hyper-v DHCP & VPN

[SinanFantie]

so i mademade a simple (virtual) network with hyper-v. i made 3 new virtual machines, 2  with windows server 2016 and 1 with windows 10. all of this can be seen in the pictured i have add. the first machine we configured was one of the server 2016 machines and we made it our router. the second machine is our DHCP server and the windows 10 machine is just a normal client pc.

(all the setting im going to talk about from here on out are are things i think i did the right way)

i have all the correct firewall settings and ip addresses on all 4 machines (including my main host pc) to be able to ping and shares files with each other and i have the rights users settings. all machines can ping each other. my host machine can reach the files on my v-windows 10 but my v-windows 10 cant access my host machine. this is one of my problems.

the second problem:  i made a VPN in my windows server 2016 RRAS machine with routing and remote access. the ip address scope of the vpn is 192.168.31.2 to 192.168.31.254. when i try to connect to the vpn with my host machine to connect to the 192.168.30.0 network it does not work. can anybody help me with these 2 problems

[SupaKomputa]

I think the vpn connection isolate it from the local network.

[SinanFantie]

1 hour ago, SupaKomputa said:

I think the vpn connection isolate it from the local network.

at first we did not had a DHCP server and no VPN installed. i could not share files.

example: PC X could open and read shared files from PC Y but PC Y could not open the shared files from PC X

when i used the ping command on both machined it work in both ways.

some time later i did not mind that i could not use the share functionality from both ways. so i gave up and let it be.

after all of this i included a VPN

[Acedia]

You said your host machine could already reach the 192.168.30.0/24 network, why switch to RRAS?

[SinanFantie]

13 hours ago, Acedia said:

You said your host machine could already reach the 192.168.30.0/24 network, why switch to RRAS?

because that is how i want my network to be. i am learning and expanding my network at the same time

[Falconevo]

17 hours ago, SinanFantie said:

at first we did not had a DHCP server and no VPN installed. i could not share files.

example: PC X could open and read shared files from PC Y but PC Y could not open the shared files from PC X

when i used the ping command on both machined it work in both ways.

some time later i did not mind that i could not use the share functionality from both ways. so i gave up and let it be.

after all of this i included a VPN

That doesn't require a VPN, it requires the Windows firewalls on each machine to allow TCP 445 (SMB) to be open.  It's not be default.

It doesn't seem like you require a VPN...  You can certainly configure one but without the correct RRAS configuration and split tunnelling its doubtful you would reach your goal.  A VPN seems quite silly for a local configuration that doesn't transverse the WAN.

[SinanFantie]

4 minutes ago, Falconevo said:

That doesn't require a VPN, it requires the Windows firewalls on each machine to allow TCP 445 (SMB) to be open.  It's not be default.

It doesn't seem like you require a VPN...  You can certainly configure one but without the correct RRAS configuration and split tunnelling its doubtful you would reach your goal.  A VPN seems quite silly for a local configuration that doesn't transverse the WAN.

the only reason i have added a vpn is to learn. i know i dont need it. and i have checked mt TCP SMB on the firewall on all my devices and they are all on and allowing connection. (inbound & outbound both with the correct settings)

[Falconevo]

2 minutes ago, SinanFantie said:

the only reason i have added a vpn is to learn. i know i dont need it. and i have checked mt TCP SMB on the firewall on all my devices and they are all on and allowing connection. (inbound & outbound both with the correct settings)

Test the port is responding to the connection with telnet;

 

example;   telnet 192.168.0.1 445
replace 192.168.0.1 the IP you want to test to confirm the port is connecting

If the port is connecting, the problem is not the windows firewall, but likely the security and group policy configuration on the machine in question preventing unsecure access for example using older SMBv1/v2 protocols.  Everything should ideally use SMBv3+

 

As for learning VPN configuration etc, that is admirable but RRAS isn't the right place to learn as it is dreadful.  I'd probably recommend creating a pfSense or vyOS VM and learning with an actual routing/firewall platform.

[SinanFantie]

2 hours ago, Falconevo said:

Test the port is responding to the connection with telnet;

 

example;   telnet 192.168.0.1 445
replace 192.168.0.1 the IP you want to test to confirm the port is connecting

If the port is connecting, the problem is not the windows firewall, but likely the security and group policy configuration on the machine in question preventing unsecure access for example using older SMBv1/v2 protocols.  Everything should ideally use SMBv3+

 

As for learning VPN configuration etc, that is admirable but RRAS isn't the right place to learn as it is dreadful.  I'd probably recommend creating a pfSense or vyOS VM and learning with an actual routing/firewall platform.

i have used to telnet command and i couldnt connect, this is what i got: connecting to 10.4.30.31. . .could not open connection to the host, on port 23: connect failed

 

actually i dont know much about RRAS. our teacher is teaching it us this way. at first the windows server 2016 machine that is our RRAS router was just a normal V machine. later on we turned it to our router when. BTW Thank you for your time