We recently moved from RRAS to Softether and some of our clients are having connection issues.
The vpn client used is the standard Windows vpn client.
What happens is the client connects to the vpn and it seems to work just fine (Windows displays the connection as "Connected") but we cannot ping any machine on the network so we don't have access.
What we do then is simply disconnect the VPN and reconnect it and then it works properly (we are able to access the network).
In the Softether server logs we see the client connection as successful and it all seems to be normal. I've compared with other working clients log and it's the same.
The only things these clients have in common (that we have found) is their OS which is Windows 7 and the fact that they have Windows Security Essentials installed. We haven't tried to disable Windows Security Essentials to see if there were any changes just yet.
Windows updates are all installed.
These clients were working just fine on RRAS, we had to change to Softether because we are now on Azure and it doesn't support RRAS.
VPN connects, but no route on client
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
VPN connects, but no route on client
So it seems like the vpn connects but when we do a route print we don't see our route show up.
Like the server couldn't send it or something.
Any idea what this might be?
Like the server couldn't send it or something.
Any idea what this might be?
-
- Posts: 4
- Joined: Wed Jul 17, 2019 2:55 am
Re: VPN connects, but no route on client
Could you tell what kind of server are you using and give here its main settings? And have you tried such tool like "traceroute"?
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
Re: VPN connects, but no route on client
It's a windows server 2016 VM in Azure.
The configuration looks pretty standard.
We listen on 443,992,1194,5555.
We only have one virtual hub.
Our clients connect only with SSTP, we have a certificate on the server.
Virtual host network interface settings :
IP Address : 192.168.40.1
Subnet Mask : 255.255.255.0
We use virtual NAT function with :
MTU : 1500
TCP Session Timeout : 1800
UDP Session Timeout : 60
We use virtual DHCP server functions :
Distributes IP Address : 192.168.40.10 to 192.168.45.200
Subnet Mask : 255.255.255.0
Lease limit : 7200 seconds
DNS server address 1 : 10.65.1.20 (which is an AD)
We push the following static route :
10.0.0.0/255.0.0.0/192.168.40.1
Any other setting I am missing that you would like to know about?
The configuration looks pretty standard.
We listen on 443,992,1194,5555.
We only have one virtual hub.
Our clients connect only with SSTP, we have a certificate on the server.
Virtual host network interface settings :
IP Address : 192.168.40.1
Subnet Mask : 255.255.255.0
We use virtual NAT function with :
MTU : 1500
TCP Session Timeout : 1800
UDP Session Timeout : 60
We use virtual DHCP server functions :
Distributes IP Address : 192.168.40.10 to 192.168.45.200
Subnet Mask : 255.255.255.0
Lease limit : 7200 seconds
DNS server address 1 : 10.65.1.20 (which is an AD)
We push the following static route :
10.0.0.0/255.0.0.0/192.168.40.1
Any other setting I am missing that you would like to know about?
-
- Posts: 329
- Joined: Wed Sep 18, 2013 1:49 pm
Re: VPN connects, but no route on client
desforgesy-------Distributes IP Address : 192.168.40.10 to 192.168.45.200
Is the ".45.200" correct or a typo? If correct I don't think the vpn clients that receive a ".45.x" ip address would see the ".40.x" network or vise versa.
Is the ".45.200" correct or a typo? If correct I don't think the vpn clients that receive a ".45.x" ip address would see the ".40.x" network or vise versa.
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
Re: VPN connects, but no route on client
It is not a typo.
If the ".45.x" ip does not see the ".40.x" network it would be OK since those are addresses reserved for clients only.
So the clients don't need to see each other.
They only need to access our servers which are on the 10.65.1.x network.
That's why we have added a static route for 10.0.0.0.
Does that make sense?
If the ".45.x" ip does not see the ".40.x" network it would be OK since those are addresses reserved for clients only.
So the clients don't need to see each other.
They only need to access our servers which are on the 10.65.1.x network.
That's why we have added a static route for 10.0.0.0.
Does that make sense?
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
Re: VPN connects, but no route on client
Also as areminder, when the static route gets pushed it works.
It really only doesn't work when the route doesn't get pushed to the client.
So the route itself is ok, the problem is that the client doesn't always receive it for some reason.
It really only doesn't work when the route doesn't get pushed to the client.
So the route itself is ok, the problem is that the client doesn't always receive it for some reason.
-
- Posts: 6
- Joined: Wed Jul 17, 2019 3:08 pm
Re: VPN connects, but no route on client
UP
Heeeeeeelp pls!
Anyone every had this problem before?
Thanks :)
Heeeeeeelp pls!
Anyone every had this problem before?
Thanks :)