 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Remote Desktop / May 2008XP Remote Desktop over VPN problem
OS: XP Pro V2002 SP2. Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN Client/Server) between two standalone PCs. Each work fine on their own ie. VPN connects OK or RDT connects and works OK, but once I setup VPN connection and try and run RDT over it, it fails to connect. I have used this solution successfully between two XP PCs, but with domains defined (using Computer Name in the RDT Connection 'Computer:' field). The PCs I have the problem with both have a workgroup defined, not domain, (Windows default of WORKGROUP). I have tried both the Computer Name and the hostname, neither work. Can anyone help with a solution? When you connect with the VPN can you ping the target Remote Desktop (RDC) host PC by IP? Note that if the PPTP VPN server network and the remote network your accessing the server on are using the same address scope, ie. both in the 192.168.0.X range for example, you will have trouble connecting to the RDC host. Its a good idea for the server network and the remote network to be in different address ranges, ie. PPTP VPN server on 192.168.0.X and the remote client on 102.168.1.X for example. Note the third octet.  SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > OS: XP Pro V2002 SP2. > Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN [quoted text clipped - 9 lines] > work. > Can anyone help with a solution? Correction..."client on 192.168.1.X for example. Note the third octet." SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 The last should read .... " > When you connect with the VPN can you ping the target Remote Desktop (RDC) > host PC by IP? [quoted text clipped - 20 lines] >> work. >> Can anyone help with a solution? Correction..."client on 192.168.1.X for example. Note the third octet." SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > When you connect with the VPN can you ping the target Remote Desktop (RDC) > host PC by IP? [quoted text clipped - 20 lines] >> work. >> Can anyone help with a solution? The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless Broadband modem with dynamic IP address. Often I am using the same config on my local PC. Therefore the IP addresses are allocated from the ISPs pool and appear to be across the various Public IP address ranges and I assume have no control over this (they don't offer a static IP service). I have have just noted in another thread on another site that VPN allocates it's own separate set of IP addresses inside of this. They tend to be in the 169.254.x.x range. I have also just found I can see the client/server addresses at the local end and can use the server IP address in RDT to connect. However these addresses seem to be dynamic as well and I was trying to find a way to use a consistent connection name in RDT (like Computer Name) as I have a number of different remote PCs to connect into. I tried putting the VPN server IP address in the HOST file of the remote PC with a text name, but it didn't work. Fundamentally I'm trying to keep it simple and just wanted to use a hostname to establish VPN and Computer Name for RDT. > Correction..."client on 192.168.1.X for example. Note the third octet." > [quoted text clipped - 22 lines] > >> work. > >> Can anyone help with a solution? So your basic connection is like this if you ignore the desktop and laptop on the VPN servers network. You only have the VPN client and the VPN server which is also the PC you want to access with Remote Desktop (RDC), right? http://theillustratednetwork.mvps.org/Vista/PPTP/VPN-HomeUser.html As far as dynamically assigned IPs from an ISP you could use a service like No-IP.com to map a fully qualified domain name (FQDN) to the ISP assigned IP. That way you simply call the remote VPN server or Remote Desktop (RDC) host PC by the FQDN. The 169.254.X.X address is not assigned by the VPN or DHCP server. That simply means the client PC your seeing it on is not getting a valid IP from the local DHCP server. If your running the built-in PPTP VPN server on an XP box you can manually configure what the address is the client will receive. In the case of an XP box acting as both a PPTP VPN server and the RDC host use the first address in the example, ie. the From: address. The client gets the To: address. http://theillustratednetwork.mvps.org/WM2003/VPN_Server/IncomingConnectionsTCPIP.JPG SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless > Broadband modem with dynamic IP address. Often I am using the same config [quoted text clipped - 56 lines] >> >> work. >> >> Can anyone help with a solution? Yes it's just two XP PCs connected to each other with the internet in between, no private LAN, servers or routers etc. I already use a hostname service via DynDNS.com to manage the dynamic IP address issue of the remote PC. So yes I establish the VPN connection by using the FQDN. But here's the thing, once I've got the VPN tunnel established I thought I could use the 'Computer Name' to make the RDT connection because this works with PCs that have a common domain defined in Control Panel/System/Computer Name. However these PCs actually have no domain but a workgroup defined and the Computer Name connection method fails. Why is this so???? If I use the FQDN again in the RDT it also fails. Fyr if I try the latter with PCs that have identical domains it sets up two parallel paths: 1 x VPN, 1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is outside the VPN tunnel ie. it's not encrypted. Re yor last paragraph... I think this is going to be a good alternate solution. I'll do some testing and get back to you. Thanks heaps. > So your basic connection is like this if you ignore the desktop and laptop > on the VPN servers network. You only have the VPN client and the VPN server [quoted text clipped - 78 lines] > >> >> work. > >> >> Can anyone help with a solution? See the inline replies... > Yes it's just two XP PCs connected to each other with the internet in > between, no private LAN, servers or routers etc. I already use a hostname [quoted text clipped - 10 lines] > the Computer Name connection method fails. > Why is this so???? I am not sure if NetBIOS names are propagated through a PPTP VPN tunnel. I used a lmhosts or hosts file to map NetBIOS names through a PPTP VPN tunnel when I used one in the past. Use of the IP works all the time. In your case use the From: IP that you setup in the PPTP VPN server config to call the PC using RDC since your trying to connect to the same PC through the VPN tunnel. > If I use the FQDN again in the RDT it also fails. Right because you probably don't have TCP Port 3389 open on any software firewall the remote PC is running. As an alternative to VPN just open TCP Port 3389 up and forget about the VPN. You can then use the FQDN to call the PC. The RDC connection is natively encrypted. Make sure you use a *strong* password. >Fyr if I try the latter > with PCs that have identical domains it sets up two parallel paths: 1 x > VPN, > 1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is > outside the VPN tunnel ie. it's not encrypted. RDC is natively encrypted. I don't know why your analyzer says otherwise. > Re yor last paragraph... I think this is going to be a good alternate > solution. I'll do some testing and get back to you. > > Thanks heaps. SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 >> So your basic connection is like this if you ignore the desktop and >> laptop [quoted text clipped - 98 lines] >> >> >> work. >> >> >> Can anyone help with a solution? I forgot to add here is how to configure the XP Windows Firewall on your headless PPTP VPN/RDC server/host machine if you just want to use RDC without going through the VPN tunnel. Obviously its similar if your using a different software firewall on the PC. http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTrouble shooting.html#Port_forwarding You also might consider changing the default encryption level to "High" from the default. That is done via a group policy setting on your RDC host machine. The following was written for a Vista host but its the same for XP. http://theillustratednetwork.mvps.org/RemoteDesktop/RDP6ConfigRecommendations.ht ml#host SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > See the inline replies... > [quoted text clipped - 150 lines] >>> >> >> work. >>> >> >> Can anyone help with a solution? Thanks for all the extra info, it's been interesting reading. I've got good news (as you would expect). I used your suggested alternative to manually configure what address the client/host will receive. To keep it simple I used 11.11.11.11 - 11.11.11.12 for PC1, 22.22.22.22 - 22.22.22.23 for PC2 etc. This makes the connection setup more user friendly. For example the VPN is established using a FQDN, via a hostname service, which has recognisable text pertanent to the host (telemetry) PC. Once the VPN is connected the RDT is connected using 11.11.11.11, if it's PC1 we're connecting to. For certain applications TightVNC is more suitable than XP RDT and this method ensures the payload is encrypted. Once a successful connection has been made then the addresses are stored in the RDT drop down list and helps the user setup the connection without having to remember/retyping the addresses. A great outcome, thanks. > I forgot to add here is how to configure the XP Windows Firewall on your > headless PPTP VPN/RDC server/host machine if you just want to use RDC [quoted text clipped - 163 lines] > >>> >> >> work. > >>> >> >> Can anyone help with a solution? Sorry for disturb your discussion, but I have a similar problem maybe you could help. I have a normal LAN, connected to internet and with a PC running SQL-Server express. I need to connect a external PC via VPN to the LAN. For security reasons I can not use de SQL PC as a VPN server, but maybe I could use one of the others as a VPN server and connect through it to the SQL-PC. This is the idea: the LAN is in the 192.168.16.x range, I use an internte router with the needed ports open and the VPN server PC with 2 NICs (network cards). What is the configuration method I should use? Thank you for your help. SignatureJosé Camacho Vaca Colima, MX > So your basic connection is like this if you ignore the desktop and laptop > on the VPN servers network. You only have the VPN client and the VPN server [quoted text clipped - 78 lines] > >> >> work. > >> >> Can anyone help with a solution? Jose, Since the LAN is behind a router there really is no need to use two NICs in the VPN server. Your network would then look close to this example. In this example the VPN server is Ashtabula. http://theillustratednetwork.mvps.org/Vista/PPTP/ExampleVistaVPNNetwork.pdf ...with the VPN server on one desktop and the SQL server on the other desktop. In the above example the SQL server would be running on Norman. Use addresses in the 192.168.16.X range versus the 192.168.1.X range in this example. http://theillustratednetwork.mvps.org/Vista/PPTP/VPNSetup06.jpg You should be able to access the SQL server by IP or name once you connect through the VPN. You may need to use an lmhosts file on the client to map names to LAN IP addresses. Here is an example based on the above example network. You would change the addresses to the 192.168.16.X range. http://theillustratednetwork.mvps.org/Vista/PPTP/Examplelmhosts.txt Make sense? SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > Sorry for disturb your discussion, but I have a similar problem maybe you > could help. [quoted text clipped - 9 lines] > the needed ports open and the VPN server PC with 2 NICs (network cards). > What is the configuration method I should use? Thank you for your help. Thank you for your help. It makes sense. Only one question please. How many computers can I connect to this VPN? Thank you again. SignatureJosé Camacho Vaca Colima, MX > Jose, > [quoted text clipped - 33 lines] > > the needed ports open and the VPN server PC with 2 NICs (network cards). > > What is the configuration method I should use? Thank you for your help. An XP or Vista PPTP server will only accept one incoming VPN connection at a time. If you need more you should look at a server class OS like Windows 2003 or SBS or use another type of VPN like OpenVPN for example. Good luck... SignatureAl Jarvi (MS-MVP Windows – Desktop User Experience) Please post *ALL* questions and replies to the news group for the mutual benefit of all of us... The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... How to ask a question http://support.microsoft.com/KB/555375 > Thank you for your help. It makes sense. Only one question please. How > many computers can I connect to this VPN? [quoted text clipped - 47 lines] >> > What is the configuration method I should use? Thank you for your >> > help. Thank you for your help Al. I been checking the OpenVPN software and seems too complicated for me. I would like a simpler solutions like the one I'll try to explain. If a have a network with 5 PCs and configure 3 of them to receive VPN, is it posible to connect 3 external PCs to them? Thank you again for your help. SignatureJosé Camacho Vaca Colima, MX > An XP or Vista PPTP server will only accept one incoming VPN connection at a > time. If you need more you should look at a server class OS like Windows [quoted text clipped - 53 lines] > >> > What is the configuration method I should use? Thank you for your > >> > help. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.