VPN Connects but there are issues;

[Guest LilMissy]

I have a server set up off site, I followed the host set-up on the computer and ports are forwarded and the firewall is configured, I have set up a specific username and password to connect into it aswell.

 

I set up the Client and the connection goes through fine.

 

here comes the problems;

 

The client loses internet browsing capability (internet still works for other purposes), this is fixed by disconecting the vpn and reconnecting.

 

When trying to access the server by name accross the network the BT router tries to resolve the IP and we can't access it.

 

so my questions are

 

a) is there a way to stop Windows 7 on the client from trying to use the vpn for internet browsing (is this as simple as setting the routers ip as the Proxyserver in IE and Firefox?)

 

b) how can i get the computers to communicate via name rather than IP OR can I set the server to have a fixed IP within the VPN?

 

Thanks

 

A troubled Tech Guy

[Steve Krause]

When you say:

 

I have a server set up off site, I followed the host set-up on the computer and ports are forwarded and the firewall is configured

 

I assume you followed our step-by-step Tutorial for VPN? Or, are you using another VPN product as the server and Windows 7 as the guest system?

[Guest LilMissy]

I used your VPN setup guide, as it was quick and simple (even my boss managed to follow the client setup guide without a problem)

[Guest Joseph]

So you need to make sure your DNS is able to resolve your VPN Host server. If your connecting remote (Off network over the internet) your home computer will obviously not be able to resolve DNS for the VPN HOST server if your forwarding the posts through your firewall and into your Windows 7 host on your internal work network.

 

What I do is my firewall at home is configured with DNS vpn.homedomain.com. This allows me to resolve my VPN client to my home firewall. My home firewall then forwards the packets to my Windows 7 box which is hosting the VPN host/connect STUFF etc.. From there I'm good to go.

 

Now, in regards to your VPN connection not being able to browse locally... This is normally called "Split Tunneling" which is the default for most VPN systems.

 

Most security corp dudes dont like you to be able to connect to the VPN work network and browse the internet at the same time. To limit this they dont allow you to surf your local network or the internet the same time you connect into work with the VPN.

 

By default Windows 7 actually is configured to ALLOW split tunneling so I'm surprised your having problems. Are your machines that your running VPN on attached to a windows domain?

 

To verify that Split Tunneling is in fact ENABLED for Windows 7, you need to login as Administrator to the PC and type gpedit.msc into the start menu. This will open the local group policy editor.

 

From there navigate to: Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall. Now under the settings (RIGHT) windows, be sure the setting: "Route all traffic through the internal network" is set to "Not Configured" or "Disabled".

 

Here's what it says regarding this setting:

 

Route All traffic through the internal network

This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.

 

When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.

 

If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.

 

If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.

 

If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.

 

So I think that's the setting for this. I'm guessing this has become enabled on your PC somehow???

[Guest LilMissy]

The exact configuration is we have a data server housed off-site for security reasons.

 

Setup;

SERVER (off site): is opperating as the VPN server and is running windows 7 ultimate and connects to the internet via a dlink router. I had to disable the windows firewall as i couldn't get any connections in through it even for VNC (even after dropping the VNC programs into the allow list) so we are opperating with the router operating as a hardware firewall.

 

CLIENTS: both operating windows 7 ultimate (one x86 one x64) with VNC (so again the windows firewall is disabled) these connect to the internet via a BT business Hub. only one PC has the internet issue, and it does or doesn't work randomly after connecting to the VPN.

 

 

is it possible to set the server up to resolve name hosts? as i don't think the dlink has vpn capability.

 

I have looked for the firewall setting you mentioned but the only setting in that location is; "Windows Firewall: Allow Authenticated IPsec Bypas" = Not Configured (but maybe because it is disabled?)

 

Thanks for the assist.

[Steve Krause]

Navigate using gpedit.msc and take a screenshot of the following location:

Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall.

You should have more options available in the gpedit.msc than just the one you listed.