So in my network for the point of this argument I have a number of networks setup (all functioning correctly).
10.0.0.0/24 - Primary network (bridge)
10.0.1.0/24 - Network for third party location (l2tp binding)
10.0.2.0/24 - Network for third party location (l2tp binding)
20.0.0.0/24 - Secondary network at primary location (guestbridge)
30.0.0.0/24 - Secondary network at primary location (srv-vlan linked to the bridge)
SFP connection is assigned to the bridge.
20.0.0.0/24 is a DHCP pool assigned to an ethernet port directly
30.0.0.0/24 is a DHCP pool assigned to a VLAN that is tunneled over via SFP into a MikroTik switch SwOS and assigned to a particular port on that switch
If I establish a VPN (off-site) I can connect into my network. VPN is provided by an AD SSTP connection. This all works. I get assigned an IP address in the 10.0.0.60-10.0.0.70 range. From that off-site location from CMD I can ping anything in the 10.0.0.0/24 range. I cannot ping anything in any of the other ranges.
Although RDP does work to establish connections in the 10.0.1.0/24 and 10.0.2.0/24 ranges. RDP does not work in the 20 or 30 ranges at all.
Although if I remote into a computer on the 10.0.0.0/24 network from off-site then remote into a computer from within that remote session (or ping) a computer in the 20 or 30 ranges. I can connect no problem.
Any ideas what is causing my inability to RDP from off-site directly into the 20.0.0.0 or 30.0.0.0 ranges? Seems like an IP route issue to me but I cannot make any changes that are helping to resolve this problem. With this one exception everything else appears to be working. Those computers have full internet connectivity, etc.
Your remote PC is likely set to not use the VPN as the default gateway, in which case you require static routes so traffic to your other internal networks are sent via the VPN tunnel, not out of the LAN gateway.
Apparently the Windows VPN client will pick up additional routes from DHCP option 121 if you can configure that on your server.
So yes you are spot on! I don’t use the default gateway option for the obvious reasons. But when I turned it back on all of the connections did in fact work. So your assumption seems to be correct.
Could you provide more input on DHCP option 121 in relation to the windows VPN client. I took a look in the routing and remote access settings. But couldn’t find anything that seems obvious.
Edit: Assuming you are meaning switching from static IP to DHCP assigned via the VPN I attempted that and all of the connections died. I would prefer to leave the static IP assignment alone if possible. Assuming there is another way to accomplish this goal.
Went ahead and installed routing through the server manager on the environment. Following some other instructions for solving this problem. But when enabling NAT on any of my interface devices I immediately kill my ability to RDP into the server. So not sure that is an appropriate solution either.
Abandoning this method of creating the connection to opt for MikroTik being the connection point for the VPN. Likely will have a new forum topic on this soon as I walk through these steps.
Thanks!