I have the basics down on the VPN, but I seem to have several problem. I have the 4 locations that I can hit, they route to one machine, I use different Ips however, all static. For instance, the first location has IP 10.0.0.2 to 10.0.0.19, next location has Ips, 10.0.0.20 - .29, then 10.0.0.30 to 39 and 10.0.0.40 to 49. In each location however, the router is always 10.0.0.1. The port 1723 is forwarded to the server with the incoming connection. I also forward port 137 for file and print sharing.

Here are the problems, sometime I log in successfully, but after I log out of the VPN, the host network is disconnected from the Internet, then they have to reboot the machines.
Also, I try to connect to the a file by path \\10.0.0.30\Shared and sometimes it works, sometimes it doesn't.

On top of that, I have questions:
do I need to have each location on a different IP scheme or Subnet Mask??
how about the router IP, each location has the same router IP?
How do i connect to the files I need?

All these questions would be greatly appreciated if they can be answered as soon as possible.
Thanks

Recommended Answers

All 8 Replies

I would be happy to assist with this issue but you need to be more specific and clear about your setup. Exactly what is the network topology and desired functionality: devices, services and ip info? What kind of VPN server? What networking devices are you using, what are you trying to achieve with them and what is their IP info on the network? Define locations...By 4 locations do you mean VPN servers, routable WAN addresses, or servers? What kind of VPN server do you have? For instance, obviously it's PPTP VPN but are you connecting to a Microsoft RRAS or a Linksys VPN router? Is there just one VPN server? How many routers? Are you coming in from the WAN side? You said a host network gets disconnected when you disconnect from VPN...sounds like somehow that host network thinks it should be routing through your VPN connection or you've got some kind of configuration off in your port forwarding...be precise about what networking devices you have, the rules on them for each location, what a location is and is supposed to be doing and why you're doing things like forwarding 1723 (obviously i know it's for PPTP but you need to be specific as far as exactly what you've done with port forwarding as you may be trying to do something your network device is incapable of) as well as how you're forwarding it and specifically on which device as well as what the desired result is.

Let's focus on any locations, they are all set up the same, by four locations I mean 4 cities, four individual business locations. I'm trying to connect to one location at a time, from one city to another, each in it's web connection. Each location connects to the Internet via broadband, and has a static IP to the WAN. The Cable or DSL modem connects to a Linksys Router. The router connects to the Web and outs to a switch/hub. The routers are all in the LAN as 10.0.0.1, the rest of the nodes (all PC) are schemed 10.0.0.0 as mentioned before
Location 1 : 10.0.0.2 to 10.0.0.19
Location 2: 10.0.0.20 to 10.0.0.29
and so on
in any case, the router points port 1723 to a PC on Windows XP set up to receive Incoming connections. The router has VPN Pass through enabled (PPTP) and port forwards to the machine receiving the incoming connection. When I connect, I can see my two IP's on my node:

LAN adapter
IP 10.0.0.3
Subnet Mask 255.255.255.0
Default Gateway 10.0.0.1

PP adapter VPNLocation1
IP 10.0.0.2
Subnet Mask 255.255.255.255
Default Gateway 10.0.0.2

[IMG]http://www.gabrielvilla.com/ipconfig.jpg[/IMG]

At this time, it seems I have a connection established... then this happens:

I'm connected to one location, I try to connect to that “server I type \\10.0.0.40\Shared and I get “Network Path not found
Then, when I disconnect, that network I was connected to loses it's Internet connection, until the machines are rebooted.

Does this help... I thank you in advance for helping me
gabe

Well I can tell you one thing for sure...that IPv6 stack could be part of the problem. I would uninstall IPv6 from your network adapter unless you know you need it for some reason.

Hmm...notice in your ipconfig that the ppp adapter shows 10.0.0.2 both as the IP and the gateway - that doesn't seem right but maybe I just don't know enough about how XP handles incoming connections. Once you set up incoming connections on the XP box is there a place to configure the IP settings that clients receive when they connect? IF so maybe you just need to tweak the settings for what address you're given when you connect. I'll let you decide on that since you know more about it than I do. I believe the gateway in this case should actually be the router at that site 10.0.0.1 but perhaps it could be IP of the XP server only with a unique IP given to your machine when you connect...I'm fairly certain that something with this portion of setup is why you're losing the WAN connection when you disconnect VPN. And to answer an earlier question...no I don't think it would be a problem for all the routers to have 10.0.0.1. I apologize - my exposure to using incoming connections on XP is limited since I use and actual MS RRAS. MS RRAS has a dhcp relay virtual interface which I configure to serve my client's IP stacks with the LAN gateway and DNS servers for my network...this gets provisioned in the TCPIP stack when a user connects to my system, along with routing info, I have no idea if the "vanilla" incoming connections in XP has the capability to handle the more advanced requirements for this type of connectivity and if so how they may differ from RRAS...hopefully it's just an ip configuration/port forwarding thing but I can't say for sure - sorry.

Next...so you're forwarding PPTP (vpn pass-thru) on to this XP "server" that sits behind a Linksys device. You are forwarding port tcp 1723 and tcp 137 to this box that is set to accept incoming connection. If you want "File and Printer Sharing" I think you want tcp 139...not 137. Either way I don't see why you would need to forward this because once you make the PPTP connection to the XP box you should be able to access it's ports with no problem unless IT has a firewall...either way that would just mean you need to tweak the firewall to allow the local subnet. By definition the PPTP connection is supposed to "virtually" put you in that network so no further forwarding should be required to my knowledge. Maybe that's why you can't bring up the share reliably. As far as your host (actually the PPTP server) losing its WAN connectivity when you disconnect - either your IP stuff is not configured correctly like I mentioned earlier or XP and the out of the box "incoming connections" just can't handle what you're trying to do. Frankly I think you could get around all the problems for free with SSH and port forwarding and you'd wind up with a faster VPN solution that actually works all the time!

Port info from iana.org:

netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service

Sorry if I misread anything - hope this stuff helps in some way!

[IMG]http://www.gabrielvilla.com/ipconfigv2.jpg[/IMG]

So I uninstalled Ipv6, and that seemed to help a little. I allowed ports 137 ~ 139 just in case as well, and now, the IP is assigned by the VPN host by DHCP. Now how do I reach the server with the shared files... I tried \\10.0.0.40\Shared and \\computername\Shared and I still got “Network Path not found

How can I reach that server or nodes on the netwwork??

forgot to mention:
The host network stays online now.

Well a few things here.

Check the ipconfig, notice the ppp adapter 169.254.xxx.xxx? That's an autoconfiguration address. That address range is what Windows assigns itself when it doesn't get an actual ip from a dhcp server. Not sure what's up with that.

What Linksys models do you have there? Are you sure they pass "return GRE"? Pass-through is one thing but I think you need to do a little more work for return ports to flow right. Have you configured the ports for PPTP?

Microsoft developed PPTP to pass encrypted data via a generic port called GRE 47 (IP Protocol 47), GRE stands for Generic Route Encapsulation. Check MS's port requirements:
__________________________


(IP protocol 47)GRE
PPTP TCP 1723

___________________________________

As far as the Linksys is concerned GRE 47 is essentially tcp/udp 47 in from the ip of the remote routable IPs of each location. You'll probably want to pass that traffic between all the routers as well as 1723 tcp/udp.

If I can find a patch cable I'll see if I can set something up with this so I can see the screens for incoming connections in XP. Make sure any other firewalls on the hosts allow these ports or put rules for the localnet subnets to reach tcp 137/139 and any other connectivity you want.

Here is what I did, I opened port 47. I set the setting from “Assign DHCP
[IMG]http://gabrielvilla.com/DCHP.jpg[/IMG]

to Specify TCP/IP.
[IMG]http://gabrielvilla.com/spcip.jpg[/IMG]

but you can see the settings on these images...
I tried something else too, I found these command to get on a network via VPN, to where 10.0.0.46 become my IP on th PPP and 10.0.0.1 is my gateway where I'm currently at... Does having the same scheme have anything to do with this problem??

BATCH:
ROUTE DELETE 0.0.0.0
ROUTE ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1 METRIC 2
ROUTE ADD 10.0.0.0 MASK 255.0.0.0 10.0.0.46 METRIC 1

PS... I really would appreciate some more help, I want to get this resolved today,
thanks

I think most of the vpn users are not happy due to speed problem. Don’t you think that vpn service companies should think about increasing speed? I have solved my issues by taking high speed internet but what about those who are using it less speed.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.