Announcement

Collapse
No announcement yet.

Windows 2016 server L2TP/IPsec VPN - two subnets

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Windows 2016 server L2TP/IPsec VPN - two subnets

    Hello, please how to properly configure VPN in this environment?
    I have two subnets in two different (geographical) workplaces, connected via IPsec (thru gateway routers)
    Main subnet: 192.168.11.0/24, gateway (router IP) 192.168.11.1, Windows 2016 server (VPN, DHCP, DC etc.) 192.168.11.3
    2nd subnet : 192.168.22.0/24, gateway (router IP) 192.168.22.1 - just client computers.

    I need to allow external (home office) users connect via VPN server (192.168.11.3) to the 2nd subnet (192.168.22.0/24) to their computers (via RDP).
    I have no problems with VPN connection to the main subnet computers, but I am not able to properly configure acces to the 2nd subnet.
    I am not able to ping them.

    VPN server does not use DHCP, it has reserved addresses, which are removed from DHCP.
    I think, that this is a problem of RRAS routing configuration.

    I tried to configure RRAS routing, I was able to ping computers in the 2nd subnet and also create RDP connection.
    But there was a bad result:
    After a few days I was not able login remotely to the DC server (192.168.11.3) via Teamviewer and also home office VPN stopped to work.
    Work inside both connected subnets looked normal without problems, but I was unable to manage the DC.
    The only solution was hard reset the DC server, everything then start to work normally, but after a few days abowe mentioned problem returned...

    Any ideas?
    Thanks in advance

    #2
    Re: Windows 2016 server L2TP/IPsec VPN - two subnets

    I found the solution.
    Never run VPN at the DC (messes up the DC entries) or TS server (not recommended, but feasible). Thats all.
    Always choose another box.

    Comment


      #3
      Re: Windows 2016 server L2TP/IPsec VPN - two subnets

      Thanks for coming back, just out of curiosity did you figure out exactly why it happens?
      It does on my workstation laptop, occasionally it will get a wrong IPv6 DNS server entry.
      But I'm not sure where it comes from: 2A00:77C0:FFFF:FFFF
      "The one who says it cannot be done should never interrupt the one who is doing it."

      Comment


        #4
        Re: Windows 2016 server L2TP/IPsec VPN - two subnets

        Originally posted by Per Hansson View Post
        Thanks for coming back, just out of curiosity did you figure out exactly why it happens?
        It does on my workstation laptop, occasionally it will get a wrong IPv6 DNS server entry.
        But I'm not sure where it comes from: 2A00:77C0:FFFF:FFFF
        I have just one recommendation.
        If not necessary, avoid using IP v6.
        Are you running RRAS (VPN) on DC? If so, sorry, there is NO solution.
        I asked many networking specialists, all of them said the same: separate box for RRAS is the only option.
        Im currently running RRAS (about 10 days) at a box with SQL server/terminal server (serves RD apps to the 2nd subnet) and all is running like a charm.
        Also routing to the 2nd subnet is working OK (static routes).
        But:
        Maybe, setting DNS IP manually to the VPN connection (client computer) will help, also set metric to 1 and do not use split tunneling (security reasons).
        Last edited by Fireballcz; 08-08-2022, 02:13 PM.

        Comment

        Working...
        X