We did set up a Windows Server 2019 as a VPN-Server that should grant access to a /22-network.. It has a single Ethernet-connection to the network 192.168.32.0/22 (spanning up to 192.168.35.255). The server's IP is 192.168.33.47 and the RAS-connection has 192.168.33.201.
But when opening the VPN-connection (split-tunneling enabled), I can only reach everything in 192.168.33.0/24. The remainder of the network is not reachable.
What do I need to change on the RAS-Server in order to reach the entire network?
The issue seems to be the routing-table (192.168.110.1 is the remote computer's gateway):
route print -4
Network destination Netmask Interface Gateway Metric
0.0.0.0 0.0.0.0 192.168.110.1 192.168.110.12 25
192.168.33.0 255.255.255.0 192.168.33.200 192.168.33.208 26
(...)
Requests to 192.168.32.0/24 are thus routed to the local gateway 192.168.110.1 instead of 192.168.33.200.
The powershell confirms this:
Find-NetRoute -RemoteIPAddress "192.168.33.5" (...) NextHop : 192.168.33.200 (good!) Find-NetRoute -RemoteIPAddress "192.168.32.5" (...) NextHop : 192.168.110.1 (wrong!)
I can edit the routing-table manually of course:
route add 192.168.32.0 MASK 255.255.255.0 192.168.33.200 METRIC 26
The whole target-network is reachable after that. But surely, it cannot be the solution to edit the routing-table on each client.
What do I need to change on the server-side in order to get this to work automatically?
Thank you very much!
Edit: As requested a screenshot of the configuration of the static route that I tried.
Best Answer
From the output you have provided, the subnet mask for VPN client is /24. This will only allow it to access 192.168.33.0/24. There are few possible solutions.
Fix the subnet mask, for example, if you hare using DHCP to assign IP address, update the subnet mask to 255.255.252.0.
Add routes in the RRAS console, IP routing, Static Routes, Add new static routes for remaining networks, like 192.168.32.0/24 and point them the IP Address of server's NIC which is connected to LAN.