Guest Martin Rhodin Posted November 15, 2007 Posted November 15, 2007 Hi I have made a cmak vpn connection, wich have added some routes and removed the default gateway so both intranet and the user's own internet gateway is available. Now this works on Windows XP but it doesnt in Vista, and i think its some security issue. I have turned of UAC and have no third party firewall. The intranet is available but the internet is not. Googled for a solution but it doenst seem like there is one and its a know issue for many people.Please advice if you have any thoughts on this. Thank you. Martin Rhodin Quote
Guest Ashish Pingle Posted November 25, 2007 Posted November 25, 2007 Hi, I have got a workaround for this issue. While installing the dialer make sure that it is installed using "My use only" option which is default. Next, I haven't tried this with UAC disabled, it works for sure when UAC is enabled. Try it let me know the status. Thanks Ashish Pingle "Martin Rhodin" wrote: <span style="color:blue"> > Hi > > I have made a cmak vpn connection, wich have added some routes and removed > the default gateway so both intranet and the user's own internet gateway is > available. Now this works on Windows XP but it doesnt in Vista, and i think > its some security issue. I have turned of UAC and have no third party > firewall. The intranet is available but the internet is not. Googled for a > solution but it doenst seem like there is one and its a know issue for many > people.Please advice if you have any thoughts on this. > > Thank you. > > Martin Rhodin > > > </span> Quote
Guest jasonpgreen Posted April 3, 2008 Posted April 3, 2008 I've found a work around for this. Instead of using the CMAK Rounting Table update, ues the Classless Static Routes DHCP Option. USING THE CLASSLESS STATIC ROUTES DHCP OPTION Windows 2000, Windows XP, and Windows Server 2003-based VPN clients send a DHCPInform message to the VPN server, requesting a set of DHCP options. This is done so that the VPN client can obtain an updated list of DNS and WINS servers and a DNS domain name that is assigned to the VPN connection. The DHCPInform message is forwarded to a DHCP server on the organization intranet by the VPN server and the response is sent back to the VPN client. Windows XP and Windows Server 2003-based VPN clients include the Classless Static Routes DHCP option in their list of requested DHCP options. If configured on the DHCP server, the Classless Static Routes DHCP option contains a set of routes representing the address space of your intranet. These routes are automatically added to the routing table of the requesting client when it receives the response to the DHCPInform message and automatically removed when the VPN connection is terminated. The Windows Server 2003 DHCP Server service supports the configuration of the Classless Static Routes option (option number 249). To use the Classless Static Routes option for split tunneling, configure this option for the scope that corresponds to the intranet subnet to which the VPN server is connected. Next, add the set of routes that correspond to the summarized address space of your organization intranet. For example, if you use the private IP address space for your organization intranet, the Classless Static Routes option would have the following three routes: - 10.0.0.0 with the subnet mask of 255.0.0.0 - 172.16.0.0 with the subnet mask of 255.240.0.0 - 192.168.0.0 with the subnet mask of 255.255.0.0The Router IP address for each route added to the Classless Static Routes option should be set to the IP address of a router interface on the intranet subnet to which the VPN server is connected. For example, if the VPN server is connected to the intranet subnet 10.89.211.0/24 and the IP address of the intranet router on this subnet is 10.89.21.1, then set the Router IP address for each route to 10.89.21.1. NOTE: Do _not_ set the VPN connection to be the default gateway. You will also need Vista SP1 or this 'You cannot use a remote access server to apply DHCP options to a Windows Vista-based computer' (http://support.microsoft.com/kb/933340/) hotfix. hope this helps -- jasonpgreen Quote
Guest timinator Posted May 16, 2008 Posted May 16, 2008 Hi, I'm having this problem also and would love to get it solved as more people are trying to connect to our vpn using Vista. I'm a bit confused at the above explaination. My vpn server is an Windows 2003 appliance with a custom front end. I'm not sure how to modify the DHCP scope in the way decribed. Any help would be appreciated. Thanks Tim -- timinator Quote
Guest jasonpgreen Posted May 19, 2008 Posted May 19, 2008 Hi Tim, If you are using Windows 2003 standard Routing and Remote Access, then you just need to set it, in properties, to assign IP addresses via DHCP. Then add the Classless Static routes in the Windows 2003 DHCP server. Cheers Jason -- jasonpgreen Quote
Guest timinator Posted May 19, 2008 Posted May 19, 2008 Jason, the server does supply addresses via DHCP. And also static routes. The front creates the connectoid using CMAK. Here is at look at the routes added by CMAK during the wizard. REMOVE_GATEWAY ADD 172.17.0.0 MASK 255.255.0.0 default METRIC default IF default ADD 172.18.1.10 MASK 255.255.255.255 default METRIC default IF default ADD 192.99.99.163 MASK 255.255.255.255 default METRIC default IF default but on connection from the client, Vista will not allow these commands to run. Thanks Tim -- timinator Quote
Guest jasonpgreen Posted May 22, 2008 Posted May 22, 2008 Hi Tim, You need to recreate the CMAK. 1. Remove the part that adds the routes: REMOVE_GATEWAY ADD 172.17.0.0 MASK 255.255.0.0 default METRIC default IF default ADD 172.18.1.10 MASK 255.255.255.255 default METRIC default IF default ADD 192.99.99.163 MASK 255.255.255.255 default METRIC default IF default 2. Make sure you do _not_ select the CMAK VPN as the default route. Then add the Classless Static Routes to you DHCP server as I descibed previously. Then the DHCP serve will provide the required static routes. Cheers Jason -- jasonpgreen Quote
Guest timinator Posted May 22, 2008 Posted May 22, 2008 Thanks for that info. I'm still not sure where to add the classless routes? Is it the server's static routes? Thanks -- timinator Quote
Guest jasonpgreen Posted May 22, 2008 Posted May 22, 2008 Take a look at the attached screen shot. Jason +-------------------------------------------------------------------+ |Filename: dhcp.JPG | |Download: http://vista64.net/forums/attachment.php?attachmentid=4024| +-------------------------------------------------------------------+ -- jasonpgreen Quote
Guest timinator Posted May 22, 2008 Posted May 22, 2008 I'm not abe to get to that module. The "Manage your Server" or "Configure your Server wizard" are not available in "Adminstrative Tools". Is there a run command to get there? Thanks -- timinator Quote
Guest jasonpgreen Posted May 22, 2008 Posted May 22, 2008 On the server running your dhcp server, click on Start -> Admin Tools -> DHCP Cheers Jason -- jasonpgreen Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.