Jan M. Coenen 1 Reputation point

I want to use LT2P/IPsec to connect a Windows 10 client over the internet to a Windows 2019 server. After connecting, the client should still be able to browse the internet. The client needs access to the server's disks (Drive mappings) and to a service running on a port.

So I've set up the VPN according to the documentation (and help sites in order to access the server behind a NAT router) and conection is fine. The client is able to connect and access the desired server resources, but has no more internet access.

I found a help article suggesting to disable the 'use default router' check box on the client's VPN interface and to add a route using 'route -p add mask (where is the first address of the configured VPN address range on the server). Doing this enabled the client to access internet, but network drives couldn't be mapped any more.

I found out that opening incoming UDP 139 on the Windows Firewall on the client machine makes it run. Now I can connect and map network drives and browse the internet, but I cant address the service on the server anymore, as the server has the IP address and that is searched (and not found) on the local network now.

So what changes can I apply to get the desired results? I guess I could address the destination network router IP and forward the service port to the server. But that traffic wouldn't go through the secure VPN tunnel, which I want.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,321 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,244 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,156 Reputation points

    Hello @Jan M. Coenen

    It is normal the need to open specific ports for your VPN tunneling, since that's a different connection rather than your Local Area. I would also recommend the next ones to ensure the proper communication between machines in the same network:

    RPC EPM TCP 135
    RPC over HTTPS TCP 593
    SMB (for named pipes) TCP 445

    Hope this helps with your query,


    --If the reply is helpful, please Upvote and Accept as answer--