Forum Discussion
RDP connection through VPN only to RAS IP not to main IP
Agreed on routing issues. Dual gateways would likely be problematic. I'd hope by "DC-02" you didn't mean a domain controller. Multi-homing a domain controller will always cause no end to grief. If so I'd recommend installing the RASS / VPN roles on a member server.
I can RDP the machine from within the remote LAN perfectly on 192.168.124.16:
PS C:\Windows\System32> Test-NetConnection -ComputerName "192.168.124.16" -CommonTCPPort "RDP" -InformationLevel "Detailed"
ComputerName : 192.168.124.16
RemoteAddress : 192.168.124.16
RemotePort : 3389
AllNameResolutionResults :
MatchingIPsecRules :
NetworkIsolationContext : Private Network
IsAdmin : False
InterfaceAlias : Ethernet
SourceAddress : 192.168.124.16
NetRoute (NextHop) : 0.0.0.0
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : True
The tracert from source to target looks like this:
PS C:\WINDOWS\system32> tracert 192.168.124.16
Routenverfolgung zu 192.168.124.16 über maximal 30 Hops
1 60 ms 60 ms 58 ms 192.168.124.30
2 59 ms 59 ms 61 ms 192.168.124.16
Ablaufverfolgung beendet.
PS C:\WINDOWS\system32> tracert 192.168.124.30
Routenverfolgung zu 192.168.124.30 über maximal 30 Hops
1 62 ms 60 ms 60 ms 192.168.124.30
Ablaufverfolgung beendet.
The firewall on the target server is turned off.
It seems that there is no routing from RAS-dialin interface to the ethernet interface except for the icmp protocol.
It seems that there is no routing from RAS-dialin interface to the ethernet interface except for the icmp protocol.
Sounds like some other blocking going via this dial-up path. I was suggesting to tracert from source to target. Obviously tracert on the same subnet is not useful.
I was suggesting to tracert from source to target. Obviously tracert on the same subnet is not useful.
I made the tracert on the remote machine (W-05 = source), which is connected via VPN to the server (target). When I establish a VPN connection, W-05 gets an IP address from the subnet.
Here again (due to a server reboot the RAS-dialin IP changed from 192.168.124.30 to 192.168.124.31).
PS C:\WINDOWS\system32> ipconfig /all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : W-05
Primäres DNS-Suffix . . . . . . . : remoteDomain.local
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : remoteDomain.local
myDomain.local
Ethernet-Adapter Ethernet:
Verbindungsspezifisches DNS-Suffix: remoteDomain.local
Beschreibung. . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physische Adresse . . . . . . . . : 44-37-E6-81-15-12
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::281e:339e:4aaf:5ce0%5(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.140.34(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Mittwoch, 22. Mai 2019 14:53:12
Lease läuft ab. . . . . . . . . . : Donnerstag, 30. Mai 2019 16:34:15
Standardgateway . . . . . . . . . : 192.168.140.1
192.168.145.1
DHCP-Server . . . . . . . . . . . : 192.168.140.15
DHCPv6-IAID . . . . . . . . . . . : 71579622
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-16-84-C3-42-44-37-E6-81-15-12
DNS-Server . . . . . . . . . . . : fe80::37af:966a:f63:f586%5
192.168.140.15
192.168.140.1
192.168.145.1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
Suchliste für verbindungsspezifische DNS-Suffixe:
remoteDomain.local
PPP-Adapter myDomain:
Verbindungsspezifisches DNS-Suffix: myDomain.local
Beschreibung. . . . . . . . . . . : myDomain
Physische Adresse . . . . . . . . :
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.124.30(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.255
Standardgateway . . . . . . . . . :
DNS-Server . . . . . . . . . . . : 192.168.124.16
NetBIOS über TCP/IP . . . . . . . : Aktiviert
Ethernet-Adapter vEthernet (Default Switch):
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physische Adresse . . . . . . . . : E2-15-30-C9-DE-52
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::fc9b:4806:cc25:a986%19(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 172.17.76.33(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.240
Standardgateway . . . . . . . . . :
DHCPv6-IAID . . . . . . . . . . . : 333583664
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-16-84-C3-42-44-37-E6-81-15-12
DNS-Server . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> tracert 192.168.124.16
Routenverfolgung zu 192.168.124.16 über maximal 30 Hops
1 59 ms 58 ms 59 ms 192.168.124.31
2 62 ms 60 ms 61 ms 192.168.124.16
Ablaufverfolgung beendet.
PS C:\WINDOWS\system32>- Ok, well still a bit confusing. When you said;I made the tracert on the remote machine (W-05 = source), which is connected via VPN to the server (target). When I establish a VPN connection, W-05 gets an IP address from the subnet.It sounds to me like W-05 is the target. Also W-05 has two gateways listed which could be problematic. Looks like W-05 is a windows 10 with Hyper-V role installed that could also be complicating issues.
- The RAS server DC-02 is the target. W-05 is one of several workstations /laptops connecting via VPN.
W-05 is a developer computer with visual studio. Hyper-V role is installed.
The problem occurs on all computers connecting to DC-02 via VPN. Computers in the LAN of DC-02 don‘t have any problems.