PPTP issues with classless static route DHCP option and extended class C subnet

-

hello,

i have started thread re. rras pptp vpn , wrong vpn routes on pptp clients , whether dhcp options provided pptp clients or not here http://social.technet.microsoft.com/forums/en-us/winservernis/thread/92d24df4-a827-49b6-8798-e66645cc120d. after discussion cannot questions answered , issues realy sorted out. however, in meantime have digged arround , have solved issues getting other ones.

my infrastructure looks this:
- 1 rras server on w2k8 r2 dhcp relay agent enabled
- 2 dhcp servers (kind of 80/20 failover tolerance), 1 in same server rras , 1 on dc in same network segment. rras dhcp agent points remote dhcp
- on booth dhcp servers (actually configured identical, 1 excludes other ones lease scope , vice-versa) there defined 121 classless static route options. other options dns server etc, these same rras server network settings anyway.
- lan segment 192.168.0.0/21 (192.168.0.1 - 192.168.7.254) while dhcp area 192.168.2.0-192.168.3.255 , 192.168.0.1 - -192.168.1.255 supposed static ips area, more or less. attention, not operating regular class c subnet have extende 255.255.248.0 subnet mask, , feel of problems comming here
- dhcp lan clients fine, 121 option defined routes , getting implicite route 192.168.0.0 255.255.248.0 192.168.1.1 (1.1. default gw)
- vpn clients somehow either not neither correct lan route nor 121 option routes dhcp. not true time, true while running dhcp server ras dhcp relay agent on same machine rras server itself. since pointing rras server remotely located dhcp server localhost can't happend exactelly each time when vpn clients. routes partially , not @ all. complete bunch of routes should ones below:

active routes:
network destination        netmask          gateway       interface  metric
          0.0.0.0          0.0.0.0     2.172.78.123     2.172.78.122    296
       2.172.78.0    255.255.255.0         on-link      2.172.78.122    296
     2.172.78.122  255.255.255.255         on-link      2.172.78.122    296
     2.172.78.255  255.255.255.255         on-link      2.172.78.122    296
      10.201.29.0    255.255.255.0         on-link      192.168.2.80     31
    10.201.29.255  255.255.255.255         on-link      192.168.2.80    286
    87.193.62.210  255.255.255.255     2.172.78.123     2.172.78.122     41
        127.0.0.0        255.0.0.0         on-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         on-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         on-link         127.0.0.1    306
       160.48.0.0      255.255.0.0         on-link      192.168.2.80     31
   160.48.255.255  255.255.255.255         on-link      192.168.2.80    286
       160.49.0.0      255.255.0.0         on-link      192.168.2.80     31
   160.49.255.255  255.255.255.255         on-link      192.168.2.80    286
       160.50.0.0      255.255.0.0         on-link      192.168.2.80     31
   160.50.255.255  255.255.255.255         on-link      192.168.2.80    286
      192.168.0.0    255.255.248.0         on-link      192.168.2.80     31
      192.168.2.0    255.255.255.0    192.168.3.100     192.168.2.80     31
     192.168.2.80  255.255.255.255         on-link      192.168.2.80    286
    192.168.7.255  255.255.255.255         on-link      192.168.2.80    286
     192.168.20.0    255.255.255.0         on-link      192.168.2.80     31
   192.168.20.255  255.255.255.255         on-link      192.168.2.80    286
     192.168.56.0    255.255.255.0         on-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         on-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         on-link      192.168.56.1    276
    192.168.182.0    255.255.255.0         on-link     192.168.182.1    276
    192.168.182.1  255.255.255.255         on-link     192.168.182.1    276
  192.168.182.255  255.255.255.255         on-link     192.168.182.1    276
    192.168.206.0    255.255.255.0         on-link     192.168.206.1    276
    192.168.206.1  255.255.255.255         on-link     192.168.206.1    276
  192.168.206.255  255.255.255.255         on-link     192.168.206.1    276
        224.0.0.0        240.0.0.0         on-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         on-link      2.172.78.122    296
        224.0.0.0        240.0.0.0         on-link     192.168.182.1    276
        224.0.0.0        240.0.0.0         on-link     192.168.206.1    276
        224.0.0.0        240.0.0.0         on-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         on-link      192.168.2.80    286
  255.255.255.255  255.255.255.255         on-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         on-link      2.172.78.122    296
  255.255.255.255  255.255.255.255         on-link     192.168.182.1    276
  255.255.255.255  255.255.255.255         on-link     192.168.206.1    276
  255.255.255.255  255.255.255.255         on-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         on-link      192.168.2.80    286
===========================================================================

routes 160.50.0.0, 160.50.0.0, 160.50.0.0, 10.201.29.0 , 192.168.20.0 121 option defined routes, 192.168.0.0/255.255.248.0 corret route defineing corporate lan segment. oftne not routes 160.50.0.0, 160.50.0.0, 160.50.0.0, 10.201.29.0 while still geht route 192.168.20.0 dmz defined identically via 121 classless static route dhcp option 160.x.x.x routes are. see below actual pushed routes pptp client, 2 snippets real, 1 si yesterday , 1 same computer , same account mine:

active routes:
network destination        netmask          gateway       interface  metric
          0.0.0.0          0.0.0.0     2.167.72.251     2.167.72.250    306
       2.167.72.0    255.255.255.0         on-link      2.167.72.250    306
     2.167.72.250  255.255.255.255         on-link      2.167.72.250    306
     2.167.72.255  255.255.255.255         on-link      2.167.72.250    306
      10.201.29.0    255.255.255.0         on-link      192.168.2.21     51
    10.201.29.255  255.255.255.255         on-link      192.168.2.21    306
    87.193.62.210  255.255.255.255     2.167.72.251     2.167.72.250     51
        127.0.0.0        255.0.0.0         on-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         on-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         on-link         127.0.0.1    306
      192.168.0.0    255.255.248.0         on-link      192.168.2.21     51
      192.168.2.0    255.255.255.0    192.168.3.111     192.168.2.21     51
     192.168.2.21  255.255.255.255         on-link      192.168.2.21    306
    192.168.7.255  255.255.255.255         on-link      192.168.2.21    306
     192.168.20.0    255.255.255.0         on-link      192.168.2.21     51
   192.168.20.255  255.255.255.255         on-link      192.168.2.21    306
     192.168.56.0    255.255.255.0         on-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         on-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         on-link      192.168.56.1    276
    192.168.182.0    255.255.255.0         on-link     192.168.182.1    276
    192.168.182.1  255.255.255.255         on-link     192.168.182.1    276
  192.168.182.255  255.255.255.255         on-link     192.168.182.1    276
    192.168.206.0    255.255.255.0         on-link     192.168.206.1    276
    192.168.206.1  255.255.255.255         on-link     192.168.206.1    276
  192.168.206.255  255.255.255.255         on-link     192.168.206.1    276
        224.0.0.0        240.0.0.0         on-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         on-link      2.167.72.250    306
        224.0.0.0        240.0.0.0         on-link     192.168.206.1    276
        224.0.0.0        240.0.0.0         on-link     192.168.182.1    276
        224.0.0.0        240.0.0.0         on-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         on-link      192.168.2.21    306
  255.255.255.255  255.255.255.255         on-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         on-link      2.167.72.250    306
  255.255.255.255  255.255.255.255         on-link     192.168.206.1    276
  255.255.255.255  255.255.255.255         on-link     192.168.182.1    276
  255.255.255.255  255.255.255.255         on-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         on-link      192.168.2.21    306
===========================================================================

so, questions:
1. pptp issue if 1 operates non-regular class c ip v4 subnet do, 2552.55.248.0 mask instead of 255.255.255.0? can issue because vpn server acts if regular class c clients point of view. in additon, can occur clients not set correct route whole corporate netowrk 255.255.255.0 part of extended subnet range?

2. dhcp options, paritculary 121 classless static routes, supposed pushed vpn clients or not? find different statements in internet re. topic.

3. how can come got dhcp ip rang eof dhcp server ras dhcp relay agent not pointing to? possible there cached either server- or client-side previous connections? or can happen due fact have defined superscope on each of dhcp servers including whole address pool. honestly, not skilled when comes dhcp superscope...

i forgot mention absolutely aware of fact t or can due fact default traffic goes thourgh vpn endpont anyway due default gw setting on client-side pptp-connection. issues mentoined above resulting fact nto use option. users use option @ point, we'd not. before runing w2k3 sbs server whith all-in-one instalation on 1 single host, , have not had these issues then.

thanks,
dieter

hi dieter,

 

thanks posting here.

 

yes, dhcp options define on internal dhcp server/scope not issued vpn clients connect rras.

we’d suggest assign static route entries vpn users modifying domain user’s properties if running active directory environment or customizing vpn connection program using cmak:

 

configure static routes dial-in user

http://technet.microsoft.com/en-us/library/cc728159(ws.10).aspx

 

specify routing table updates

http://technet.microsoft.com/en-us/library/cc731036(ws.10).aspx

 

meanwhile, might enable routing feature , add entries on rras in order forward traffics right internal destination/subnets vpn clients.

 

static routing

http://technet.microsoft.com/en-us/library/dd469762(ws.10).aspx

 

regards,

 

tiger li

 

technet subscriber support in forum

if have feedback on our support, please contact  tnmff@microsoft.com.

please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread.


Windows Server  >  Network Infrastructure Servers



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more