VPN on Windows VPS

[ronvps]

Hello,

I have a Windows VPS account. I'm trying to set it up as a VPN server. Using remote desktop, under Manager my server, I started the Routing and Remote Access service and gave one user the permission to dial-in. For the time-being, I created a static IP pool (say 192.168.20.1 to 192.168.20.5). When I try to connect to the VPN from my client machine (WinXP), using the New connections under Control Panel, I am able to connect to the VPN successfully and am assigned the 192.168.20.x IP successfully. I'm able to ping my VPS IP address and RDP to it. But I am unable to browse the Internet while connected to the VPN.

I would like all my Internet traffic to go through the VPS and not by unchecking the "Use default gateway on remote network" and use my VPS IP while browsing the Internet. Does anyone have any ideas on how I can do this?

Thanks !

[Gwaihir]

You can't, not within the TOS at least. You're not allowed to use JagPC hosting as a proxy. I guess they don't want the potential fuss of sorting out abuse questions.

[ronvps]

Thanks Gwaihir, We have no intention of using the server as a public proxy. Infact, even if only ONE connection can be made to the server at a time, that is perfectly acceptable.

Irrespective of the TOS, and possibly from a purely academic sense, I would love to try to make such a thing work if possible. If JPC's TOS are a problem, I can always have another account elsewhere where the TOS would not be a problem, or perhaps switch to a different configuration at JPC where such terms are omitted.

The main thing is - Is the thing I mentioned in my earlier post even possible on such a VPS configuration? If yes, can anyone guide me how so?

[Pawel Kowalski]

Can you post the IP config for your VPN connection here (ipconfig /all)? I have no problem with browsing the internet when using a VPN gateway on my end.

[Gwaihir]

The main thing is - Is the thing I mentioned in my earlier post even possible on such a VPS configuration?

On a shared account, they've done what they can to make any proxying technically impossible. So, I would imagine they've done the same on the VPSses. I.e. it may well be that your VPS has come with some piece of this particular puzzle purposefully missing or altered. It should help that you have root access to install whatever you need, but it would still be quite a puzzle to solve.

My guess is that only the most senior technical staff has any clue about what technical obstacles are in place to hamper this form of proxying. I doubt they have any time or interest in telling you..

BTW: AFAIK the TOS rules out all forms of proxying, not just public proxying.

Pawel: do you browse the internet over the VPN connection, i.e. tunnel all over the VPN, or do you use the VPN only to access a particular (intra)network? You can check by going to a place like whatismyip.com and verify what address shows up.

[Pawel Kowalski]

I did a trace route and now double checked with whatsmyip, I am using the VPN server as a proxy for all internet activity. I don't think Jag would have anything in place to block any kind of vpn traffic, if they do they probably shouldn't. There are plenty of legitimate reasons for doing something like this.

[ronvps]

Here's the ipconfig for the VPN connection..I used the WinXP Network connections VPN client to connect...my connection name is TestVPN here.
Thanks.

PPP adapter TestVPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.3
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.20.3
DNS Servers . . . . . . . . . . . : 69.73.181.168
69.73.181.166

Can you post the IP config for your VPN connection here (ipconfig /all)? I have no problem with browsing the internet when using a VPN gateway on my end.

[ronvps]

I tried contacting JPC support to find a solution to my problem earlier. Although I didn't really get a solution, it didn't seem like they were against my idea and the L1 support actually tried to make it work.
You're probably right that the more senior technical staff may have the knowledge to make this work for me quickly, and they are not very interested in telling me...which is why I'm on the forums now. I've noticed earlier attempts on this forum too to accomplish the similar task, but to no avail (infact there were hardly any replies at all). So hopefully, if there is a way, this thread could act as some sort of guide.

On a shared account, they've done what they can to make any proxying technically impossible. So, I would imagine they've done the same on the VPSses. I.e. it may well be that your VPS has come with some piece of this particular puzzle purposefully missing or altered. It should help that you have root access to install whatever you need, but it would still be quite a puzzle to solve.

My guess is that only the most senior technical staff has any clue about what technical obstacles are in place to hamper this form of proxying. I doubt they have any time or interest in telling you..

BTW: AFAIK the TOS rules out all forms of proxying, not just public proxying.

Pawel: do you browse the internet over the VPN connection, i.e. tunnel all over the VPN, or do you use the VPN only to access a particular (intra)network? You can check by going to a place like whatismyip.com and verify what address shows up.

[ronvps]

Hi Pawel,
Are you using a Windows VPS?
If yes, are you using RRAS (Routing & Remote Access Service)?
If yes, more questions will come your way in future posts.
If no, well..more questions will still come your way in future posts.

I did a trace route and now double checked with whatsmyip, I am using the VPN server as a proxy for all internet activity. I don't think Jag would have anything in place to block any kind of vpn traffic, if they do they probably shouldn't. There are plenty of legitimate reasons for doing something like this.

[Pawel Kowalski]

My windows servers aren't hosted here on Jag. but I have this configuration set up for various clients and have no issues with it. Yes, in the case I pointed to I am using RRAS under win2003.

You are using your server's external IP to lookup DNS records. That could very well be your problem. While connected to your VPN try pinging my web site's IP: 69.73.187.90 by going to your command prompt and typing ping 69.73.187.90. Let me know if you get a reply back, if you do you need to change your DNS settings for your VPN connection. If your server has a DNS server installed you will need to use your server's private interface for your dns server instead of the public interface which you are using.

[ronvps]

The JagPC VPS too has Win 2003 server SP2 (Enterprise Ed)..

It doesnt seem to be a DNS error. I tried pinging the IP you gave me when connected to the VPN and it didn't ping. I had tried changing the DNS servers in the connections TCP/IP properties earlier to some public DNS servers, but to no avail.

I guess the VPS isn't setup to route the traffic coming from the VPN to the external network and back. Probably some routing table needs to be set up on the server?

Also, another strange thing that I've ignoring and never bothered to even try to debug...when I open the RRAS page, I always get this error msg box:
Remote access policies error - An error occurred while trying to make a connection to the datastore.
Does this give any ideas?
I need to google this to try to find a solution or maybe this indicates some restrictions put on the VPS accounts?

My windows servers aren't hosted here on Jag. but I have this configuration set up for various clients and have no issues with it. Yes, in the case I pointed to I am using RRAS under win2003.

You are using your server's external IP to lookup DNS records. That could very well be your problem. While connected to your VPN try pinging my web site's IP: 69.73.187.90 by going to your command prompt and typing ping 69.73.187.90. Let me know if you get a reply back, if you do you need to change your DNS settings for your VPN connection. If your server has a DNS server installed you will need to use your server's private interface for your dns server instead of the public interface which you are using.

[Pawel Kowalski]

I really doubt that Jag is doing anything to block this type of traffic. VPN traffic is encrypted, they have no way to know if you are transfering files or browsing the internet. This is something with your configuration.

I never had a windows VPS here so let me confirm something. Is your VPS set up with 2 network cards? If so one is your public interface, what is the private interface IP that you use? It might be helpful if you post the details from an ipconfig /all on your server.

When you set up RRAS did you use their wizard or did you manually configure everything? There are a bunch of different issues that this could be and it's hard to troubleshoot without being able to see all your settings, but I can try.

[ronvps]

I used the RRAS wizard when starting the service for the first time. I don't remember what options I selected then. I have manually tried to configure since then.
Here is the ipconfig /all from the server..I've substituted the last part of the IP address with 00.01,00.02 and 00.03 (3 different IP addresses)..just a bit skeptical about posting the actual IP addresses here right now since my setup may not be well secured yet. If the actual IP addresses are required, I can PM them to you.

Windows IP Configuration

Host Name . . . . . . . . . . . . : WINDOWS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter vznet0:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SWsoft Virtual Network Adapter
Physical Address. . . . . . . . . : 00-FF-69-E4-DF-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 69.73.00.03
Subnet Mask . . . . . . . . . . . : 255.255.254.0
IP Address. . . . . . . . . . . . : 69.73.00.02
Subnet Mask . . . . . . . . . . . : 255.255.254.0
IP Address. . . . . . . . . . . . : 69.73.00.01
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 69.73.181.168
69.73.181.166
69.73.130.223

[Pawel Kowalski]

You don't actually have 2 network cards on your server? RRAS should not have let you use the wizard to configure a VPN connection in that scenario unless you did a custom configuration.

I did do some searching around web hosting talk and it seems like others are having the same issue as you on VPS servers with one nic. For a VPN to work properly you usually need 2 network cards, one connected to the internet and the other connected to your datacenter's internal private network. I don't know why your set up isn't configured like this but I'm guessing it has something to do with the fact that you are on a VPS. What is happening in your case is your internet traffic is being sent through the VPN tunnel and your server has no idea what to do with it, so it just drops it. In addition, when you say you can RDP to your server once you are connected using the VPN I'm skeptical that RDP is actually using the VPN tunnel to set up the connection since you are using the public 69.73.x.x IP address. I wish I could be more help, unfortuneately I don't have a windows VPS to test with. Maybe I'll get one going here eventually.

[ronvps]

I'm not sure if you have access to a Windows VPS system that has a 'working' VPN solution, but if you do, under RRAS, can you check what is listed under Network Interfaces.
I'm attaching a screenshot of my VPS that shows the Network Interfaces listed. I think coz of the new Virtuozzo version, some sort of emulated software network card is added to the VPS, that allows windows to think there are 2 network cards and allow the setup wizard of RRAS to continue.