VPN to server, then access files on same server... and RDP to same server

2

For a month or so (up to about 2 weeks ago), I was regularly VPN'ing to our work server, and then immediately RDPing to the SAME server using the servers IP address (we aren't behind a NAT).

So assume my server's internet address is 100.1.1.20

I would VPN to 100.1.1.20 and then RDP to 100.1.1.20

It worked perfectly. If the VPN wasn't on, RDP didn't work, so it must've been going through the VPN.

Same thing for accessing files, VPN in and then type \\servername\ or \\100.1.1.20\ and you could see the files on the server.

Fastforward to today, we haven't changed any configuration on the server, but now its not working. The local computer expert says that it should never have worked that way in the first place, and now we need to add another internal IP and adjust the DNS and all sorts of things.

I'm very frustrated, because I KNOW it used to work.

can anyone shed some light on what could be going on?

user92979

Posted 2011-08-05T04:03:46.580

Reputation: 131

When you VPN in now, can you do an IPCONFIG/ALL and post the results? I am more interested in the VPN's interface. We you doing RDP using IP address, or host name (it would seem IP based on the question, but just checking)? – KCotreau – 2011-08-05T05:21:45.123

Incidentally, it would have been fine for your to VPN into the server, and then RDP to it provided your local VPN connection was given a different IP address. I do it all the time. The key is that YOU get a different IP address. Your expert was not correct. – KCotreau – 2011-08-05T05:24:24.513

Ok, something new has happened... today i can VPN in and then access the fileshare at the same server ip address. so whatever was change before has been unchanged. any ideas where i could get a list of the things have been recently changed? also I want to be clear, no matter if you are on the local lan or the world-wide-web, the IP address of all computers at this office is the same (no nat). – user92979 – 2011-08-09T05:39:54.483

Answers

0

Your server must be blocking RDP from the public IP address. When you VPN'd in, your PC was given a local IP address. Then, when you attach to the server via 100.1.1.20, the PC is viewed as internal to the LAN, goes through the gateway to access the public IP address... and this is where things get fuzzy. This all depends on how the subnetting, masking, routing tables and gateway are set up. I've seen some strange things with how gateway devices sending traffic to public IPs within the company's netblock.

What I would look at is how the server's firewall is handling requests from various subnets and what applications are allowed connections from which subnet. Windows updates are notorious for changing settings that you wouldn't think would be changed. Also, even if no one fesses up to doing anything to the server, sometimes things that don't seem like related changes can have odd cascading effects.

Or it could be a change to the gateway. when you VPN into the office, you're traffic still has to go out some public facing gateway since the 100.1.1.20 address is public. That is, unless some crazy routing table madness has been put into place.

Finally, choose to use the server's internal address rather than the public one. That would be the preferable behavior anyway, regardless of this strange series of events.

Wesley

Posted 2011-08-05T04:03:46.580

Reputation: 4 359

Note that the server's internal address IS the public one too. No NAT. – user92979 – 2011-08-07T23:38:50.667

Can you give some tips on what programs can be used to check those settings? – user92979 – 2011-08-07T23:39:22.070

If the server's internal address is also the external address, then that probably means that the entire local network isn't RFC 1918 compliant, which isn't a huge problem... some networks are still that way... but it's still odd. – Wesley – 2011-08-08T05:39:08.107

The programs to use are simply Windows own firewall control panel as well as the routing and remote access admin tool that is probably what is managing the VPN. – Wesley – 2011-08-08T05:40:12.553

The local network has a top-level set of ip addresses (only one ip is not firewalled), its not a typical NAT local network. – user92979 – 2011-08-08T05:57:16.857

Thanks for the input. Later on, it just started working again. I have no idea why, but it hasn't happened again so I'm happy. – user92979 – 2012-07-25T16:22:47.710

Asked: 2011-08-05T04:03:46.580

Viewed: 313 times

Active: 2011-08-20T15:26:52.503