16 replies to this topic

[eagle63]

Hey guys, anyone else out there setting up VPN access to their WHS? I've been following this guide which was posted recently: http://thedigitalmed...me-server-2011/
But I've got some questions for the experts. First, I should clarify that I'm actually setting this up on a Windows Server 2008 R2 box not WHS. (though my impression is that it's the same process since WHS 2011 is built on Server 2008) Also, while I'm pretty technical I'm very much a rookie when it comes to networking.

My goal, quite simply, is to be able to connect remotely using VPN from either a windows or mac machine and access my home computers (which consist of a WHS 2003 box, my HTPC, and another win7 box) as if I was actually at home. So that means being able to RDP to them easily, or even access my WHS shared folders.

I've followed the guide listed above and am able to successfully connect to my VPN server (again, that's the win server 2008 r2 box) from outside my home both from a win7 laptop as well as a macbook pro laptop. But here's where I'm hitting some problems:

1. Using my win7 laptop, I can successfully ping 1 of my machines either by using the IP (192.168.etc.etc) OR the computer name. But the other 2 machines Ia can only ping by using the IP, not the name. Using RDP, I can only connect to the host VPN server. I can't RDP to my WHS, my HTPC, or the other win7 box - even if I use the IP address.

2. Using my macbook pro, I can't ping or RDP to any machines in my network. (even though I AM connected to the VPN successfully)

Shouldn't I be able to connect to any internal machine by name? (I kinda thought that was the point of VPN) I can certainly post some ipconfig /all results if that will help... Thanks in advance for anyone who might be able to point me in the right direction.

Oh, also I'm just using workgroup networking, no domain controller.

[jmwills]

No Domain needed...just do not expect the VPN to break any speed records. I've run a VPN from my Server in Korea to the one here in the States but once you take into account the overhead for the tunnel (SSL), it is really slow.

[ikon]

that's been my experience: VPN=slow

[eagle63]

Thanks guys, I'm not expecting or requiring speed with this. (and to be honest, it can't be any slower than the built-in web access in WHS 2011) Do you have any ideas regarding my 2 questions? (particularly number 1)

[ikon]

re: #1, it's a bit unclear. Let's talk about just the WHS for a second. Are you trying to RDP into your WHS outside of the VPN or from inside it?

[jmwills]

#1 sounds like a DNS issue. Flush the DNS on the clients that can only resolve the others via an IP address.

ipconfig /flushdns

[ikon]

Unfortunately, #1 is really 2 questions: DNS, and RDP

[eagle63]

Wow, thanks for all the quick replies. Let's skip question #2 for now.. one step at a time. I thought I already tried flushing the DNS, but I'm going to try again since I can't remember - I'll post back later after I've done that. (I'm away from home right now)

@ikon
Today I can RDP into my WHS (or other machines) from inside my network. My goal is to be able to do the same thing when I'm outside my network, by using the VPN connection. Actually, today I can already RDP into my WHS when I'm away form home because I've opened up a port on my router to allow that. But from a security standpoint, I'm not a big fan of that method. So what I want to do is close that port and instead rely on the VPN connection so that I can tunnel in securely, and THEN start RDP'ing to my various machines as well as access the WHS shares. (basically do whatever I could do if I was sitting at home)

Is what I'm attempting to accomplish doable? Once connected via VPN, should I be able to access any of my internal machines by computer name rather than IP?

Edited by eagle63, 22 April 2012 - 08:09 PM.

[yodafett]

I can with mine with out issue. double check to make sure your on the same IP range and posibbly disable dhcp on the server so your router or native dhcp server can assign the ip. Depending on the router you might want to enable DNS on the home server and register it then with the router so it can resolve.

Edited by yodafett, 22 April 2012 - 08:27 PM.

[eagle63]

I can with mine with out issue. double check to make sure your on the same IP range and posibbly disable dhcp on the server so your router or native dhcp server can assign the ip.

The VPN setup guide I linked to above had me define a static range of IP's rather than DHCP. (I have no idea why) So in my case, my router does DHCP and it hands out IP's from 192.168.1.100 thru 149. In my VPN setup, I set up a static range from 192.168.1.150 thru 159.

Depending on the router you might want to enable DNS on the home server and register it then with the router so it can resolve.

This is intriguing.. can you explain a bit more what you mean exactly? I'm using a standard Linksys WRT54GS router but I'm running the Tomato firmware on it.

[Technogod]

Check the WHS 2011 hosts file. It has a bad habit of assigning IP addresses. Delete the IP addresses. They will cause a conflict with the router.

[ikon]

Check the WHS 2011 hosts file. It has a bad habit of assigning IP addresses. Delete the IP addresses. They will cause a conflict with the router.

Interesting point.

[eagle63]

Ok, I think I may have solved problem #1. In the Routing and Remote Access role, expand the IPv4 node, then right-click on the DHCP Relay Agent node and select properties. In here you can add server addresses, which (presumably) is where you should be the location of your DHCP server. (which in my case is just my router) So I added 192.168.1.1 in this section which is my router's IP and then everything worked perfectly from my win7 laptop. I could ping all my internal machines as well as RDP to them.

Still no luck on problem #2 however. My mac can can connect just fine to the VPN, but once connected it cannot ping nor RDP to any of my internal machines. I'm still doing some troubleshooting so hopefully I'll get this resolved.

One other question though now that I've gained a small amount of VPN knowledge: Is anyone using SSTP (vpn over SSL) on their WHS? I set mine up as PPTP which, as I understand it, is an older and less secure protocol. It's easy to connect to, and I think its is encrypted, but supposedly it's not nearly as robust as SSL. The problem with using SSTP from what I can tell is twofold: first you need to purchase an SSL cert, and second - it's not supported on mac's. Since I run a very mixed-mode household (mac's, windows, and linux) I need something that will be support all 3. (or at least mac and windows)

[scouserjones86]

Hey Eagle

Nice Post.... I am also looking at doing this with my current network. so I thought I would ask you how you found the whole experience as well as living with it on a day to day basis?

From what i can gather the (HOME SIDE) of your VPN is tied down to you WHS ?

My initial plan was to have this tied to my home router then access my network from there? is this sum thing you considered ?

[eagle63]

@scouserjones86

Yes, my WHS 2011 box is acting as the VPN server rather than my router. I'm running the Tomato firmware on my router, though I'm not sure if it supports acting as a VPN server or not. Honestly, I just stumbled across that article first so decided to go that route.

Also, I should mention that I do have everything working fine now even from my Mac. Turns out when I was initially testing all of this I was using my phone's hotspot app which must have some weird quirk or limitation. Connecting from other outside networks (such as my work, friend's house, etc) all works perfectly from my mac. I can RDP and ping any machine inside my network.

[zorba_g]

Just wanted to say thanks for this thread. I used the link in the first post to get set up and am able to access shares on the server without issues (apart from speed which varies). I thought I'd try and contribute to see if SSL is possible with this. I'm going to usehttp://www.makeuseof.com/tag/free-ssl-certificate/ to get a free SSL certificate and see if I can figure out what to do. I'll post back!

[ikon]

That's great zorba_g.