WinSrv2019 VPN server : VPN clients have issues with routing

Laurent F 1 Reputation point
2021-06-30T15:17:40.54+00:00

Hello,

VPN clients connected to my WinSrv2019 RRAS server can't reach another computer on the same LAN as the VPN server.
(VPN Server with one interface card).

Here is the configuration
My LAN is 172.22.200.0/22, which corresponds to addresses 172.22.200.1 - 172.22.203.254 (subnet mask 255.255.252.0)
The VPN server IP address is 172.22.200.5.
The IP range for VPN clients is 172.22.201.1 to 172.22.201.10 (so they get LAN addresses)

Authentication works fine (IKE + NPS Radius server)

The VPN server internal network interface gets 172.22.201.1 IP address
The first VPN client connected gets 172.22.201.2

The VPN client is able to ping 172.22.201.1
The VPN client is able to ping 172.22.200.5 (LAN Interface of the VPN server)
But the VPN client has no answer while pinging 172.22.200.4, which is another server (firewall off...) on the same LAN as the VPN server.
With wireshark installed on the VPN server I can see ICMP request going out to 172.22.200.4, but no answer.

IP forwarding is enabled on the VPN server.

I can't understand what happens, and I already lost hours on this issue.

Any help will be appreciated and welcome :)

Laurent

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,315 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sunny Qi 10,941 Reputation points Microsoft Vendor
    2021-07-01T06:38:10.27+00:00

    Hi,

    Welcome to Q&A platform.

    My understanding is your VPN client can obtain LAN IP address from VPN server and can ping VPN server with the LAN IP successfully but cannot ping the server (172.22.200.4) in the same LAN as VPN server successfully. And from the Wireshark result, you found that the ICMP request was sent to the server with IP 172.22.200.4 but cannot get the corresponded response for this device. Please correct me if there is any misunderstanding.

    Before we go further, I would like to confirm the following questions with you:

    Can the VPN client ping the another device in the same LAN successfully?

    Is there any anti-virus software between the VPN client and the server with IP 172.22.200.4? If yes, please try to temporarily the third-party software to see if the issue still existed.

    Or please try to disable Windows Firewall on servers and clients simultaneously to see if the issue still existed.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments