Windows Server Essentials 2016 VPN Access

[M_Lyons10]

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

[+BudMan MVC]

I have read that like 3 times - can not make heads or tails other than your having problem..

 

You have a VPN router, and your trying to run VPN on your server?  Drawing would go a long way here!!!

[Mindovermaster Moderator]

I believe, If you have a VPN router, your VPN is already on your server. You manage it from your router.

 

But like BudMan... ?

[Circaflex]

1 hour ago, M_Lyons10 said:

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Just to make sure I am reading this correctly, your issue is that while connected to the VPN you cannot access your server through explorer? If you connect to the VPN and use explorer, can you manually access the server by say entering \\servername or \\ip-of-surver? Do you have "Use default gateway on remote network." enabled or disabled?

[M_Lyons10]

Sorry if I was unclear. I will try to explain better later today.

 

Thanks everyone for your help.

[M_Lyons10]

I'm sorry it took me so long to get back to this, I wanted to try to explain it better.

 

Now, my prior setup was like this.  I had a VPN router (SSL VPN to be specific) that was connected to the server (which was running WIndows Server 2003).  Remote computers would connect to the VPN Router and would then have access to any resources on the server just as they would if they were in the office (SQL Server databases, documents, etc.).  This worked extremely well.

 

Recently I upgraded the server to a Windows Server 2016 Essentials machine.  I have SQL Server up and running and I have set up shared storage for various things.  Now, whe we are in the office, we have access to all of these shared resources.  We have access to the SQL Server databases, we have access to and are able to save files back to the server's storage, etc.  However, when I connect remotely to the VPN Router, I do not have access to any of the resources on the server.  I don't have access to SQL Server or any of the storage.  When I try to browse to the server in file explorer, it can't find the server.  Even though, I'm connected to the same router that the office itself uses.

 

Now, it makes no sense to me why this would not be working, and didn't know if there's a setting on the server that would somehow prevent this?  But I see no reason why it shouldn't work. 

 

I also saw that Windows Server 2016 Essentials has a remote vpn setup where the server would handle all of this, but in reading through it, it looks like it requires the Windows Server Essentials Connector to be installed, which I have been unable to get working.  During initial setup, I got two computers to connect using the Connector, while two other computers were rendered unable to boot and required Windows to be reinstalled...  I'm not sure what the issue is with Connector, but I can't risk going through that again...

I hope that explains things better.  If I've left anything important out, please let me know and I will fill in the blanks.

 

Thanks again everyone for your help.

[+BudMan MVC]

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

[M_Lyons10]

On 9/16/2018 at 10:08 AM, BudMan said:

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

I've attached a drawing of the network.  It's really not a complex setup at all.

There aren't multiple routers.  These computers remoting in are not on different networks.  The VPN Router is a Vigor product from Draytek and shows these remote computers as being connected (these computers recognize that they are connected as well).  However they do not have access to resources on the server.

 

The server is hard wired to the router.

 

All computers are wireless (when local) and connected through the internet (when remote).

 

I hope this helps my explanation make sense.

 

[+BudMan MVC]

13 hours ago, M_Lyons10 said:

connected (these computers recognize that they are connected as well).

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

[M_Lyons10]

On 9/21/2018 at 6:30 AM, BudMan said:

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Connected to the network.  Connected to the router.  Connected to other computers on the network.

 

Nothing in the entire setup changed other than the Server.  The router is the same, the computers are the same.  Every computer is able to connect to the router both locally and through VPN.  They just can't connect to the server when working remote.

 

I will log in remotely and get you the ip addresses and everything, but the computers are connecting to the router without any issue whatsoever. 

 

[+BudMan MVC]

And as I sated before its prob your new servers firewall!! Out of the BOX windows does NOT allow access from an IP different than its local network.