VPN within a Remote Desktop session

Question

I connect to a server on my local network via Remote Desktop. I then need to make a VPN connection out to the internet from within that Remote Desktop session. However that immediately disconnects my remote desktop session.

What's happening here and is there a way I can fix it?

Extra Information:

Local Computer #1:

Initiates RDP Session to #2
Windows 7
10.1.1.140/24

Local Computer #2:

Windows Vista
10.1.1.132/24
Initiates VPN connection to public IP
VPN is PPTP
Set to obtain IP and DNS automatically
'Use Default Gateway on Remote network' is unselected
'Enable LMHosts' is selected
'Enable Netbios' over TCP/IP is selected
Has the ability to be multi-homed (ie. has 2 nic's)

Public facing ADSL Router:

VPN Server
receives connection from #2 via external IP
Internal network is 192.168.0.0/24

I can make a VPN connection from my PC with no problems (no RDP involved).

Tom suggested using dual NIC's in a comment below. I have dual NIC's in the box (#2 above) but I'm not sure how to set them up properly, or how to assign the VPN to use one over the other.

I tried setting the extra NIC to be on the same private network (10.1.1.200/24), starting the VPN and then trying to RDP to either of the NIC's, 10.1.1.132 or 10.1.1.200 but didn't have any luck. Is there some way I can tell the VPN to use one NIC over the other?

As requested - here are my routing tables from PC#2:

Before VPN is connected:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     20
         10.1.1.0    255.255.255.0         On-link        10.1.1.132    276
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.255  255.255.255.255         On-link        10.1.1.132    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
===========================================================================

and after VPN is connected:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     20
         10.1.1.0    255.255.255.0         On-link        10.1.1.132    276
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.255  255.255.255.255         On-link        10.1.1.132    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
      192.168.0.0    255.255.255.0    192.168.0.254    192.168.0.234    267
    192.168.0.234  255.255.255.255         On-link     192.168.0.234    522
    remote-vpn-ip  255.255.255.255       10.1.1.254       10.1.1.132     21
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.234    522
===========================================================================

I even tried hooking up the second interface (10.1.1.232) and playing with the default routes:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.1.1.254       10.1.1.132     21
         10.1.1.0    255.255.255.0       10.1.1.254       10.1.1.232     11
       10.1.1.132  255.255.255.255         On-link        10.1.1.132    276
       10.1.1.232  255.255.255.255         On-link        10.1.1.232    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link        10.1.1.132    296
  169.254.255.255  255.255.255.255         On-link        10.1.1.132    276
      192.168.0.0    255.255.255.0    192.168.0.254    192.168.0.235    267
    192.168.0.235  255.255.255.255         On-link     192.168.0.235    522
    remote-vpn-ip  255.255.255.255       10.1.1.254       10.1.1.132     21
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.1.1.132    276
        224.0.0.0        240.0.0.0         On-link        10.1.1.232    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.1.1.132    276
  255.255.255.255  255.255.255.255         On-link        10.1.1.232    266
  255.255.255.255  255.255.255.255         On-link     192.168.0.235    522

score 10 · Answer 1 · answered Oct 21 '10 at 08:45

What's happening is that you're effectively cutting off the IP route from the server to yourself - hence the RDP session loss. You can fix it by setting up the VPN in a way that it's bound to a second interface (physical or virtual) so that both the VPN and RDP link can coexist. How you do this depends enormously on a range of very detailed configurations that we don't know right now, so if you want help with this you'll have to come back to us with a LOT more information, just as much as you can please.

score 6 · Answer 2 · answered Oct 29 '10 at 13:36

This can be usual practice - by default, on a windows box, (this may have changed), all traffic gets forced down the VPN tunnel, so yes, your RDP will drop.

I suggest, going to the advances settings of your VPN on your server, and making sure it doesn't send all traffic via the VPN.

Also, check that the destination network doesn't use the same subnet settings as you do, otherwise again, you'll experience the symptoms you describe.

score 5 · Answer 3 · answered Nov 04 '10 at 16:14

I had this problem before, and the solution is "split tunneling", this means, send the Internet Traffic to the default gateway, and the traffic to the VPN network using the Tunnel.

What you have to do is set up a static route to your machine in Computer #2. And setting the priority for this route to 0

So the end result will be a default route 0.0.0.0/0 to the IP address of the VPN Gateway, and a static route to your machine using the default gateway.

In windows what you would do is something like this:

 route add 10.1.1.140 netmask 255.255.255.255 <defaultGW> -P

where defaultGW is the ip address of your router.

This will ensure that traffic going to 10.1.1.140 will not be routed to the tunnel.

if you have physical access to computer #2, connect to the VPN and let us know the routing table of the machine:

route print

one before connecting to the vpn and one after.

Whit this information, we can help you up setting the "split tunnel"

Hope to be of assistance

score 1 · Answer 4 · answered Jul 08 '20 at 16:20

For Hyper-V running on Windows 10 host and Windows 10 VM guest:

1.Create 2 switches, Internal (for host-guest access) and External (for Internet access and VPN), then add it to your VM settings The process is described here https://superuser.com/questions/469806/windows-8-hyper-v-how-to-give-vm-internet-access

This is how your VM settings might look like

2.Set static IP inside your VM guest for the Internal switch you've just created.

3.Use ipconfig inside the guest to check your IPv6 address

4.Use your guest IPv6 address as a "Computer name" in the Logon settings of RDP client

PS. Don't forget to allow remote desktop connections inside the guest!

score 1 · Answer 5 · answered Oct 21 '10 at 08:46

Hard to tell without more information, but many VPN clients have the nasty habit of (logically) deconnecting their host computer from the LAN while setting up the VPN connection. I.e., you can be connected either to your LAN, or to the VPN, but not both.

If your VPN client does this, obviously your RDP session would be killed as a side effect of cutting you off from the LAN.

I'm not sure why VPN clients do this, whether it's an intentional measure (security?) or just a side effect of reconfiguring the network, but I have often encountered it.

Check the manual for details, and for how to fix this.

score 1 · Answer 6 · answered Oct 31 '10 at 22:33

I had the identical problem. Check to see if the vpn provider can add you to a group that has a policy set for 'split tunneling' - this is done on the vpn host side and if the server does not have this enabled you will not be able to do what you are trying to.

Seeing that your vpn has the address 192.* when you connect it will destroy the interface you are connecting on (thus cutting you off).

If split tunneling is not enabled on the VPN server (contact the VPN server admin about this!) you will not be able to connect.

This all assumes that you are setting your local vpn connections correctly (it looks like it).

score 1 · Answer 7 · answered Dec 21 '16 at 02:37

I have found that using the IPv6 address to connect does not result in the VPN breaking the RDP session.

In my setup I have a windows virtualbox guest and host and my VPN on the guest forces ALL traffic via the VPN (this is server configured I cannot change this)

If I connect from my host to the guest via the ipv4 address (e.g. 192.168.1.x) then as soon as i initiate the VPN connection on the guest the RDP session breaks. However if i connect RDP via the guest host name (which resolves to the IPv6 address) then the VPN connection does not break the RDP session.

score 0 · Answer 8 · answered Aug 25 '21 at 22:30

This happened to me too. I don't have a "Use default gateway on remote network" checkbox to check. There is a solid workaround: use an alternate method to remote into the machine like GoToMyPC. It uses a different method of connecting, and in my case I was able to connect with it and then initiate the VPN connection without trouble.

score 0 · Answer 9 · answered Oct 21 '10 at 10:24

Normally I've used "nested" RDP sessions via VPN with no special problem ( apart a slighty slowering ) The underlying schema was Client->VPN->RDP First Server-> Internet->RDP Second Server. The only problem you could have, I think, is that First server can have a firewall which blocks the outgoing call of RDP Protocol. Using a VPN you can "get in" server network but this is not a warranty that same server or other LAN machines can establish an RDP Session with an external LAN server. If your second server is in the LAN of the first, please check that it can be reached by a RDP Session ( eg: can have a local firewall blocking RDP port ) and Windows allow to use it.The immediate cut off of second RDP session means that there is a network "problem" ( firewalls, auth and so on ) on the route to second server so an accurate check of outbond calls from first server is required. According to me the solution is more simple than you think also if first server have only one network card. For long time I have operated with nested rdp sessions with servers mounting Windows 2000, Windows 2003 and 2008 using a VPN server on Windows 2003 server then nesting RDP sessions for the other two, sometimes toghter, from the first one. So please check network conditions of first server.

score 0 · Answer 10 · answered Oct 29 '10 at 15:11

You mentioned that "Use default gateway" is unchecked - which if that is acceptable (no routing required outside the 192.168.0.0/24 subnet) should have solved your problem.

What you are left with sounds like potentially the firewall getting in the way? Can you completely disable the Windows Firewall (or whatever product you are using) and verify the symptom still exists?

Are you able to reconnect the dropped session after the VPN link has been established, and remains active?

Joris · Answer 11 · 2010-11-03T09:07:45.590

0

Edit: I missed sleskes' answer explaining the same.

Perhaps some installed security product (firewall, "internet security", antivirus, ...) detects the PPTP connection and has the same functionality?

Note that some of these products have options that are buried deeply in the GUI behind unassuming checkboxes.

edited Nov 03 '10 at 09:07

answered Nov 03 '10 at 08:01

Joris

6,009

score 0 · Answer 12 · answered Aug 17 '15 at 14:37

Its likely that the VPN client is configured to route ALL traffic down the tunnel, not just traffic to the networks that the VPN routes to. This drops any currently open connections and changes the routing behaviour on the server, hence why your connection is dropped.

score 0 · Answer 13 · answered Apr 26 '17 at 23:18

This doesn't solve the specific problem mentioned but this is what I used to solve the same type of problem in supporting a variety of customers using a variety of vpn clients that are not all compatible and some that create a closed tunnel vpn connection. I have a vmware server that host several virtual machines and use the vSphere client to connect to the windows session and I can open a closed tunnel vpn connection out and not lose access to the windows session.

VPN within a Remote Desktop session

13 Answers13

Linked