0

we have a BOVPN from our network 192.168.1.0/24 range to some hosted environments at a datacentre. 172.15.0.1/20

any machine on our internal network ranges can communicate with the systems at the data centre.

Users remotely are dialing in onto the internal network over VPN (PPTP) and are wanting to ping/communicate with a hosted environment at the data center.

when a user dials in they are allocated a IP from the vpn range 192.168.1.140 - 160 and can access anything on the internal network but they can't ping / or communicate with the hosted systems.

any suggestions?

many Thanks.

Gordon

GordonBpdZenith
  • 67
  • 1
  • 11
  • I think Windows doesn't know to route traffic for the datacentre range over the VPN. In the properties of the VPN in Windows' network connections, in Internet Protocol Version 4 properties, in Advanced, have you unticked "Use default gateway on remote network"? – TessellatingHeckler Jul 16 '14 at 11:41
  • If you did untick that, either tick it and deal with all traffic going over the VPN, or see http://serverfault.com/q/419202/57144 for a bit of discussion and a helper program to connect the VPN and add another route (to 172.15.0.1/20 via the dynamic PPTP details), or switch to using MUVPN with SSL where you can specify on the Firewall config the routes clients will get. – TessellatingHeckler Jul 16 '14 at 11:49
  • this solved the problem by adding the VPN to use detault gateway on remote network it connected. – GordonBpdZenith Jul 16 '14 at 12:23
  • That's good. I've made my comments into a full answer post - would you consider accepting/ticking it, please? – TessellatingHeckler Jul 16 '14 at 13:08

1 Answers1

1

The main problem (from my comments above) is Windows doesn't know that it needs to route traffic for the datacentre range over the VPN, so it sends it to the local network instead.

  • In the properties of the VPN in Windows' network connections
    • in Internet Protocol Version 4 properties
      • click the "Advanced" button
        • There's a setting "Use default gateway on remote network" which defaults to sending all internet traffic over the VPN.

That's on by default for a new PPTP VPN, but if it's unticked this can happen. Options from here:

  • If you did untick that box, tick it again and also accept that all connected users' internet traffic will go over the VPN too (which might be a heavy bandwidth use).
  • Or see the question and answer here: ".bat file to automatically connect to VPN and add a route in Windows 7" for a bit of discussion and a helper program to connect the VPN and add another route (to 172.15.0.1/20 via the dynamic PPTP details)
  • Or switch to using Watchguard MUVPN with SSL, which has a feature where you can specify on the Firewall config the routes clients will get, and specify that they can also get to the 172.15... range.
Community
  • 1
TessellatingHeckler
  • 5,676
  • 3
  • 25
  • 44