I created a split-tunnel VPN connection to a remote server (suppose name is ABC), so I could access both the Internet and resources on the remote network simultaneously from the client.
I can access the Internet fine, but I'm having trouble accessing the ABC server itself. The problem is that if I use the public IP which the VPN is connected to, it doesn't get routed over the VPN so I can't access secure resources. Of course, I can manually run a "route add" command to force traffic for that public IP over the VPN gateway, but I'm tired of doing that every time I connect the VPN.
When I run "route print", it looks like the only addresses it will forward by default over the VPN are in the range 192.168.1.0 – 192.168.1.100.
The question, therefore, is might the VPN server ABC be reachable on an address in that range, or can I set it up to have an address on that range so it is reachable through the VPN? Perhaps I can add some static address translation on the "Internal" VPN interface?
Best Answer
It was definitely a problem with Server 2008.
A workaround is to install a "Microsoft Loopback Adapter".
First of all, check the range of IPs you have assigned to your RRAS VPN Server and the network mask associated with it. For example, I assigned mine the range 192.168.1.0-192.168.1.255, which results in an auto-generated network mask of 255.255.255.0.
The address of the VPN Server itself and all its shares will take on the first valid address in that range, so in this case it becomes 192.168.1.1. Because of this BUG IN SERVER 2008, the ports for file sharing aren't open. Here is where the Loopback Adapter comes in to play. Once installed, you just give it an IP address like 192.168.1.2, and then use that address to access the shares. Although it refers to the same machine as 192.168.1.1, it does not exhibit the bug that blocks the file sharing ports.
When finished, you must make sure your firewall is allowing communication to that IP address on the file sharing ports, because "Local Subnet" won't cut it (it would refer to your public IPs local subnet). You'll have to manually add exceptions for 192.168.1.2 ports 129 and 445. Note that even with the firewall OFF, that BUG prevents any communication with those ports on the VPN servers IP 192.168.1.1, which is why we have to use the loopback adapter to get around it.
To install the Loopback Adapter, go to Device Manager, right click first node which is your computer and choose "Add legacy hardware". Alternatively, open control panel and type "add hardware" in the search box, and you'll see a result under Device Manager for "Install drivers for older devices with Add Hardware Wizard".
Next, choose "Install the hardware that I manually select from a list (Advanced)", then choose "Network Adapters" (next), then choose "Microsoft" as the manufacturer, then "Microsoft Loopback Adapter" from the Network Adapter list.
Once installed, you must configure it. Go to it's IPV4 properties and give it an IP address in the range of local addresses for your RRAS VPN Server, which I mentioned I just used 192.168.1.2 (one number above the VPN server itself). Also, give the loopback adapter a subnet mask that matches your VPN's address range (e.g. 255.255.255.0). Leave the default gateway and DNS servers blank.
That's it. Now you can access file shares on the loopback adapter's address from the remotely connected client.