Windows Server 2012 VPN route from LAN to client Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Come Celebrate our 10 Year Anniversary!Route through site-to-site VPN not workingWindows Server 2008 R2 RRAS VPN client routingWindows 2003 vs Windows 2008 VPNNAT not working after enabling DirectAccessWindows 2008 RRAS VPN Users can resolve DNS but not ping to internet or surf internet when connectedWindows VPN server can talk to VPN clients, but won't send packets from its local network to the VPN clientsVPN Connection Causes Internal LAN Connection Loss with ServerCannot ping RRAS Client from RRAS serverserver 2012 vpn not passing trafficDNS resolution of machines connected from VPN
Resize vertical bars (absolute-value symbols)
How does light 'choose' between wave and particle behaviour?
Relating to the President and obstruction, were Mueller's conclusions preordained?
One-one communication
How to change the tick of the color bar legend to black
Moving a wrapfig vertically to encroach partially on a subsection title
What adaptations would allow standard fantasy dwarves to survive in the desert?
Putting class ranking in CV, but against dept guidelines
Asymptotics question
what is the log of the PDF for a Normal Distribution?
How many time has Arya actually used Needle?
Delete free apps from library
What initially awakened the Balrog?
Did Mueller's report provide an evidentiary basis for the claim of Russian govt election interference via social media?
Is there public access to the Meteor Crater in Arizona?
In musical terms, what properties are varied by the human voice to produce different words / syllables?
I got rid of Mac OSX and replaced it with linux but now I can't change it back to OSX or windows
Why not send Voyager 3 and 4 following up the paths taken by Voyager 1 and 2 to re-transmit signals of later as they fly away from Earth?
Constant factor of an array
Why do early math courses focus on the cross sections of a cone and not on other 3D objects?
What does Turing mean by this statement?
Should a wizard buy fine inks every time he want to copy spells into his spellbook?
Why weren't discrete x86 CPUs ever used in game hardware?
Did any compiler fully use 80-bit floating point?
Windows Server 2012 VPN route from LAN to client
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Route through site-to-site VPN not workingWindows Server 2008 R2 RRAS VPN client routingWindows 2003 vs Windows 2008 VPNNAT not working after enabling DirectAccessWindows 2008 RRAS VPN Users can resolve DNS but not ping to internet or surf internet when connectedWindows VPN server can talk to VPN clients, but won't send packets from its local network to the VPN clientsVPN Connection Causes Internal LAN Connection Loss with ServerCannot ping RRAS Client from RRAS serverserver 2012 vpn not passing trafficDNS resolution of machines connected from VPN
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am trying to set up a VPN using Windows Server 2012 Standard. My network has a SonicWALL edge router, and the server in question is a DC, running DNS, DHCP and RRAS, and the subnet is 10.0.0.0/24.
I configured using the 'advanced' wizard, enabling both DirectAccess and VPN. Clients can now connect to the VPN. They receive an IP address from DHCP in the 10.0.0.0/24 subnet and can then access the VPN server using either the PPP adaptor IP or the Ethernet adaptor IP on it.
However, if they try to ping anything else, one ping reply is received and the rest disappear. The VPN is successfully routing the client's packets to the destination host - I can see this in Wireshark - but only one reply actually goes to the client; the rest go to the server. Similarly, if I ping the client from an internal host, the first packet goes to the client, and the rest act as if it is addressing the VPN server itself.
It is clear that the VPN server is routing things sent from the client to the internal network, but is only routing one packet at a time from the internal network to the client.
I can't think of a reason that the behaviour would be different for the first packet than subsequent ones. Any advice would be appreciated.
vpn windows-server-2012 rras
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
add a comment |
I am trying to set up a VPN using Windows Server 2012 Standard. My network has a SonicWALL edge router, and the server in question is a DC, running DNS, DHCP and RRAS, and the subnet is 10.0.0.0/24.
I configured using the 'advanced' wizard, enabling both DirectAccess and VPN. Clients can now connect to the VPN. They receive an IP address from DHCP in the 10.0.0.0/24 subnet and can then access the VPN server using either the PPP adaptor IP or the Ethernet adaptor IP on it.
However, if they try to ping anything else, one ping reply is received and the rest disappear. The VPN is successfully routing the client's packets to the destination host - I can see this in Wireshark - but only one reply actually goes to the client; the rest go to the server. Similarly, if I ping the client from an internal host, the first packet goes to the client, and the rest act as if it is addressing the VPN server itself.
It is clear that the VPN server is routing things sent from the client to the internal network, but is only routing one packet at a time from the internal network to the client.
I can't think of a reason that the behaviour would be different for the first packet than subsequent ones. Any advice would be appreciated.
vpn windows-server-2012 rras
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
add a comment |
I am trying to set up a VPN using Windows Server 2012 Standard. My network has a SonicWALL edge router, and the server in question is a DC, running DNS, DHCP and RRAS, and the subnet is 10.0.0.0/24.
I configured using the 'advanced' wizard, enabling both DirectAccess and VPN. Clients can now connect to the VPN. They receive an IP address from DHCP in the 10.0.0.0/24 subnet and can then access the VPN server using either the PPP adaptor IP or the Ethernet adaptor IP on it.
However, if they try to ping anything else, one ping reply is received and the rest disappear. The VPN is successfully routing the client's packets to the destination host - I can see this in Wireshark - but only one reply actually goes to the client; the rest go to the server. Similarly, if I ping the client from an internal host, the first packet goes to the client, and the rest act as if it is addressing the VPN server itself.
It is clear that the VPN server is routing things sent from the client to the internal network, but is only routing one packet at a time from the internal network to the client.
I can't think of a reason that the behaviour would be different for the first packet than subsequent ones. Any advice would be appreciated.
vpn windows-server-2012 rras
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
I am trying to set up a VPN using Windows Server 2012 Standard. My network has a SonicWALL edge router, and the server in question is a DC, running DNS, DHCP and RRAS, and the subnet is 10.0.0.0/24.
I configured using the 'advanced' wizard, enabling both DirectAccess and VPN. Clients can now connect to the VPN. They receive an IP address from DHCP in the 10.0.0.0/24 subnet and can then access the VPN server using either the PPP adaptor IP or the Ethernet adaptor IP on it.
However, if they try to ping anything else, one ping reply is received and the rest disappear. The VPN is successfully routing the client's packets to the destination host - I can see this in Wireshark - but only one reply actually goes to the client; the rest go to the server. Similarly, if I ping the client from an internal host, the first packet goes to the client, and the rest act as if it is addressing the VPN server itself.
It is clear that the VPN server is routing things sent from the client to the internal network, but is only routing one packet at a time from the internal network to the client.
I can't think of a reason that the behaviour would be different for the first packet than subsequent ones. Any advice would be appreciated.
vpn windows-server-2012 rras
vpn windows-server-2012 rras
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
asked Nov 20 '13 at 21:09
SunlightSunlight
10113
10113
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
I think I have found the answer, although if anyone could explain why it is this way I would be grateful.
I checked the Network Policy Service settings, and there were packet filters enabled for IPv4 to allow only "User's network". Removing this filter allows unrestricted connection.
I do not know why this causes the behaviour I saw, nor do I know why (if it does block VPN traffic) it is set by default... but I am glad the problem is fixed.
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
add a comment |
Think of NPS sort of like NAT. You would want to specify the servers that VPN traffic can get to.
https://msdn.microsoft.com/en-us/library/cc732912.aspx?f=255&MSPPError=-2147217396
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f556373%2fwindows-server-2012-vpn-route-from-lan-to-client%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think I have found the answer, although if anyone could explain why it is this way I would be grateful.
I checked the Network Policy Service settings, and there were packet filters enabled for IPv4 to allow only "User's network". Removing this filter allows unrestricted connection.
I do not know why this causes the behaviour I saw, nor do I know why (if it does block VPN traffic) it is set by default... but I am glad the problem is fixed.
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
add a comment |
I think I have found the answer, although if anyone could explain why it is this way I would be grateful.
I checked the Network Policy Service settings, and there were packet filters enabled for IPv4 to allow only "User's network". Removing this filter allows unrestricted connection.
I do not know why this causes the behaviour I saw, nor do I know why (if it does block VPN traffic) it is set by default... but I am glad the problem is fixed.
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
add a comment |
I think I have found the answer, although if anyone could explain why it is this way I would be grateful.
I checked the Network Policy Service settings, and there were packet filters enabled for IPv4 to allow only "User's network". Removing this filter allows unrestricted connection.
I do not know why this causes the behaviour I saw, nor do I know why (if it does block VPN traffic) it is set by default... but I am glad the problem is fixed.
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
I think I have found the answer, although if anyone could explain why it is this way I would be grateful.
I checked the Network Policy Service settings, and there were packet filters enabled for IPv4 to allow only "User's network". Removing this filter allows unrestricted connection.
I do not know why this causes the behaviour I saw, nor do I know why (if it does block VPN traffic) it is set by default... but I am glad the problem is fixed.
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
answered Nov 20 '13 at 21:20
SunlightSunlight
10113
10113
add a comment |
add a comment |
Think of NPS sort of like NAT. You would want to specify the servers that VPN traffic can get to.
https://msdn.microsoft.com/en-us/library/cc732912.aspx?f=255&MSPPError=-2147217396
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
add a comment |
Think of NPS sort of like NAT. You would want to specify the servers that VPN traffic can get to.
https://msdn.microsoft.com/en-us/library/cc732912.aspx?f=255&MSPPError=-2147217396
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
add a comment |
Think of NPS sort of like NAT. You would want to specify the servers that VPN traffic can get to.
https://msdn.microsoft.com/en-us/library/cc732912.aspx?f=255&MSPPError=-2147217396
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
Think of NPS sort of like NAT. You would want to specify the servers that VPN traffic can get to.
https://msdn.microsoft.com/en-us/library/cc732912.aspx?f=255&MSPPError=-2147217396
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
answered Feb 16 '16 at 15:25
Jonathan PiccirilliJonathan Piccirilli
1475
1475
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f556373%2fwindows-server-2012-vpn-route-from-lan-to-client%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
