), the gateway address is not the
> cause.
>
> "Tiago" <(E-Mail Removed)> wrote in message
> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
> > Goo Day to All,
> >
> > I create a vpn and all configuration are ok, except the gateway
> >
> > so my ipconfig /all are:
> >
> > PPP adapter GMMP:
> >
> > Connection-specific DNS Suffix . : tiago.loc
> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
> > Dhcp Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : 192.168.0.176
> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > Default Gateway . . . . . . . . . : 192.168.0.176
> > DNS Servers . . . . . . . . . . . : 192.168.0.11
> > 192.168.0.11
> > Primary WINS Server . . . . . . . : 192.168.0.11
> >
> >
> > What is wrong is that gateway should be 192.168.0.1 and not my own ip
> > address, how can i change that gateway configuration?
> >
> > Thanks
>
>
>

A remote access connection (dialup or VPN) just gives you an IP
connection between the client and the server. If you can ping the server,
your VPN connection is working.

You have given your remote client an IP address in the same IP subnet as
the LAN machines. This is called on-subnet addressing. Networking to
machines on the LAN depends on the VPN server doing proxy ARP on the LAN.
The VPN server acts as a proxy for the remote machine, sending the packets
across the point-to-point link. Some switches do not handle this very well.
If this is your problem you will need to put the remote users in their own
IP subnet and route this subnet through the VPN server (ie off-subnet
addressing).

"Tiago" <(E-Mail Removed)> wrote in message
news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
> But Why i can't ping other computers in my network? even the dns servers i
> can't ping?
>
> what i should do?
>
> Thanks
>
>
> "Bill Grant" wrote:
>
>> No it should not! The gateway you see is correct. The gateway address
>> should be the received IP address. This indicates that the gateway
>> address
>> of the VPN client is the PPP interface, which is what you want it to be.
>> Traffic which is not local will go across the PPP link. Whatever your
>> problem is (and you didn't say what it was), the gateway address is not
>> the
>> cause.
>>
>> "Tiago" <(E-Mail Removed)> wrote in message
>> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
>> > Goo Day to All,
>> >
>> > I create a vpn and all configuration are ok, except the gateway
>> >
>> > so my ipconfig /all are:
>> >
>> > PPP adapter GMMP:
>> >
>> > Connection-specific DNS Suffix . : tiago.loc
>> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
>> > Dhcp Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.0.176
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> > Default Gateway . . . . . . . . . : 192.168.0.176
>> > DNS Servers . . . . . . . . . . . : 192.168.0.11
>> > 192.168.0.11
>> > Primary WINS Server . . . . . . . : 192.168.0.11
>> >
>> >
>> > What is wrong is that gateway should be 192.168.0.1 and not my own ip
>> > address, how can i change that gateway configuration?
>> >
>> > Thanks
>>
>>
>>

Thanks for your answer bill....

so my question is, how can i put the remote users in their own
IP subnet and route this subnet through the VPN server ??

My network ip is 192.168.0.X and my VPN Server have 2 ip's on for external
and one for internal...

can you help-me? thanks again





"Bill Grant" wrote:

> A remote access connection (dialup or VPN) just gives you an IP
> connection between the client and the server. If you can ping the server,
> your VPN connection is working.
>
> You have given your remote client an IP address in the same IP subnet as
> the LAN machines. This is called on-subnet addressing. Networking to
> machines on the LAN depends on the VPN server doing proxy ARP on the LAN.
> The VPN server acts as a proxy for the remote machine, sending the packets
> across the point-to-point link. Some switches do not handle this very well.
> If this is your problem you will need to put the remote users in their own
> IP subnet and route this subnet through the VPN server (ie off-subnet
> addressing).
>
> "Tiago" <(E-Mail Removed)> wrote in message
> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
> > But Why i can't ping other computers in my network? even the dns servers i
> > can't ping?
> >
> > what i should do?
> >
> > Thanks
> >
> >
> > "Bill Grant" wrote:
> >
> >> No it should not! The gateway you see is correct. The gateway address
> >> should be the received IP address. This indicates that the gateway
> >> address
> >> of the VPN client is the PPP interface, which is what you want it to be.
> >> Traffic which is not local will go across the PPP link. Whatever your
> >> problem is (and you didn't say what it was), the gateway address is not
> >> the
> >> cause.
> >>
> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
> >> > Goo Day to All,
> >> >
> >> > I create a vpn and all configuration are ok, except the gateway
> >> >
> >> > so my ipconfig /all are:
> >> >
> >> > PPP adapter GMMP:
> >> >
> >> > Connection-specific DNS Suffix . : tiago.loc
> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
> >> > Dhcp Enabled. . . . . . . . . . . : No
> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> >> > Default Gateway . . . . . . . . . : 192.168.0.176
> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
> >> > 192.168.0.11
> >> > Primary WINS Server . . . . . . . : 192.168.0.11
> >> >
> >> >
> >> > What is wrong is that gateway should be 192.168.0.1 and not my own ip
> >> > address, how can i change that gateway configuration?
> >> >
> >> > Thanks
> >>
> >>
> >>
>
>
>

If you set the RRAS server to use DHCP, the RRAS server leases a batch
of addresses from DHCP to use as its address pool. The clients do not get
their network config directly from DHCP, but from the RRAS server as part of
the PPP setup. Since these addresses come from your DHCP server they are in
the same IP subnet as your LAN machines.

To put the remotes in their own subnet you use the static address pool
instead. Set up a pool of addresses in another IP subnet (say 192.168.21.1
to 192.168.21.20). The inernal interface in RRAS and the client(s) will now
get IP addresses in this subnet.

To route between the remotes and the LAN you need to enable IP routing
on the RRAS server. You might also need extra routing on the LAN if the RRAS
server is not the default gateway of your LAN.

"Tiago" <(E-Mail Removed)> wrote in message
news:B23E79F1-E85E-4296-9B21-(E-Mail Removed)...
> Thanks for your answer bill....
>
> so my question is, how can i put the remote users in their own
> IP subnet and route this subnet through the VPN server ??
>
> My network ip is 192.168.0.X and my VPN Server have 2 ip's on for external
> and one for internal...
>
> can you help-me? thanks again
>
>
>
>
>
> "Bill Grant" wrote:
>
>> A remote access connection (dialup or VPN) just gives you an IP
>> connection between the client and the server. If you can ping the server,
>> your VPN connection is working.
>>
>> You have given your remote client an IP address in the same IP subnet
>> as
>> the LAN machines. This is called on-subnet addressing. Networking to
>> machines on the LAN depends on the VPN server doing proxy ARP on the LAN.
>> The VPN server acts as a proxy for the remote machine, sending the
>> packets
>> across the point-to-point link. Some switches do not handle this very
>> well.
>> If this is your problem you will need to put the remote users in their
>> own
>> IP subnet and route this subnet through the VPN server (ie off-subnet
>> addressing).
>>
>> "Tiago" <(E-Mail Removed)> wrote in message
>> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
>> > But Why i can't ping other computers in my network? even the dns
>> > servers i
>> > can't ping?
>> >
>> > what i should do?
>> >
>> > Thanks
>> >
>> >
>> > "Bill Grant" wrote:
>> >
>> >> No it should not! The gateway you see is correct. The gateway
>> >> address
>> >> should be the received IP address. This indicates that the gateway
>> >> address
>> >> of the VPN client is the PPP interface, which is what you want it to
>> >> be.
>> >> Traffic which is not local will go across the PPP link. Whatever your
>> >> problem is (and you didn't say what it was), the gateway address is
>> >> not
>> >> the
>> >> cause.
>> >>
>> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
>> >> > Goo Day to All,
>> >> >
>> >> > I create a vpn and all configuration are ok, except the gateway
>> >> >
>> >> > so my ipconfig /all are:
>> >> >
>> >> > PPP adapter GMMP:
>> >> >
>> >> > Connection-specific DNS Suffix . : tiago.loc
>> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
>> >> > Dhcp Enabled. . . . . . . . . . . : No
>> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
>> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> >> > Default Gateway . . . . . . . . . : 192.168.0.176
>> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
>> >> > 192.168.0.11
>> >> > Primary WINS Server . . . . . . . : 192.168.0.11
>> >> >
>> >> >
>> >> > What is wrong is that gateway should be 192.168.0.1 and not my own
>> >> > ip
>> >> > address, how can i change that gateway configuration?
>> >> >
>> >> > Thanks
>> >>
>> >>
>> >>
>>
>>
>>

So, my RRASS is using DHCP wich is provided by DC of my lan(i configure as a
CHCP Relay Agent) and gives the correct address to my remote clients, and i
configure thit static route:

Interface: 192.168.0.27 (is the public interface)
Destination: 192.168.0.0
Network Mask: 255.255.255.255
Gateway: 192.168.0.1 (is my lan gateway)
Metric: 1

With this configuration i can't ping any of my Lan ip's. But it's seems that
i have the correct ip:

the ip for my remote client:

ip: 192.168.0.164
subnetmask: 255.255.255.255
gateway: 192.168.0.164
dns: 192.168.0.11 (is my lan dhcp)
wins: 192.168.0.11 (is my lan wins)

what i'm doing wrong?

PS: enable ip routing is checked


"Bill Grant" wrote:

> If you set the RRAS server to use DHCP, the RRAS server leases a batch
> of addresses from DHCP to use as its address pool. The clients do not get
> their network config directly from DHCP, but from the RRAS server as part of
> the PPP setup. Since these addresses come from your DHCP server they are in
> the same IP subnet as your LAN machines.
>
> To put the remotes in their own subnet you use the static address pool
> instead. Set up a pool of addresses in another IP subnet (say 192.168.21.1
> to 192.168.21.20). The inernal interface in RRAS and the client(s) will now
> get IP addresses in this subnet.
>
> To route between the remotes and the LAN you need to enable IP routing
> on the RRAS server. You might also need extra routing on the LAN if the RRAS
> server is not the default gateway of your LAN.
>
> "Tiago" <(E-Mail Removed)> wrote in message
> news:B23E79F1-E85E-4296-9B21-(E-Mail Removed)...
> > Thanks for your answer bill....
> >
> > so my question is, how can i put the remote users in their own
> > IP subnet and route this subnet through the VPN server ??
> >
> > My network ip is 192.168.0.X and my VPN Server have 2 ip's on for external
> > and one for internal...
> >
> > can you help-me? thanks again
> >
> >
> >
> >
> >
> > "Bill Grant" wrote:
> >
> >> A remote access connection (dialup or VPN) just gives you an IP
> >> connection between the client and the server. If you can ping the server,
> >> your VPN connection is working.
> >>
> >> You have given your remote client an IP address in the same IP subnet
> >> as
> >> the LAN machines. This is called on-subnet addressing. Networking to
> >> machines on the LAN depends on the VPN server doing proxy ARP on the LAN.
> >> The VPN server acts as a proxy for the remote machine, sending the
> >> packets
> >> across the point-to-point link. Some switches do not handle this very
> >> well.
> >> If this is your problem you will need to put the remote users in their
> >> own
> >> IP subnet and route this subnet through the VPN server (ie off-subnet
> >> addressing).
> >>
> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
> >> > But Why i can't ping other computers in my network? even the dns
> >> > servers i
> >> > can't ping?
> >> >
> >> > what i should do?
> >> >
> >> > Thanks
> >> >
> >> >
> >> > "Bill Grant" wrote:
> >> >
> >> >> No it should not! The gateway you see is correct. The gateway
> >> >> address
> >> >> should be the received IP address. This indicates that the gateway
> >> >> address
> >> >> of the VPN client is the PPP interface, which is what you want it to
> >> >> be.
> >> >> Traffic which is not local will go across the PPP link. Whatever your
> >> >> problem is (and you didn't say what it was), the gateway address is
> >> >> not
> >> >> the
> >> >> cause.
> >> >>
> >> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
> >> >> > Goo Day to All,
> >> >> >
> >> >> > I create a vpn and all configuration are ok, except the gateway
> >> >> >
> >> >> > so my ipconfig /all are:
> >> >> >
> >> >> > PPP adapter GMMP:
> >> >> >
> >> >> > Connection-specific DNS Suffix . : tiago.loc
> >> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> >> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
> >> >> > Dhcp Enabled. . . . . . . . . . . : No
> >> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
> >> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> >> >> > Default Gateway . . . . . . . . . : 192.168.0.176
> >> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
> >> >> > 192.168.0.11
> >> >> > Primary WINS Server . . . . . . . : 192.168.0.11
> >> >> >
> >> >> >
> >> >> > What is wrong is that gateway should be 192.168.0.1 and not my own
> >> >> > ip
> >> >> > address, how can i change that gateway configuration?
> >> >> >
> >> >> > Thanks
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

NO, that won't help. As I outlined earlier, you are using on-subnet
addresses. No "real" IP addressing is taking place because all the IP
addresses are in the same IP subnet. IP routing only works between subnets.
Your setup can only work by using the VPN server as a proxy for the remote.
If that doesn't work, you will need to use off-subnet addressing.

"Tiago" <(E-Mail Removed)> wrote in message
news:E803E52A-A4CB-4780-80F1-(E-Mail Removed)...
> So, my RRASS is using DHCP wich is provided by DC of my lan(i configure as
> a
> CHCP Relay Agent) and gives the correct address to my remote clients, and
> i
> configure thit static route:
>
> Interface: 192.168.0.27 (is the public interface)
> Destination: 192.168.0.0
> Network Mask: 255.255.255.255
> Gateway: 192.168.0.1 (is my lan gateway)
> Metric: 1
>
> With this configuration i can't ping any of my Lan ip's. But it's seems
> that
> i have the correct ip:
>
> the ip for my remote client:
>
> ip: 192.168.0.164
> subnetmask: 255.255.255.255
> gateway: 192.168.0.164
> dns: 192.168.0.11 (is my lan dhcp)
> wins: 192.168.0.11 (is my lan wins)
>
> what i'm doing wrong?
>
> PS: enable ip routing is checked
>
>
> "Bill Grant" wrote:
>
>> If you set the RRAS server to use DHCP, the RRAS server leases a
>> batch
>> of addresses from DHCP to use as its address pool. The clients do not get
>> their network config directly from DHCP, but from the RRAS server as part
>> of
>> the PPP setup. Since these addresses come from your DHCP server they are
>> in
>> the same IP subnet as your LAN machines.
>>
>> To put the remotes in their own subnet you use the static address
>> pool
>> instead. Set up a pool of addresses in another IP subnet (say
>> 192.168.21.1
>> to 192.168.21.20). The inernal interface in RRAS and the client(s) will
>> now
>> get IP addresses in this subnet.
>>
>> To route between the remotes and the LAN you need to enable IP
>> routing
>> on the RRAS server. You might also need extra routing on the LAN if the
>> RRAS
>> server is not the default gateway of your LAN.
>>
>> "Tiago" <(E-Mail Removed)> wrote in message
>> news:B23E79F1-E85E-4296-9B21-(E-Mail Removed)...
>> > Thanks for your answer bill....
>> >
>> > so my question is, how can i put the remote users in their own
>> > IP subnet and route this subnet through the VPN server ??
>> >
>> > My network ip is 192.168.0.X and my VPN Server have 2 ip's on for
>> > external
>> > and one for internal...
>> >
>> > can you help-me? thanks again
>> >
>> >
>> >
>> >
>> >
>> > "Bill Grant" wrote:
>> >
>> >> A remote access connection (dialup or VPN) just gives you an IP
>> >> connection between the client and the server. If you can ping the
>> >> server,
>> >> your VPN connection is working.
>> >>
>> >> You have given your remote client an IP address in the same IP
>> >> subnet
>> >> as
>> >> the LAN machines. This is called on-subnet addressing. Networking to
>> >> machines on the LAN depends on the VPN server doing proxy ARP on the
>> >> LAN.
>> >> The VPN server acts as a proxy for the remote machine, sending the
>> >> packets
>> >> across the point-to-point link. Some switches do not handle this very
>> >> well.
>> >> If this is your problem you will need to put the remote users in their
>> >> own
>> >> IP subnet and route this subnet through the VPN server (ie off-subnet
>> >> addressing).
>> >>
>> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
>> >> > But Why i can't ping other computers in my network? even the dns
>> >> > servers i
>> >> > can't ping?
>> >> >
>> >> > what i should do?
>> >> >
>> >> > Thanks
>> >> >
>> >> >
>> >> > "Bill Grant" wrote:
>> >> >
>> >> >> No it should not! The gateway you see is correct. The gateway
>> >> >> address
>> >> >> should be the received IP address. This indicates that the gateway
>> >> >> address
>> >> >> of the VPN client is the PPP interface, which is what you want it
>> >> >> to
>> >> >> be.
>> >> >> Traffic which is not local will go across the PPP link. Whatever
>> >> >> your
>> >> >> problem is (and you didn't say what it was), the gateway address is
>> >> >> not
>> >> >> the
>> >> >> cause.
>> >> >>
>> >> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
>> >> >> > Goo Day to All,
>> >> >> >
>> >> >> > I create a vpn and all configuration are ok, except the gateway
>> >> >> >
>> >> >> > so my ipconfig /all are:
>> >> >> >
>> >> >> > PPP adapter GMMP:
>> >> >> >
>> >> >> > Connection-specific DNS Suffix . : tiago.loc
>> >> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP)
>> >> >> > Interface
>> >> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
>> >> >> > Dhcp Enabled. . . . . . . . . . . : No
>> >> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
>> >> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> >> >> > Default Gateway . . . . . . . . . : 192.168.0.176
>> >> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
>> >> >> > 192.168.0.11
>> >> >> > Primary WINS Server . . . . . . . : 192.168.0.11
>> >> >> >
>> >> >> >
>> >> >> > What is wrong is that gateway should be 192.168.0.1 and not my
>> >> >> > own
>> >> >> > ip
>> >> >> > address, how can i change that gateway configuration?
>> >> >> >
>> >> >> > Thanks
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Ok Bill, so i put a second subnet to the vpn clients

at the moment i put Ras giving another subnet ip's to the remote clients,
and looks like this:

ip: 192.168.21.2 (192.168.21.1 to 192.168.21.20)
subnetmask: 255.255.255.255
gateway: 192.168.21.2
dns: 192.168.0.11 (is my lan dhcp)


i can't ping the lan ip's and i think is because the static routes.
what i have to configure in there?

"Bill Grant" wrote:

> NO, that won't help. As I outlined earlier, you are using on-subnet
> addresses. No "real" IP addressing is taking place because all the IP
> addresses are in the same IP subnet. IP routing only works between subnets.
> Your setup can only work by using the VPN server as a proxy for the remote.
> If that doesn't work, you will need to use off-subnet addressing.
>
> "Tiago" <(E-Mail Removed)> wrote in message
> news:E803E52A-A4CB-4780-80F1-(E-Mail Removed)...
> > So, my RRASS is using DHCP wich is provided by DC of my lan(i configure as
> > a
> > CHCP Relay Agent) and gives the correct address to my remote clients, and
> > i
> > configure thit static route:
> >
> > Interface: 192.168.0.27 (is the public interface)
> > Destination: 192.168.0.0
> > Network Mask: 255.255.255.255
> > Gateway: 192.168.0.1 (is my lan gateway)
> > Metric: 1
> >
> > With this configuration i can't ping any of my Lan ip's. But it's seems
> > that
> > i have the correct ip:
> >
> > the ip for my remote client:
> >
> > ip: 192.168.0.164
> > subnetmask: 255.255.255.255
> > gateway: 192.168.0.164
> > dns: 192.168.0.11 (is my lan dhcp)
> > wins: 192.168.0.11 (is my lan wins)
> >
> > what i'm doing wrong?
> >
> > PS: enable ip routing is checked
> >
> >
> > "Bill Grant" wrote:
> >
> >> If you set the RRAS server to use DHCP, the RRAS server leases a
> >> batch
> >> of addresses from DHCP to use as its address pool. The clients do not get
> >> their network config directly from DHCP, but from the RRAS server as part
> >> of
> >> the PPP setup. Since these addresses come from your DHCP server they are
> >> in
> >> the same IP subnet as your LAN machines.
> >>
> >> To put the remotes in their own subnet you use the static address
> >> pool
> >> instead. Set up a pool of addresses in another IP subnet (say
> >> 192.168.21.1
> >> to 192.168.21.20). The inernal interface in RRAS and the client(s) will
> >> now
> >> get IP addresses in this subnet.
> >>
> >> To route between the remotes and the LAN you need to enable IP
> >> routing
> >> on the RRAS server. You might also need extra routing on the LAN if the
> >> RRAS
> >> server is not the default gateway of your LAN.
> >>
> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> news:B23E79F1-E85E-4296-9B21-(E-Mail Removed)...
> >> > Thanks for your answer bill....
> >> >
> >> > so my question is, how can i put the remote users in their own
> >> > IP subnet and route this subnet through the VPN server ??
> >> >
> >> > My network ip is 192.168.0.X and my VPN Server have 2 ip's on for
> >> > external
> >> > and one for internal...
> >> >
> >> > can you help-me? thanks again
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > "Bill Grant" wrote:
> >> >
> >> >> A remote access connection (dialup or VPN) just gives you an IP
> >> >> connection between the client and the server. If you can ping the
> >> >> server,
> >> >> your VPN connection is working.
> >> >>
> >> >> You have given your remote client an IP address in the same IP
> >> >> subnet
> >> >> as
> >> >> the LAN machines. This is called on-subnet addressing. Networking to
> >> >> machines on the LAN depends on the VPN server doing proxy ARP on the
> >> >> LAN.
> >> >> The VPN server acts as a proxy for the remote machine, sending the
> >> >> packets
> >> >> across the point-to-point link. Some switches do not handle this very
> >> >> well.
> >> >> If this is your problem you will need to put the remote users in their
> >> >> own
> >> >> IP subnet and route this subnet through the VPN server (ie off-subnet
> >> >> addressing).
> >> >>
> >> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> >> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
> >> >> > But Why i can't ping other computers in my network? even the dns
> >> >> > servers i
> >> >> > can't ping?
> >> >> >
> >> >> > what i should do?
> >> >> >
> >> >> > Thanks
> >> >> >
> >> >> >
> >> >> > "Bill Grant" wrote:
> >> >> >
> >> >> >> No it should not! The gateway you see is correct. The gateway
> >> >> >> address
> >> >> >> should be the received IP address. This indicates that the gateway
> >> >> >> address
> >> >> >> of the VPN client is the PPP interface, which is what you want it
> >> >> >> to
> >> >> >> be.
> >> >> >> Traffic which is not local will go across the PPP link. Whatever
> >> >> >> your
> >> >> >> problem is (and you didn't say what it was), the gateway address is
> >> >> >> not
> >> >> >> the
> >> >> >> cause.
> >> >> >>
> >> >> >> "Tiago" <(E-Mail Removed)> wrote in message
> >> >> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
> >> >> >> > Goo Day to All,
> >> >> >> >
> >> >> >> > I create a vpn and all configuration are ok, except the gateway
> >> >> >> >
> >> >> >> > so my ipconfig /all are:
> >> >> >> >
> >> >> >> > PPP adapter GMMP:
> >> >> >> >
> >> >> >> > Connection-specific DNS Suffix . : tiago.loc
> >> >> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP)
> >> >> >> > Interface
> >> >> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
> >> >> >> > Dhcp Enabled. . . . . . . . . . . : No
> >> >> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
> >> >> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> >> >> >> > Default Gateway . . . . . . . . . : 192.168.0.176
> >> >> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
> >> >> >> > 192.168.0.11
> >> >> >> > Primary WINS Server . . . . . . . : 192.168.0.11
> >> >> >> >
> >> >> >> >
> >> >> >> > What is wrong is that gateway should be 192.168.0.1 and not my
> >> >> >> > own
> >> >> >> > ip
> >> >> >> > address, how can i change that gateway configuration?
> >> >> >> >
> >> >> >> > Thanks
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

I don't know where you got those numbers from. The subnet mask certainly
shouldn't be 255.255.255.255 and a gateway address is not relevant.

The server itself will get an IP address of 192.168.21.n and the
client will get an IP address of 192.168.21.m from the address pool. This is
the point to point link between the client and server. The client will get
its own received IP address as its gateway. This means that its default
route is to the VPN server via the point to point link.

You do not need any static routes on the client. It sends traffic across
the link to the VPN server by default. You do need to enable IP routing on
the VPN server so that it can route between the two IP subnets. If the VPN
server was the default gateway of your LAN, it would now work. LAN machines
send traffic for 192.168.21. addresses to the default gateway (the VPN
server) and it sends it over the VPN link to the client.

If the VPN server is not the default gateway of your LAN it doesn't
work. The traffic for 192.168.21.x goes to the default gateway which doesn't
know where to send it. The private traffic has to go to the VPN server first
so that it can be encrypted and encapsulated. The easiest way to achieve
that is to add a static route to the gateway router to bounce the private
traffic to the VPN server. (If you can't add this route to the gateway
router you will need to add it to every machine on the LAN which you need
the remote clients to see). eg

192.168.21.0 255.255.255.0 192.168.0.27

The RRAS server then encapsulates the packet with a public IP before it
gets to the gateway router. It can then be sent through the Internet to the
client's public IP.


"Tiago" <(E-Mail Removed)> wrote in message
news:05DE66EC-A657-4A81-8C46-(E-Mail Removed)...
> Ok Bill, so i put a second subnet to the vpn clients
>
> at the moment i put Ras giving another subnet ip's to the remote clients,
> and looks like this:
>
> ip: 192.168.21.2 (192.168.21.1 to 192.168.21.20)
> subnetmask: 255.255.255.255
> gateway: 192.168.21.2
> dns: 192.168.0.11 (is my lan dhcp)
>
>
> i can't ping the lan ip's and i think is because the static routes.
> what i have to configure in there?
>
> "Bill Grant" wrote:
>
>> NO, that won't help. As I outlined earlier, you are using on-subnet
>> addresses. No "real" IP addressing is taking place because all the IP
>> addresses are in the same IP subnet. IP routing only works between
>> subnets.
>> Your setup can only work by using the VPN server as a proxy for the
>> remote.
>> If that doesn't work, you will need to use off-subnet addressing.
>>
>> "Tiago" <(E-Mail Removed)> wrote in message
>> news:E803E52A-A4CB-4780-80F1-(E-Mail Removed)...
>> > So, my RRASS is using DHCP wich is provided by DC of my lan(i configure
>> > as
>> > a
>> > CHCP Relay Agent) and gives the correct address to my remote clients,
>> > and
>> > i
>> > configure thit static route:
>> >
>> > Interface: 192.168.0.27 (is the public interface)
>> > Destination: 192.168.0.0
>> > Network Mask: 255.255.255.255
>> > Gateway: 192.168.0.1 (is my lan gateway)
>> > Metric: 1
>> >
>> > With this configuration i can't ping any of my Lan ip's. But it's seems
>> > that
>> > i have the correct ip:
>> >
>> > the ip for my remote client:
>> >
>> > ip: 192.168.0.164
>> > subnetmask: 255.255.255.255
>> > gateway: 192.168.0.164
>> > dns: 192.168.0.11 (is my lan dhcp)
>> > wins: 192.168.0.11 (is my lan wins)
>> >
>> > what i'm doing wrong?
>> >
>> > PS: enable ip routing is checked
>> >
>> >
>> > "Bill Grant" wrote:
>> >
>> >> If you set the RRAS server to use DHCP, the RRAS server leases a
>> >> batch
>> >> of addresses from DHCP to use as its address pool. The clients do not
>> >> get
>> >> their network config directly from DHCP, but from the RRAS server as
>> >> part
>> >> of
>> >> the PPP setup. Since these addresses come from your DHCP server they
>> >> are
>> >> in
>> >> the same IP subnet as your LAN machines.
>> >>
>> >> To put the remotes in their own subnet you use the static address
>> >> pool
>> >> instead. Set up a pool of addresses in another IP subnet (say
>> >> 192.168.21.1
>> >> to 192.168.21.20). The inernal interface in RRAS and the client(s)
>> >> will
>> >> now
>> >> get IP addresses in this subnet.
>> >>
>> >> To route between the remotes and the LAN you need to enable IP
>> >> routing
>> >> on the RRAS server. You might also need extra routing on the LAN if
>> >> the
>> >> RRAS
>> >> server is not the default gateway of your LAN.
>> >>
>> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> news:B23E79F1-E85E-4296-9B21-(E-Mail Removed)...
>> >> > Thanks for your answer bill....
>> >> >
>> >> > so my question is, how can i put the remote users in their own
>> >> > IP subnet and route this subnet through the VPN server ??
>> >> >
>> >> > My network ip is 192.168.0.X and my VPN Server have 2 ip's on for
>> >> > external
>> >> > and one for internal...
>> >> >
>> >> > can you help-me? thanks again
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Bill Grant" wrote:
>> >> >
>> >> >> A remote access connection (dialup or VPN) just gives you an IP
>> >> >> connection between the client and the server. If you can ping the
>> >> >> server,
>> >> >> your VPN connection is working.
>> >> >>
>> >> >> You have given your remote client an IP address in the same IP
>> >> >> subnet
>> >> >> as
>> >> >> the LAN machines. This is called on-subnet addressing. Networking
>> >> >> to
>> >> >> machines on the LAN depends on the VPN server doing proxy ARP on
>> >> >> the
>> >> >> LAN.
>> >> >> The VPN server acts as a proxy for the remote machine, sending the
>> >> >> packets
>> >> >> across the point-to-point link. Some switches do not handle this
>> >> >> very
>> >> >> well.
>> >> >> If this is your problem you will need to put the remote users in
>> >> >> their
>> >> >> own
>> >> >> IP subnet and route this subnet through the VPN server (ie
>> >> >> off-subnet
>> >> >> addressing).
>> >> >>
>> >> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> >> news:1A19E527-D753-4E55-B0AE-(E-Mail Removed)...
>> >> >> > But Why i can't ping other computers in my network? even the dns
>> >> >> > servers i
>> >> >> > can't ping?
>> >> >> >
>> >> >> > what i should do?
>> >> >> >
>> >> >> > Thanks
>> >> >> >
>> >> >> >
>> >> >> > "Bill Grant" wrote:
>> >> >> >
>> >> >> >> No it should not! The gateway you see is correct. The gateway
>> >> >> >> address
>> >> >> >> should be the received IP address. This indicates that the
>> >> >> >> gateway
>> >> >> >> address
>> >> >> >> of the VPN client is the PPP interface, which is what you want
>> >> >> >> it
>> >> >> >> to
>> >> >> >> be.
>> >> >> >> Traffic which is not local will go across the PPP link. Whatever
>> >> >> >> your
>> >> >> >> problem is (and you didn't say what it was), the gateway address
>> >> >> >> is
>> >> >> >> not
>> >> >> >> the
>> >> >> >> cause.
>> >> >> >>
>> >> >> >> "Tiago" <(E-Mail Removed)> wrote in message
>> >> >> >> news:C172E77D-F132-4CF9-8108-(E-Mail Removed)...
>> >> >> >> > Goo Day to All,
>> >> >> >> >
>> >> >> >> > I create a vpn and all configuration are ok, except the
>> >> >> >> > gateway
>> >> >> >> >
>> >> >> >> > so my ipconfig /all are:
>> >> >> >> >
>> >> >> >> > PPP adapter GMMP:
>> >> >> >> >
>> >> >> >> > Connection-specific DNS Suffix . : tiago.loc
>> >> >> >> > Description . . . . . . . . . . . : WAN (PPP/SLIP)
>> >> >> >> > Interface
>> >> >> >> > Physical Address. . . . . . . . . : 00-35-51-00-00-00
>> >> >> >> > Dhcp Enabled. . . . . . . . . . . : No
>> >> >> >> > IP Address. . . . . . . . . . . . : 192.168.0.176
>> >> >> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.255
>> >> >> >> > Default Gateway . . . . . . . . . : 192.168.0.176
>> >> >> >> > DNS Servers . . . . . . . . . . . : 192.168.0.11
>> >> >> >> > 192.168.0.11
>> >> >> >> > Primary WINS Server . . . . . . . : 192.168.0.11
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > What is wrong is that gateway should be 192.168.0.1 and not my
>> >> >> >> > own
>> >> >> >> > ip
>> >> >> >> > address, how can i change that gateway configuration?
>> >> >> >> >
>> >> >> >> > Thanks
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>