Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
-
- Posts: 6
- Joined: Tue Oct 19, 2021 6:13 pm
Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
Hello All!
I'm currently experiencing issues with my Softether VPN Server Setup and can't figure out what the issue is or how to resolve it, and I'm hoping someone maybe able to help me figure it out?
--
My Goal: RemotePC-to-LAN topology that works for LAN and WAN clients. Ultimately, I would like my clients to access my corporate network so they can receive their group policies and windows updates, etc.
--
My Setup is as followed:
3 Networks involved:
Corporate Network - 192.168.5.X - DHCP and VPN Servers
LAN Network - 192.168.1.X - ESXi Host and VPN Servers
WAN - External Clients
(VPN Server: SoftEther Corporate Network is Bridged, 2nd NIC is LAN Network as Static Public IP is not an option)
Physical ESXi Host that hosts the below VMs:
Domain Controller/DHCP Server - VM - Windows Server 2016
SoftEther VPN Server - VM - Windows Server 2016
Client - Physical Machine - Windows 10 Pro - Using WiFi and 4G Networks to test LAN and WAN connections.
Notable configurations:
Promiscuous Mode enabled through Virtual Switch across all NICs
Port Forwarded 443 on Home Router for VPN Server
--
My LAB Issue:
I am able to connect my Client device to my VPN Server (using WiFi) but unable to ping other devices on the Corporate network and unable to obtain a DHCP IP Address from my DHCP Server.
I am unable to connect my Client device to my VPN Server using 4G, I receive an immediate error.
This setup worked previously, but unsure why this has happened.
--
Troubleshooting:
Checked Client side and Server Side Logs - No errors with clear indication, but noticed error code 11 server side.
Updated and Restarted VMs.
Turned off Firewalls on all devices.
Double checked Promiscuous mode was enabled.
DHCP Server not picking up client in Address Leases.
DHCP Server unable to ping client, client unable to ping DHCP.
VPN Server able to ping Client, Client able to ping VPN Server (WiFi).
Saw a forum that mentioned a regkey that may cause issues - DisableDHCPMediaSense - Non-existent on my machines.
I'm currently experiencing issues with my Softether VPN Server Setup and can't figure out what the issue is or how to resolve it, and I'm hoping someone maybe able to help me figure it out?
--
My Goal: RemotePC-to-LAN topology that works for LAN and WAN clients. Ultimately, I would like my clients to access my corporate network so they can receive their group policies and windows updates, etc.
--
My Setup is as followed:
3 Networks involved:
Corporate Network - 192.168.5.X - DHCP and VPN Servers
LAN Network - 192.168.1.X - ESXi Host and VPN Servers
WAN - External Clients
(VPN Server: SoftEther Corporate Network is Bridged, 2nd NIC is LAN Network as Static Public IP is not an option)
Physical ESXi Host that hosts the below VMs:
Domain Controller/DHCP Server - VM - Windows Server 2016
SoftEther VPN Server - VM - Windows Server 2016
Client - Physical Machine - Windows 10 Pro - Using WiFi and 4G Networks to test LAN and WAN connections.
Notable configurations:
Promiscuous Mode enabled through Virtual Switch across all NICs
Port Forwarded 443 on Home Router for VPN Server
--
My LAB Issue:
I am able to connect my Client device to my VPN Server (using WiFi) but unable to ping other devices on the Corporate network and unable to obtain a DHCP IP Address from my DHCP Server.
I am unable to connect my Client device to my VPN Server using 4G, I receive an immediate error.
This setup worked previously, but unsure why this has happened.
--
Troubleshooting:
Checked Client side and Server Side Logs - No errors with clear indication, but noticed error code 11 server side.
Updated and Restarted VMs.
Turned off Firewalls on all devices.
Double checked Promiscuous mode was enabled.
DHCP Server not picking up client in Address Leases.
DHCP Server unable to ping client, client unable to ping DHCP.
VPN Server able to ping Client, Client able to ping VPN Server (WiFi).
Saw a forum that mentioned a regkey that may cause issues - DisableDHCPMediaSense - Non-existent on my machines.
-
- Posts: 1293
- Joined: Sun Feb 14, 2021 10:31 am
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
Physical ESXi Host that hosts the below VMs:
192.168.5.X - Domain Controller/DHCP Server
192.168.1.X - bridged SoftEther VPN Server
Is it a correct interpretation? Please describe routing method between the two subnets.
192.168.5.X - Domain Controller/DHCP Server
192.168.1.X - bridged SoftEther VPN Server
Is it a correct interpretation? Please describe routing method between the two subnets.
-
- Posts: 1
- Joined: Fri Apr 08, 2022 5:17 am
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
I have the same issue.
https://ibb.co/5W8TdcZ
After creating a VPN server and successfully adding some routers as clients, I’m able to see all the routers and ping them from the server, but I cannot reach any devices behind these routers, for example
I’m able to ping router one ping 192.168.30.17 from the server but I cannot ping 192.168.8.10
any ideas?
https://ibb.co/5W8TdcZ
After creating a VPN server and successfully adding some routers as clients, I’m able to see all the routers and ping them from the server, but I cannot reach any devices behind these routers, for example
I’m able to ping router one ping 192.168.30.17 from the server but I cannot ping 192.168.8.10
any ideas?
-
- Posts: 6
- Joined: Tue Oct 19, 2021 6:13 pm
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
So the VPN Server has 2 NICs, 1 on the Corporate Network and 1 on the LAN Network.
The Corporate NIC is bridged with the Virtual Hub, so that Clients when connected to the VPN Server they should get routed by my Standalone Windows DHCP Server.
Clients should connect to my VPN Server through the SoftEther Dynamic DNS.
Assigning the IP Manually on the Client NIC does not work either.
Not sure if the above is what you're after, if not please let me know and I'll do my best to provide better information.
-
- Posts: 1293
- Joined: Sun Feb 14, 2021 10:31 am
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
Let's put aside VPN for now. Can you ping between the 192.168.5.X and 192.168.1.X networks?
"They should get routed by my Standalone Windows DHCP Server", or no?
"They should get routed by my Standalone Windows DHCP Server", or no?
-
- Posts: 6
- Joined: Tue Oct 19, 2021 6:13 pm
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
DHCP Server can only ping networks on the 192.168.5.X subnet as it only has one NIC.
VPN Server can ping both subnets - 192.168.1.X and 192.168.5.X - as it has two NICs.
Client can only ping 192.168.1.X subnet when on WiFi, but can ping VPN Server on 192.168.5.X when connected to it by VPN but not the DHCP Server which is also on the 192.168.5.X network.
-
- Posts: 1293
- Joined: Sun Feb 14, 2021 10:31 am
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
For a test please remove the bridge and enable SecureNAT. If now a VPN client can ping the 192.168.5.X DHCP server, you have not resolved the issue of promiscuous mode. I've not used ESXi but it seems to involve a couple of settings, eg:
promiscuous mode enabled
mac address changes enabled
forged transmits enabled
vSwitch vs pSwitch?
promiscuous mode enabled
mac address changes enabled
forged transmits enabled
vSwitch vs pSwitch?
-
- Posts: 6
- Joined: Tue Oct 19, 2021 6:13 pm
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
I have made sure the below is enabled on my Virtual Switch:solo wrote: ↑Fri Apr 08, 2022 1:06 pmFor a test please remove the bridge and enable SecureNAT. If now a VPN client can ping the 192.168.5.X DHCP server, you have not resolved the issue of promiscuous mode. I've not used ESXi but it seems to involve a couple of settings, eg:
promiscuous mode enabled
mac address changes enabled
forged transmits enabled
vSwitch vs pSwitch?
promiscuous mode
mac address changes
forged transmits
Removed the bridge connection and enabled SecureNAT - Issue still persists.
Still getting an IP Address of 169.254.X.X
-
- Posts: 1293
- Joined: Sun Feb 14, 2021 10:31 am
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
Wow that's rather unexpected. Forget "Corporate Network", "LAN Network", etc. You simply have a VPN client-only issue.AnimatedAneurin wrote: ↑Fri Apr 08, 2022 6:44 pmRemoved the bridge connection and enabled SecureNAT - Issue still persists.
Still getting an IP Address of 169.254.X.X
If you still can't resolve it, then assuming your SNAT runs with defaults, your client's firewall is off, connect the client and post as code:
- netstat -r
- ipconfig /all
- dhcptest --quiet --query --wait --timeout 10
-
- Posts: 6
- Joined: Tue Oct 19, 2021 6:13 pm
Re: Standalone Windows DHCP Server - "Requesting an IP address to the DHCP server in VPN"
Managed to get my Network working again!solo wrote: ↑Fri Apr 08, 2022 8:30 pmWow that's rather unexpected. Forget "Corporate Network", "LAN Network", etc. You simply have a VPN client-only issue.AnimatedAneurin wrote: ↑Fri Apr 08, 2022 6:44 pmRemoved the bridge connection and enabled SecureNAT - Issue still persists.
Still getting an IP Address of 169.254.X.X
If you still can't resolve it, then assuming your SNAT runs with defaults, your client's firewall is off, connect the client and post as code:
- netstat -r
- ipconfig /all
- dhcptest --quiet --query --wait --timeout 10
I updated my VMWare Tools on my DHCP Server and reapplied DMZ on my VPN Server and that seems to have fixed it.
Not sure if forums get closed down automatically or manually but would like to keep this open for about a week or 2, just in case the issue reoccurs.
The above info seems useful too, so if it does happen I'll make sure to come back to this.
Thanks Solo for replying to my forum and trying to help me out, I really appreciate it as Networking/VPNs aren't my strongpoint :)