Windows Server Essentials 2016 VPN Access

By M_Lyons10
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

M_Lyons10

Posted
Posted (edited)

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I have read that like 3 times - can not make heads or tails other than your having problem..

 

You have a VPN router, and your trying to run VPN on your server?  Drawing would go a long way here!!!

Grand Master

Circaflex

Posted
Posted
1 hour ago, M_Lyons10 said:

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Just to make sure I am reading this correctly, your issue is that while connected to the VPN you cannot access your server through explorer? If you connect to the VPN and use explorer, can you manually access the server by say entering \\servername or \\ip-of-surver? Do you have "Use default gateway on remote network." enabled or disabled?

Grand Master

M_Lyons10

Posted
  • Author
Posted

I'm sorry it took me so long to get back to this, I wanted to try to explain it better.

 

Now, my prior setup was like this.  I had a VPN router (SSL VPN to be specific) that was connected to the server (which was running WIndows Server 2003).  Remote computers would connect to the VPN Router and would then have access to any resources on the server just as they would if they were in the office (SQL Server databases, documents, etc.).  This worked extremely well.

 

Recently I upgraded the server to a Windows Server 2016 Essentials machine.  I have SQL Server up and running and I have set up shared storage for various things.  Now, whe we are in the office, we have access to all of these shared resources.  We have access to the SQL Server databases, we have access to and are able to save files back to the server's storage, etc.  However, when I connect remotely to the VPN Router, I do not have access to any of the resources on the server.  I don't have access to SQL Server or any of the storage.  When I try to browse to the server in file explorer, it can't find the server.  Even though, I'm connected to the same router that the office itself uses.

 

Now, it makes no sense to me why this would not be working, and didn't know if there's a setting on the server that would somehow prevent this?  But I see no reason why it shouldn't work. 

 

I also saw that Windows Server 2016 Essentials has a remote vpn setup where the server would handle all of this, but in reading through it, it looks like it requires the Windows Server Essentials Connector to be installed, which I have been unable to get working.  During initial setup, I got two computers to connect using the Connector, while two other computers were rendered unable to boot and required Windows to be reinstalled...  I'm not sure what the issue is with Connector, but I can't risk going through that again...

I hope that explains things better.  If I've left anything important out, please let me know and I will fill in the blanks.

 

Thanks again everyone for your help.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/16/2018 at 10:08 AM, BudMan said:

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

I've attached a drawing of the network.  It's really not a complex setup at all.

There aren't multiple routers.  These computers remoting in are not on different networks.  The VPN Router is a Vigor product from Draytek and shows these remote computers as being connected (these computers recognize that they are connected as well).  However they do not have access to resources on the server.

 

The server is hard wired to the router.

 

All computers are wireless (when local) and connected through the internet (when remote).

 

I hope this helps my explanation make sense.

 

CCI09202018.jpg

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
13 hours ago, M_Lyons10 said:

connected (these computers recognize that they are connected as well).

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/21/2018 at 6:30 AM, BudMan said:

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Connected to the network.  Connected to the router.  Connected to other computers on the network.

 

Nothing in the entire setup changed other than the Server.  The router is the same, the computers are the same.  Every computer is able to connect to the router both locally and through VPN.  They just can't connect to the server when working remote.

 

I will log in remotely and get you the ip addresses and everything, but the computers are connecting to the router without any issue whatsoever. 

 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By Jaybonaut · Posted

      Neowin shudders at the many, many posts from users that block their ads
    • Hi my name is Olivia and I am from Australia

      By Accuphase · Posted

      I'm from Australia. This posts reeks of a Nigerian scammer.
    • Apple finally brings the slider for Liquid Glass and many other changes

      By WAR-DOG · Posted

      It's funny that iPhone users think they are getting feature, where in fact they are getting cosmetics that just do iteration circles of "improvement" of the said cosmetics. Apple just doesn't know what to do with this product anymore. There is no innovation on this areas anymore.
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By olympus1 · Posted

      You can disable the bloat on every browser. That's not the point. I will never use a browser of a shady company. I don't trust them at all. I can still find adblocking solutions than having to rely on a browser from a shady company. Every year they try something shady lol 2016: Brave Ad Replacement https://archive.is/W0k4j#selection-203.7-203.28 2016: pay-to-win Wikipedia clone into the default search engine list https://github.com/brave/browser-laptop/issues/5475 2018: Tom Scott and other creators noticed Brave was soliciting donations in their names without their knowledge or consent. https://www.reddit.com/r/brave...aims_that_brave_is_falsely/ 2020: Brave got caught injecting URLs with affiliate codes https://www.theverge.com/2020/...-crypto-privacy-ceo-apology 2021: Brave's TOR window was found leaking DNS queries https://www.zdnet.com/article/...n-addresses-in-dns-traffic/ 2022: Brave floated the idea of further discouraging users from disabling sponsored messages. https://github.com/brave/brave-browser/issues/22066 2023: Brave got caught installing a paid VPN service on users' computers without their consent. https://www.xda-developers.com...owser-installs-vpn-windows/ 2023: Brave got caught scraping and reselling people's data with their custom web crawler, which was designed specifically not to announce itself to website owners. https://stackdiary.com/brave-s...ghted-data-for-ai-training/ 2024: Brave gave up on providing advanced fingerprint protection, citing flawed statistics https://www.bleepingcomputer.c...tion-as-it-breaks-websites/ 2025: Brave staff publish an article endorsing PrivacyTests and say they "work with legitimate testing sites" like them. This article fails to disclose PrivacyTests is run by a Brave Senior Architect! https://brave.com/blog/adblock...esting-websites-harm-users/
    • Alpine Linux 3.24 released with support for COSMIC Desktop and other improvements

      By David Uzondu · Posted

      Alpine Linux 3.24 released with support for COSMIC Desktop and other improvements by David Uzondu Alpine Linux 3.24 has been released with updated system packages, including Linux kernel 6.18 and Rust 1.96. The team also added IPv6 support to the system installer, and they introduced automatic serial console configuration for headless setups. System76's COSMIC desktop environment is now available in the community repo. System76 originally started building this DE because its developers found GNOME to be pretty limited. Plus, it did not help that with virtually every GNOME update, the changes broke System76's custom desktop extensions. As for system packages, the Alpine team moved GTK+ 3.0 from the main repository to the community repository due to its legacy status. py3-setuptools has been upgraded to version 82.0.0, while the old pkg_resources module has been completely dropped. The team also removed outdated packages that still relied on py3-six and GTK+ 2.0. In addition to that, libsoup 2 has been removed because the library was affected by multiple security vulnerabilities. If you're a GRUB user, the Alpine Team said that you must manually run the grub-install command with your specific device or EFI options right after upgrading your system, otherwise, your computer may fail to boot properly with the newly updated GRUB 2.14 bootloader. New installations of Alpine Linux now offer an optional path to a /usr-merged directory layout if you set the BOOTSTRAP_USR_MERGED environment variable to 1 before you execute the setup-disk command. If you already run an older installation, you can migrate manually by installing the merge-usr package and executing its binary as the root user. The team recommends this layout to align Alpine with modern Linux standards, though you should verify your custom scripts before making the switch. Alpine Linux is a pretty tiny (~5MB) Linux distro built around musl libc, BusyBox, and OpenRC. It's been around since 2005, comes with its own package manager called Alpine Package Keeper (APK), and is widely used in modern cloud computing and software deployment.

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      511
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      134
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!