Microsoft VPN issues

By rnewman ·
I am a seasoned IT professional, but never, until now, set up microsoft's VPN using the routing and remote access program. While it was relatively simple to set up, a number of issues arose that I'd like to ask for some help on:

1. Once connected to the corporate network via VPN, ALL IP traffic travels through the VPN by default. That's ok, but my lcal workstation still queries the local DNS server (the one configured in my NIC card properties) NOT any of the DNS servers on the corporate network. How do I force DNS resolution over the tunnel, while keeping the configuration simple enough for my users to set up?

2. As soon as I turn on the RRAS service on the server, a block of IP addresses gets taken from the local DHCP servers address pool, even if NO client has connected yet. Is there a way to make the RAS server only take 1 address at a time from the local DHCP server? Or can I make it NAT, and use a different subnet, so that I don't use up the IP pool so quickly?

The network is a Windows 2003 AD Domain, with 2 DC's at the corporate office site. The corporate office subnet is, class C mask. The VPN is set up on one of the DC's, which has a single NIC in it, and a public IP mapped to it with the apporpriate ports forwarded.

Any body know about this dns thing>


Bob Newman

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Re: Microsoft VPN Isues

by Howard.Hooper In reply to Microsoft VPN issues

Hi Bob,

To answer question 2 in your post, you can modify the registry key 'InitialAddressPoolSize' in the registry here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IP
The default value is 10 but can be set to any size.

Unfortunately I too have not seen the error you are having with DNS and VPN clients unless your server is picking up DNS addresses through DHCP, however the following links should hopefully give you some more information;;en-us;243374

Hope this helps


Collapse -

Thanks for your suggestion.

by rnewman In reply to Re: Microsoft VPN Isues


I'll give this a try today, and see what happens. I very much appreciate your response.

I'll look at the articles too, in the hopes of getting some additional insight.

Check out your reply however, as the registry key name you posted was cut off by the window pane ....

Collapse -

Here's what i found

by rnewman In reply to Re: Microsoft VPN Isues


I couldnt find the value (not a key) you spoke of, but when google searched I found just what I needed.

Your post was cut off, so I didn't know the value was in the "IP" subkey of the "parameters" key, but again the articles pointed me in the right direction.

I have another question though......

What I have been trying to do is setup remote access for corporate clients to the network. My concern was with the use of IP's from the local DHCP server, and that's why I asked the question.

So here's my new question:

If I set up a static IP pool on the RAS server, and used a different subnet, like, would the clients that connect to the VPN server still be able to access the corporate network servers on the subnet, without making any more changes?


Collapse - Common subnet

by Churdoo In reply to Here's what i found

With your corp network being, and with so many home-based routers factory defaulting to the same network, I sense trouble. Since a lot of your home users won't know to change their soho router off of its factory default network, you'll likely have users on a trying to vpn into your network, which of course won't work, even if you're assigning their VPN client a IP -- having nothing to do with your DHCP or DNS questions.

Can you renumber your corp network to something that 80+% of home users will not be on? Otherwise you'll potentially be getting support calls from home users and will have to walk them all through reconfiguring their home routers to different subnets for them to VPN in.

But to answer your question about assigning IP's to VPN clients and accessing the network, it won't be that simple, you would then have to set up persistent routes in the server between the two subnets. If you don't want to take from your DHCP pool, do you have static IP space outside of your DHCP pool, but within your production 24-bit network that you can allocate to the VPN clients?

Collapse -

Question 1, DNS resolution over VPN

by Churdoo In reply to Microsoft VPN issues

Re: the problem of DNS resolver for VPN clients, when configuring the VPN client on a given remote workstation, I go into the VPN connection properties / Networking / TCP/IP / Properties and set the DNS server and search domain. It's a one-time setup which you can put in the instruction sheets for the clients, and it's only in effect when the client VPN is connected. I have found no way to pass this info automatically from the server to VPN clients.

Collapse -


by rnewman In reply to Question 1, DNS resolutio ...

Sounds simple, but sometimes those things are staring you right in the face and you dont see them.

I'll let you know how things work out.

Related Discussions

Related Forums