According to Apple’s support article on VPN for iOS, only Cisco IPSec, Juniper Junos Pulse, and Cisco AnyConnect support the VPN on-demand feature. Are there any open-source implementation (‘free’ as in beer is more important here) of these that I could deploy on a Linux-based system with no special hardware?
Update: I already have a PPTP solution. I am specifically interested in the on-demand features of the other two.
Source: (StackOverflow)
I have problems with an OpenVPN tunnel which does not reach line speed. The gateway is a Debian Jessy virtual server hosted at OVH. The client is either my freebsd 10.2 homeserver (Intel I3 Ivy Bridge) or my RaspberryPI2. I deactivated encryption and authentication. I have a 100mbit/s symmetrical FTTH connection but the tunnel only reaches a speed of 20-40mbit/s. Direct connection (without tunnel) always yields the 100mbit/s I expect. I tested the performance with iperf3. I first tried with my freebsd homeserver. I tried all the recommended settings about mssfix, fragment etc. Nothing helped.
Then I thought maybe it is my freebsd machine. So I installed a fresh raspbian Jessy on my RPI2 and did some more in depth testing:
First of all I removed all the MTU settings from the OpenVPN configs and let the path MTU handle things (hopefully). Since I have no firewall active on both machines it should work. These are my vpn configs:
server 10.8.0.0 255.255.255.0
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
user nobody
group nogroup
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
keepalive 10 120
push "redirect-gateway def1"
status openvpn-status.log
verb 3
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/vpn.theissen.io.crt
key /etc/openvpn/easy-rsa/keys/vpn.theissen.io.key
dh /etc/openvpn/easy-rsa/keys/dh4096.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher none
auth none
comp-lzo no
client
proto udp
dev tun12
remote xxx.io 1194
resolv-retry infinite
sndbuf 0
rcvbuf 0
nobind
user nobody
group nogroup
persist-key
persist-tun
verb 3
pkcs12 /etc/openvpn/vpn.theissen.io/alex.p12
tls-auth /etc/openvpn/vpn.theissen.io/ta.key 1
ns-cert-type server
cipher none
auth none
comp-lzo no
First of all the test without the tunnel to show that the connection to the server is indeed almost 100mbit/s:
iperf3 -c vpn.theissen.io
Connecting to host vpn.theissen.io, port 5201
[ 4] local 192.168.1.253 port 34512 connected to 149.202.58.183 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 10.8 MBytes 90.5 Mbits/sec 0 335 KBytes
[ 4] 1.00-2.00 sec 11.4 MBytes 95.7 Mbits/sec 0 335 KBytes
[ 4] 2.00-3.00 sec 11.1 MBytes 93.0 Mbits/sec 0 352 KBytes
[ 4] 3.00-4.00 sec 11.2 MBytes 94.0 Mbits/sec 0 369 KBytes
[ 4] 4.00-5.00 sec 11.5 MBytes 95.9 Mbits/sec 0 390 KBytes
[ 4] 5.00-6.00 sec 11.0 MBytes 92.5 Mbits/sec 0 390 KBytes
[ 4] 6.00-7.00 sec 11.4 MBytes 95.2 Mbits/sec 0 390 KBytes
[ 4] 7.00-8.00 sec 11.2 MBytes 94.3 Mbits/sec 0 390 KBytes
[ 4] 8.00-9.00 sec 11.1 MBytes 93.3 Mbits/sec 0 390 KBytes
[ 4] 9.00-10.00 sec 11.3 MBytes 95.1 Mbits/sec 0 390 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 112 MBytes 93.9 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 112 MBytes 93.5 Mbits/sec receiver
iperf Done.
The packets of this connection I dumped with tcpdump on the server. You can download them here (you have to extract to open them with wireshark): dumpraw.cap.xz
So this is how a "OK" dump looks like. Maximum frame size I spotted is 1514.
Now I ran the test over the tunnel:
iperf3 -c 10.8.0.1
Connecting to host 10.8.0.1, port 5201
[ 4] local 10.8.0.14 port 36388 connected to 10.8.0.1 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 5.96 MBytes 50.0 Mbits/sec 127 133 KBytes
[ 4] 1.00-2.00 sec 5.19 MBytes 43.5 Mbits/sec 6 120 KBytes
[ 4] 2.00-3.00 sec 5.80 MBytes 48.7 Mbits/sec 0 151 KBytes
[ 4] 3.00-4.00 sec 4.27 MBytes 35.9 Mbits/sec 23 96.5 KBytes
[ 4] 4.00-5.00 sec 4.89 MBytes 41.0 Mbits/sec 0 129 KBytes
[ 4] 5.00-6.00 sec 6.11 MBytes 51.2 Mbits/sec 26 111 KBytes
[ 4] 6.00-7.00 sec 5.50 MBytes 46.1 Mbits/sec 0 143 KBytes
[ 4] 7.00-8.00 sec 5.25 MBytes 44.1 Mbits/sec 15 126 KBytes
[ 4] 8.00-9.00 sec 5.80 MBytes 48.7 Mbits/sec 0 158 KBytes
[ 4] 9.00-10.00 sec 3.97 MBytes 33.3 Mbits/sec 22 105 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 52.7 MBytes 44.2 Mbits/sec 219 sender
[ 4] 0.00-10.00 sec 52.3 MBytes 43.8 Mbits/sec receiver
iperf Done.
Whoops. Not so nice anymore. Especially this "Retr" column does not look so good. I assumed this is the tcp retransmit and there should be then something in the dump. We will see that it is not the case :/. CPU is not the bottleneck here because I deactivated enrcyption and authentication. CPU is at 20% at the server and 50% on the PI during the test.
This is how the OpenVPN traffic of the test looks like:
To me this looks okay. But I do not know what to look for. Please have a look at the dump with wireshark: dump_physical.cap.xz
The traffic on the tunnel interface looks good to me, too. It seems that he correctly lowered the frame size (to 1444 as it seems):
Here is the dump: dump_tunnel.cap.xz
To me this looks all fine but I really have no idea what to look for exactly. I really tested everything out with the OpenVPN settings. Maybe someone can tell me if the traffic looks okay.
What I expect as an answer
At least an explanation what is happening here and why it seems to be independent of the VPN software I use. Everything what I found on the internet was about MTU problems but that should be easily fixed by reducing the tunnel MTU or the other parameters of OpenVPN. For me this changes little. When you look at the dump you see that it reduces the tcp segment size and packets are not fragmented. There must be something else. I really like to know what.
Update
I tested this with strongswan and even with softether. It's actually the same problem (comparable speed, no cpu bottleneck). I am really puzzled what is the problem here. I also tried another gateway (RaspberryPi2 on friends 100/100 home connection).
Update 2
I noticed that iperf3 reports tcp retransmits (retr) but there are no retransmits in the dump (Wireshark should highlight them). What is going on?
I even tried OpenVPN on my local Network (RaspberryPi2 to FreebsdServer). Even there I have a lot of retransmits (on LAN?!):
Connecting to host 192.168.222.11, port 5201
[ 4] local 192.168.222.10 port 46196 connected to 192.168.222.11 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 9.19 MBytes 77.0 Mbits/sec 8 141 KBytes
[ 4] 1.00-2.00 sec 8.71 MBytes 73.1 Mbits/sec 3 130 KBytes
[ 4] 2.00-3.00 sec 8.59 MBytes 72.0 Mbits/sec 3 120 KBytes
[ 4] 3.00-4.00 sec 8.65 MBytes 72.5 Mbits/sec 4 108 KBytes
[ 4] 4.00-5.00 sec 8.65 MBytes 72.5 Mbits/sec 4 95.6 KBytes
[ 4] 5.00-6.00 sec 8.52 MBytes 71.5 Mbits/sec 2 80.5 KBytes
[ 4] 6.00-7.00 sec 8.83 MBytes 74.1 Mbits/sec 0 141 KBytes
[ 4] 7.00-8.00 sec 8.59 MBytes 72.0 Mbits/sec 7 106 KBytes
[ 4] 8.00-9.00 sec 8.71 MBytes 73.1 Mbits/sec 3 94.2 KBytes
[ 4] 9.00-10.00 sec 8.59 MBytes 72.0 Mbits/sec 3 79.2 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 87.0 MBytes 73.0 Mbits/sec 37 sender
[ 4] 0.00-10.00 sec 86.8 MBytes 72.8 Mbits/sec receiver
In reverse mode I have a really weird congestion window (wtf?):
Accepted connection from 192.168.222.10, port 46197
[ 5] local 192.168.222.11 port 5201 connected to 192.168.222.10 port 46198
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 5] 0.00-1.00 sec 8.90 MBytes 74.7 Mbits/sec 3 1.48 GBytes
[ 5] 1.00-2.00 sec 8.45 MBytes 70.9 Mbits/sec 2 1.59 GBytes
[ 5] 2.00-3.00 sec 8.66 MBytes 72.7 Mbits/sec 518 214 MBytes
[ 5] 3.00-4.00 sec 7.96 MBytes 66.8 Mbits/sec 37 703 MBytes
[ 5] 4.00-5.00 sec 8.09 MBytes 67.9 Mbits/sec 0 719 MBytes
[ 5] 5.00-6.00 sec 8.04 MBytes 67.5 Mbits/sec 0 734 MBytes
[ 5] 6.00-7.00 sec 8.07 MBytes 67.7 Mbits/sec 1 703 MBytes
[ 5] 7.00-8.00 sec 8.07 MBytes 67.7 Mbits/sec 1 703 MBytes
[ 5] 8.00-9.00 sec 7.99 MBytes 67.1 Mbits/sec 2 693 MBytes
[ 5] 9.00-10.00 sec 8.06 MBytes 67.6 Mbits/sec 1 693 MBytes
[ 5] 10.00-10.09 sec 684 KBytes 64.5 Mbits/sec 0 695 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.09 sec 83.0 MBytes 69.0 Mbits/sec 565 sender
[ 5] 0.00-10.09 sec 0.00 Bytes 0.00 bits/sec receiver
Update 3
Using iperf with udp results in ovh temporary blocking that port (they send me an email informing me about an attack) and massive packet loss:
-----------------------------------------------------------
Server listening on 1194
-----------------------------------------------------------
Accepted connection from 185.22.143.160, port 15906
[ 5] local 149.202.58.183 port 1194 connected to 185.22.143.160 port 4355
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 5] 0.00-1.00 sec 2.89 MBytes 24.2 Mbits/sec 0.727 ms 1017/1387 (73%)
iperf3: OUT OF ORDER - incoming packet = 1409 and received packet = 1470 AND SP = 5
iperf3: OUT OF ORDER - incoming packet = 1410 and received packet = 1471 AND SP = 5
iperf3: OUT OF ORDER - incoming packet = 1411 and received packet = 1472 AND SP = 5
iperf3: OUT OF ORDER - incoming packet = 1445 and received packet = 1473 AND SP = 5
iperf3: OUT OF ORDER - incoming packet = 1463 and received packet = 1473 AND SP = 5
[ 5] 1.00-2.00 sec 3.29 MBytes 27.6 Mbits/sec 0.716 ms 1110/1526 (73%)
[ 5] 2.00-3.00 sec 3.30 MBytes 27.7 Mbits/sec 0.732 ms 1103/1526 (72%)
[ 5] 3.00-4.00 sec 3.27 MBytes 27.4 Mbits/sec 0.717 ms 1108/1526 (73%)
[ 5] 4.00-5.00 sec 1.56 MBytes 13.1 Mbits/sec 0.837 ms 546/746 (73%)
[ 5] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
[ 5] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
[ 5] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
[ 5] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
[ 5] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
[ 5] 10.00-10.06 sec 0.00 Bytes 0.00 bits/sec 0.837 ms 0/0 (-nan%)
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 5] 0.00-10.06 sec 118 MBytes 98.5 Mbits/sec 0.837 ms 4884/6711 (73%)
[SUM] 0.0-10.1 sec 4884 datagrams received out-of-order
Source: (StackOverflow)
Is there anything that enables a "telnet-like" functionality for UDP? I know the difference between TCP and UDP, and why telnet itself won't work - but I'm wondering if there is something similar to the telnet client, from the end-user perspective. E.g. udp-telnet [ip] [sending-port] [receiving-port] which then prints out wether a packet made it back or not.
Having a tool like this would proove helpful for testing out firewall settings for OpenVPN which uses UDP connections.
Source: (StackOverflow)
Most VPN clients distinguish between IPSec and "Cisco IPSec." For example, (Apple's) iOS treats them as essentially separate things.
But I can't find any explanation of what the protocol-level differences are. They may be minor, but there definitely appear to be differences.
Can someone shed light on this? Even just a pointer to a detailed explanation would help a great deal. Thanks!
Source: (StackOverflow)
I have to setup a firewall on a Linux server (all my previous experience is with Windows). My rules are meant to be pretty simple - forbid all, allow some ports with all, allow some ports for specific IP subnets, while the network is small but complex (each host has IPs in at least 2 192.168... nets, everyone can interconnect many different ways). I think using iptables wrappers can overcomplicate the system logically introducing many unnecessary entities and it would be better to keep it simple and use iptables directly.
Can you recommend a good quick intro on how to write iptables rules?
Source: (StackOverflow)
What application do you use on windows to create SSH tunnels
On Linux I use gSTM, and on OSX I have used STM, but I am not able to find any similar free tools on windows.
I don't want to use putty, or plink for these tunnels, because, I am looking for something that will sit in the tray starting stopping tunnels can easily be done by right-clicking. Ideally the configuration will be stored in a text file or something so I can automate the install of the app, keys, and tunnel configuration on a computer using a script.
Free is proffered, but please post information about any good windows SSH tunnel manager.
Source: (StackOverflow)
this should be a really simple one:
In Advanced Windows Firewall on Windows Server 2008+, Properties > Advanced, what does "Edge Traversal" mean?
I Googled it, of course, and was unable to come up with a concrete answer, and I was especially shocked to see the following on Thomas Schinder's blog:
The Edge traversal option is an
interesting one, because it’s not
documented very well. Here’s what the
Help file says:
“Edge traversal This indicates whether
edge traversal is enabled (Yes) or
disabled (No). When edge traversal is
enabled, the application, service, or
port to which the rule applies is
globally addressable and accessible
from outside a network address
translation (NAT) or edge device.”
What do you think this might mean? We
can make services available across a
NAT device by using port forwarding on
the NAT device in front of the server.
Could this have something to do with
IPsec? Could it have something to do
with NAT-T? Could it be that the Help
file writer for this feature didn’t
know either, and made something up
that represented a tautology?
I don’t know what this does, but if I
find out, I’ll make sure to include
this information in my blog.
I appreciate his honesty, but if this guy doesn't know, who does?!
We're having difficulty connecting to a VPN as soon the machine is on the other side of a router, and I was wondering if this might help? So I'm pretty keen to hear a proper description of what "Edge Traversal" does!
Source: (StackOverflow)
The Windows users have a new client "Juniper Pulse" to connect to the Juniper VPN server.
On Linux, what VPN client do we have to connect to that Juniper VPN, with maximum compatibility?
Please mention the necessary parameters that have to be provided.
Source: (StackOverflow)
After having just spent months setting up a fairly complex VPN, I'm beginning to look at alternatives for the future. Some of my network providers use MPLS to connect to us, and I suppose it works fairly well. I know many ATM (automated teller machine) networks use MPLS, which I suppose it a vote of confidence for its security properties.
http://en.wikipedia.org/wiki/MPLS%5FVPN is rather succinct:
"MPLS VPN is a family of methods for
harnessing the power of Multiprotocol
Label Switching (MPLS) to create
Virtual Private Networks (VPNs). MPLS
is well suited to the task as it
provides traffic isolation and
differentiation without substantial
overhead.[citation needed]
Layer 3 MPLS VPN
A layer 3 MPLS VPN, also known as
L3VPN, combines enhanced BGP
signaling, MPLS traffic isolation and
router support for VRFs (Virtual
Routing/Forwarding) to create an IP
based VPN. Compared to other types of
VPN such as IPSec VPN or ATM, MPLS
L3VPN is more cost efficient and can
provide more services to customers."
My question is : how cumbersome / expensive is it to set up an MPLS network? Is it the kind of thing where you can buy the hardware and DIY, or do you really need to go to a service provider? I can get "managed" VPN's for $100/month right now (which I have no idea if this is good or bad), my five partner IPSEC "hairpin" topology thereby costs me 6,000 a year. Would that be better invested in MPLS?
Source: (StackOverflow)
I have a Ubuntu Lucid Lynx VM which I've been tinkering with. I want to set up a VPN and I am happy to learn how to do it on my own but the vastness of options makes my head spin, so I'm just looking for pointers.
Factors I want considered for my setup
- Each user needs personal authentication (not one password for all)
- I want know what OS the client is using (android / iphone other)
- I want to track how much bandwidth is being used by each individual
- Although security is important, it's mainly for bypassing China's great firewall (reach facebook / twitter) so I'm not trying to protect pentagon files. Security is good, as long as it doesn't involve hours of complicated configurations.
- Prevent the same user from using multiple devices to access vpn at the same time
- Any sugggestions?
So my questions are:
- What protocol should i use to be compatible with Android (say 1.6+) and iPhones?
- What administrative software should I use (free preferably but willing to invest a little)?
- What guides / tutorials can you recommend that are a little bit less confusing than this?
Android:
16 IPSec VPN Tunnels
8 L2TP VPN Tunnels (Dial-in: 4, Dial-out: 4)
8 PPTP VPN Tunnels (Dial-in: 4, Dial-out: 4)
- Embedded IPSec & PPTP client/server
- IKE key management
- DES, 3DES and AES encryption for IPSec
- Embedded powerful 3DES accelerator
- MPPE Encryption for PPTP
- L2TP within IPSec
- L2TP/PPTP/IPSec pass-through
iPhone
- L2TP / IPSec
- MSChapV2 Password
- RSA SecurID
- CRYPTOCard
- PPTP
- MSChapV2 Password
- RSA SecurID
- CRYPTOCard
- Cisco IPSec VPN
- Password
- RSA SecurID
- CRYPTOCard
- Certificate
NOTES
- I'll be sure to add a bounty after the 2 day period, hope this question can help other people who would like to create a similar setup.
- The title of this question is not that great, feel free to edit
- I don't need all answers answered any pointers would help :)
Source: (StackOverflow)
I use Hyper-V on a development machine for multiple reasons and one of my biggest annoyances is that I can't cut and paste to/from the virtual machines.
I've been through all the options and can't find anything that seems like it would allow this. Does anyone have any good solutions?
I have considered connecting via RDP to the VM instead of using the VPN Client, but one of my VMs is primarily used to connect via VPN to another network, and when I tried to RDP into that machine and then connect to the VPN (using Cisco AnyConnect), I got an error saying I could not connect to the VPN through an RDP session).
Source: (StackOverflow)
I have a Windows 7 PC on our company network (which is a member of our Active Directory). Everything works fine until I open a VPN connection to a customer's site.
When I do connect, I lose network access to shares on the network, including directories such as 'Application Data' that we have a folder redirection policy for. As you can imagine, this makes working on the PC very difficult, as desktop shortcuts stop working, software stops working properly due to having 'Application Data' pulled from under it.
Our network is routed (10.58.5.0/24), with other local subnets existing within the scope of 10.58.0.0/16. The remote network is on 192.168.0.0/24.
I've tracked the issue down to being DNS related. As soon as I open the VPN tunnel, all my DNS traffic goes via the remote network, which explains the loss of local resources, but my question is, how can I force local DNS queries to go to our local DNS servers rather than our customers?
The output of ipconfig /all when not connected to the VPN is below:
Windows IP Configuration
Host Name . . . . . . . . . . . . : 7k5xy4j
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : F0-4D-A2-DB-3B-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9457:c5e0:6f10:b298%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.58.5.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 31 January 2012 15:55:47
Lease Expires . . . . . . . . . . : 10 February 2012 10:11:30
Default Gateway . . . . . . . . . : 10.58.5.1
DHCP Server . . . . . . . . . . . : 10.58.3.32
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AC-76-2D-F0-4D-A2-DB-3B-CA
DNS Servers . . . . . . . . . . . : 10.58.3.32
10.58.3.33
NetBIOS over Tcpip. . . . . . . . : Enabled
This is the output of the same command with the VPN tunnel connected:
Windows IP Configuration
Host Name . . . . . . . . . . . . : 7k5xy4j
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
PPP adapter Customer Domain:
Connection-specific DNS Suffix . : customerdomain.com
Description . . . . . . . . . . . : CustomerDomain
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.85(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.16
192.168.0.17
Primary WINS Server . . . . . . . : 192.168.0.17
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : F0-4D-A2-DB-3B-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9457:c5e0:6f10:b298%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.58.5.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 31 January 2012 15:55:47
Lease Expires . . . . . . . . . . : 10 February 2012 10:11:30
Default Gateway . . . . . . . . . : 10.58.5.1
DHCP Server . . . . . . . . . . . : 10.58.3.32
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AC-76-2D-F0-4D-A2-DB-3B-CA
DNS Servers . . . . . . . . . . . : 10.58.3.32
10.58.3.33
NetBIOS over Tcpip. . . . . . . . : Enabled
Routing table
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.58.5.1 10.58.5.89 20
10.58.5.0 255.255.255.0 On-link 10.58.5.89 276
10.58.5.89 255.255.255.255 On-link 10.58.5.89 276
10.58.5.255 255.255.255.255 On-link 10.58.5.89 276
91.194.153.42 255.255.255.255 10.58.5.1 10.58.5.89 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 192.168.0.95 192.168.0.85 21
192.168.0.85 255.255.255.255 On-link 192.168.0.85 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.58.5.89 276
224.0.0.0 240.0.0.0 On-link 192.168.0.85 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.58.5.89 276
255.255.255.255 255.255.255.255 On-link 192.168.0.85 276
The binding order for the interfaces is as follows:
I've not configured the VPN tunnel to use the default gateway at the remote end, and network comms to nodes on both networks are fine. (i.e. I can ping any node on our network or the remote network).
I've modified the PPTP connection properties to use the DNS servers 10.58.3.32 followed by 192.168.0.16, yet the query still goes to 192.168.0.16.
Edit:
The local resources that disappear are hosted on domain DFS roots, which might (or might not) be relevant.
Further Edit:
This only seems to be affecting domain DFS roots. If I reference the share via the server name (i.e. \\server\share instead of \\dfsroot\share), I can access the shares.
As per my comment against this answer, I've found I can add the DNS name of the domain to my hosts file which stops my (DFS) network drives from disappearing, but I'd still like the bold part of my question (above) answering if anyone has any ideas.
Source: (StackOverflow)
I want to set up a VPN on a remote server to route all my Internet traffic for privacy reasons. I can set up an incoming connection and connect to it successfully. The problem is, I can just see the remote computer and no other Web sites will open. I want the remote server to act like a NAT. How can I do that?
Note that I don't want to split Internet traffic. I actually want to send all the traffic to the remote server but need to make it relay the traffic.
For the record, my remote server is Windows Web Server 2008 which does not have routing and remote access service.
Clarification
I'm mostly interested in server configuration. I don't have any problems configuring the client. By the way, Windows Web Server 2008 seems to have the same VPN features built in client OSes (like Vista) and specifically, it doesn't include the RRAS console in MMC. I'm also open to suggestions regarding third party PPTP/L2TP daemons available, if they are free.
Source: (StackOverflow)