Force Windows to Stay Connected to Microsoft VPN when User is Logged Off

vpnwindows-server-2008

I have a Windows Server 2008 at a remote office location that needs to stay connected to the main office via VPN (standard Windows PPTP connection) even when there is no user logged in. Right now, the server can connect to the VPN and auththe Active Directory because when I log in as an administrator, I select the "Network Login" option and when I login, it automatically connects the VPN and establishes the AD authentication.

However, I have services (mainly the Microsoft DPM backup application) that run on this server that require a persistant connection regardless of if a user is logged in. Basically, I need the following:

As soon as the computer starts, it needs to connect to the VPN so that the background services that require a domain connection can run.
If the VPN connection is lost, it needs to continuously try to connect to the VPN (like every 10 minutes).

Is this possible and if so, how can it be accomplished?

Best Answer

from the Routing and Remote Access console (RRAS):

One must be Demand-dial in options tab (at the remote office), set to never hang up
One must be persistent connection in options tab (at main site)
At main site, on the dial-out hours, always prohibit making calls

If you don't do that, both site may try to connect to other at same time and then you have a deadlock

By default, on 2008, you won't be able to ping rras address directly between the two rras server. Technet article to allow it : http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx

The main and only issue i have with rras, is that if you don't have permanent traffic, the vpn will stay marked as connected, but it stop working after some time.

To keep activity, you could create a simple scheduled windows task that launch a ping -t targetIP inside a cmd at system start.

Also, by default, the Routing and Remote Access service is set as Automatic (Delayed start). So windows start the RRAS service 2 minutes after windows is started, and so after all others windows services. Change it to automatic start.

Looks like you are just using the remote office server as a dialup client. So you can create a scheduled task that start on trigger "system start". It will call a cmd that:

use rasdial command to establish vpn
do a ping loop to keep connection working.

rasdial command line: enter image description here

Related Solutions

How to keep general internet traffic off Windows 2008 R2 VPN and only handle VPN traffic

Use the CMAK to create a connectoid that has the option to not use the remote connection as the default gateway. Deploy that connectoid to your users. If you can't deploy the connectoid, simply have your users edit the properties of the connection thusly: Properties >> Networking Tab >> TCP/IP v4 properties >> Advanced >> Disable "Use default gateway on remote network". Works like a charm.

Windows DNS times out when connected to VPN

It turned out to be an issue with the VPN Configuration on our ASA.

I had to remove the line:

split-dns <our domain>

which was causing the ASA to block requests to our internal DNS servers that were not for our domain. We aren't split tunneling, this must have been a remnant from when we were still using split-tunnel.

Thanks!

Best Answer

Related Solutions

How to keep general internet traffic off Windows 2008 R2 VPN and only handle VPN traffic

Windows DNS times out when connected to VPN

Related Topic