PPTP Client Cannot Gain Access to PPTP Server With One Network Adapter Installed

ID: Q217766


The information in this article applies to:


SUMMARY

This article describes two possible strategies to gain access to NetBIOS resources across a Point-to-Point Tunneling Protocol (PPTP) tunnel, when the PPTP server (RRAS) has only one network adapter installed.


MORE INFORMATION

When a PPTP server has only one network adapter installed, PPTP clients may be unable to access NetBIOS resources on the server, because the NetBIOS interface only binds to the first bound Internet Protocol (IP) on a network adapter.

The following diagram illustrates this point:



          RRAS/PPTP                         
          10.10.0.1                        
              |                   /        \          
  LAN(1) ------------ Router  ---- Internet ---- ISP ---- RAS/PPTP client
 10.10.0.0           Firewall     \        /  
In the example outlined above, the RAS/PPTP client dials the Internet service provider (ISP) and then dials the PPTP connection. The Router/Firewall decides whether or not to forward this traffic. In this example, the Router/Firewall is configured to accept PPTP traffic, so the connection is allowed. The address scheme used here is for illustration purposes only.

When a PPTP client connects to a PPTP or a virtual private networking (VPN) server, a host route is entered in the host's route table. This route tells the host to send all traffic directly to the address of the PPTP server. This route must be added because the PPTP connection is the default gateway for the client computer, and all traffic is routed through the PPTP connection. The PPTP connection must know what to do with all of these packets. Adding the static route to the route table ensures that all traffic is routed through the VPN, except for the "actual" traffic, which must be routed to the PPTP server.

While the route addition is necessary, it can cause connectivity problems when clients want to gain access to NetBIOS resources on the RRAS/PPTP server. When the client attempts to gain access to a resource on the server, the IP stack on the client attempts to send the data directly to the server using the static route. In this example, the Router/Firewall is configured to drop all traffic that is not PPTP traffic. The client's packets are dropped because the client checked its route table, determined that it had a host route for the PPTP server, and then sent the packets across the Internet instead of routing them through the PPTP tunnel.

Strategies to Gain Access to a PPTP Server With One Network Adapter Installed

Strategy One

Install a network loopback adapter on the RRAS server and give it a different IP address (for example, 20.20.0.1). Put an Lmhosts file on the PPTP client that resolves the name of the RRAS/PPTP server to 20.20.0.1. For an easy implementation, change the RRAS static pool to give out addresses on the 20.20.0.0 network. The client is now able to gain access to all resources on the RRAS/PPTP server, including the NetBIOS resources.

This configuration looks similar to the following example:


              RRAS/PPTP                         
20.20.0.1 --- 10.10.0.1                        
                  |               /        \          
  LAN(1) ------------ Router  ---- Internet ---- ISP ---- RAS/PPTP client
 10.10.0.0           Firewall     \        /  
NOTE: When you install a loopback adapter, your computer is multihomed. If your RRAS server is a Windows Internet Name Service (WINS) server, a primary domain controller (PDC), or both, you can search the Microsoft Knowledge Base for articles that describe these situations.

Strategy Two

Create a PPTP connection to any IP address that is bound to a network adapter. To do this, add a second IP address to the network adapter and then create an Lmhosts file on the RAS/PPTP client that points to the first IP address bound to the network adapter. Typically, the internal LAN has a different IP address scheme than the one used to connect directly to the Internet. Remember that the Internet-accessible IP address is not the first bound IP on the network adapter.

This configuration looks similar to the following example:

 
              RRAS/PPTP                         
              20.20.0.1
              10.10.0.1                        
                  |               /        \          
  LAN(1) ------------ Router  ---- Internet ---- ISP ---- RAS/PPTP client
 20.20.0.0           Firewall     \        /  
In this example, the RAS/PPTP client connects to the ISP and then makes the PPTP connection to 10.10.0.1. The client should have an Lmhosts file that points to the 20.20.0.1 IP for the RRAS/PPTP server. As long as the RRAS static pool is configured with a range of 20.20.0.0, no additional routing is necessary.

Additional query words:


Keywords          : 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbinfo 

Last Reviewed: June 25, 1999