Windows Server Essentials 2016 VPN Access

By M_Lyons10
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

M_Lyons10

Posted
Posted (edited)

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I have read that like 3 times - can not make heads or tails other than your having problem..

 

You have a VPN router, and your trying to run VPN on your server?  Drawing would go a long way here!!!

Grand Master

Circaflex

Posted
Posted
1 hour ago, M_Lyons10 said:

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Just to make sure I am reading this correctly, your issue is that while connected to the VPN you cannot access your server through explorer? If you connect to the VPN and use explorer, can you manually access the server by say entering \\servername or \\ip-of-surver? Do you have "Use default gateway on remote network." enabled or disabled?

Grand Master

M_Lyons10

Posted
  • Author
Posted

I'm sorry it took me so long to get back to this, I wanted to try to explain it better.

 

Now, my prior setup was like this.  I had a VPN router (SSL VPN to be specific) that was connected to the server (which was running WIndows Server 2003).  Remote computers would connect to the VPN Router and would then have access to any resources on the server just as they would if they were in the office (SQL Server databases, documents, etc.).  This worked extremely well.

 

Recently I upgraded the server to a Windows Server 2016 Essentials machine.  I have SQL Server up and running and I have set up shared storage for various things.  Now, whe we are in the office, we have access to all of these shared resources.  We have access to the SQL Server databases, we have access to and are able to save files back to the server's storage, etc.  However, when I connect remotely to the VPN Router, I do not have access to any of the resources on the server.  I don't have access to SQL Server or any of the storage.  When I try to browse to the server in file explorer, it can't find the server.  Even though, I'm connected to the same router that the office itself uses.

 

Now, it makes no sense to me why this would not be working, and didn't know if there's a setting on the server that would somehow prevent this?  But I see no reason why it shouldn't work. 

 

I also saw that Windows Server 2016 Essentials has a remote vpn setup where the server would handle all of this, but in reading through it, it looks like it requires the Windows Server Essentials Connector to be installed, which I have been unable to get working.  During initial setup, I got two computers to connect using the Connector, while two other computers were rendered unable to boot and required Windows to be reinstalled...  I'm not sure what the issue is with Connector, but I can't risk going through that again...

I hope that explains things better.  If I've left anything important out, please let me know and I will fill in the blanks.

 

Thanks again everyone for your help.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/16/2018 at 10:08 AM, BudMan said:

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

I've attached a drawing of the network.  It's really not a complex setup at all.

There aren't multiple routers.  These computers remoting in are not on different networks.  The VPN Router is a Vigor product from Draytek and shows these remote computers as being connected (these computers recognize that they are connected as well).  However they do not have access to resources on the server.

 

The server is hard wired to the router.

 

All computers are wireless (when local) and connected through the internet (when remote).

 

I hope this helps my explanation make sense.

 

CCI09202018.jpg

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
13 hours ago, M_Lyons10 said:

connected (these computers recognize that they are connected as well).

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/21/2018 at 6:30 AM, BudMan said:

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Connected to the network.  Connected to the router.  Connected to other computers on the network.

 

Nothing in the entire setup changed other than the Server.  The router is the same, the computers are the same.  Every computer is able to connect to the router both locally and through VPN.  They just can't connect to the server when working remote.

 

I will log in remotely and get you the ip addresses and everything, but the computers are connecting to the router without any issue whatsoever. 

 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Instagram now lets you manually reorder posts on your profile grid

      By David Uzondu · Posted

      Instagram now lets you manually reorder posts on your profile grid by David Uzondu Instagram is finally rolling out the ability to customize your feed layout as you see fit by letting you reorder posts on your profile grid. This feature comes several months after the app introduced a tool that lets users rearrange photos and videos within a carousel post after it has already been published. To do that, people tap the three-dot menu in the top right corner of the post, select the edit option, and reorganize their slides. Now that Instagram has expanded the feature to your profile grid, you can organize your main page without deleting old uploads. To use the new system, you simply tap any picture on your grid and select the option to reorder. This action opens up a separate screen where you can freely drag your grid items around until you get your preferred aesthetic, and then you just hit the back button to save your changes. Instagram's Threads account posted that the system would reach accounts starting this week, so you might need to wait for the automatic update to hit your phone. https://www.threads.com/@instagram/post/DZVV_fyjjSW In other Instagram news, last week, people figured out that if you ask Meta's AI support assistant to hand over any Instagram account, the bot will actually hand it over (even if the victim's account had 2FA enabled). The security exploit involved the assistant accepting prompts from users and generating password reset links for unauthorized email addresses. Meta said that the issue has now been fixed, but this came after the issue affected several high-profile accounts, including @obamawhitehouse. Last month, the company finally rolled out paid subscription tiers for WhatsApp and other Meta social platforms after months of testing. WhatsApp Plus costs $2.99 a month and gives you custom themes, while Instagram Plus and Facebook Plus cost $3.99 a month for extra profile customization and story rewatch counters. Meta's also working on Meta One, a unified subscription service that contains options for heavy users of its servers who want more reach or advanced features. For instance, Meta One Essential ($14.99/mo) comes with a verified badge and impersonation protection. If you pay for Meta One Premium ($19.99/mo), you get deeper AI reasoning tools, whereas the Meta One Advanced ($49.99/mo) tier increases your search placement (on Facebook and Instagram) and visibility.
    • Hi my name is Olivia and I am from Australia

      By cleverclogs · Posted

      Hello mysterious lamborghiniv10, I was in Australia and... now I'm in the Netherlands. 
    • EU says Meta must restore rival chatbots' access to WhatsApp

      By Hamid Ganji · Posted

      EU says Meta must restore rival chatbots' access to WhatsApp by Hamid Ganji The European Commission has ordered Meta to restore third-party AI chatbots’ access to WhatsApp after the tech giant decided to block them from operating on the popular messaging platform. After Meta banned rival AI chatbots from operating on WhatsApp, the European Commission launched an antitrust investigation to determine whether the company had abused its market dominance. As a result of Meta’s decision, third-party AI chatbots, including Microsoft’s Copilot and OpenAI’s ChatGPT, were prevented from operating on WhatsApp. At the time, Meta said it wanted to reserve the WhatsApp Business API for other types of businesses and did not allow rival chatbots to use it. This effectively prevented the WhatsApp ecosystem from being used to distribute rival chatbot services. However, the European Commission has now announced an interim measures decision requiring Meta to restore access to WhatsApp for rival general-purpose AI assistants on the same terms and conditions as before October 15, 2025. The Commission has also asked Meta to maintain that access until the antitrust investigation is concluded. The Commission argues that Meta has used its dominant market position to prevent rival AI chatbots from accessing the WhatsApp Business API. While Meta allowed rival services to return to WhatsApp by paying a fee, the European Commission still considers that arrangement to be a de facto access ban. According to EU antitrust chief Teresa Ribera, the fees introduced by Meta are so high that using WhatsApp is no longer economically sustainable for competitors. “It seems that Meta expects to leverage the vast reach and likely dominance of WhatsApp to benefit its own AI assistant and to foreclose rivals,” Ribera said. “We cannot let large digital incumbents leverage their dominance of the past to dictate who in Europe gets to compete and who gets to innovate in AI.”
    • Save 31% on Samsung T7 Portable SSD

      By +Warwagon · Posted

      A few years ago walmart had the 512 models on clearance for $35. I bought 3 of them. I should have purchased more.
    • Should Microsoft be forced to stop promoting Edge over other browsers?

      By +virtorio · Posted

      I'm fine with a little reasonable promotion of Edge, but the degree which they do it right now I consider extremely unreasonable. 

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      134
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!