VPN connects but cannot access shared files

[White Lancer]

Hello
I am trying to set up a VPN connection and have been only partially successful.
After a lot of troubleshooting and researching I thought I'd ask for some help.

I am using MS Server 2012 with its remote access role as the VPN server which is behind a firewall on a Zyxel AMG 1302-t10b router.
I have used noip.com to map the public IP to a host name.
I have added port forwarding for port 1723 (PPTP) and firewall exceptions for the same port.
The remote access has it's own pool of IP addresses that is separate to the DHCP pool.
The VPN will connect over the internet and I can ping the internal addresses but I cannot access any file shares or other things.

I think that this might be due to the GRE protocol (47) but I can't find any sort of reference to this on the router so I don't know if it's allowing it or not.
Does anyone have an idea of what the problem might be or how to correct it?

Thank you to anyone who can help.

 

[White Lancer]

I have continued to try and fix this problem, I can't see a reference to GRE in the Windows firewall. Would this be blocked by default?

 

[RaDiKaL_]

If the client is able to ping the internal pcs through the VPN then it has already surpassed any firewall, seems more like a configuration issue in either side, which OS is the client using? how are the folders being shared in the server? as in said folder is shared to anybody or to specific users? is the client logging in with one of said specific users?

 

[White Lancer]

I am using a Windows Vista laptop as the client and the folders are being shared using the share option under the folders properties. The share is open to everyone but is restricted using NTFS for particular users, the profile that I am connecting with is one with full control of the folder.

 

[RaDiKaL_]

Have you tried from the client typing directly the folder location? open windows explorer and type as example: \\MS-SERVER\sharedfolder
or via it's internal (server) IP: \\10.0.1.100\sharedfolder\

 

[White Lancer]

I have tried to use Windows explorer to do that, I've also tried to map the share as a network drive but that hangs when trying to connect and eventually times out.

 

[RaDiKaL_]

Can you test again disabling temporarily the Server's Windows Firewall? also any other software firewall like from the Antivirus etc.

 

[White Lancer]

That's a good idea, it will at least let me know if that's the problem even if I'm not going to leave them off permanently.
I have also found some references to Maximum Transmission Unit (MTU) causing problems like these so I'll be trying to check that as well.

 

[White Lancer]

I have tried disabling the firewalls but the problem persists.
I have noticed something odd though, the VPN connection claims to have a subnet mask of 255.255.255.255 which I think would put it in a subnet all by itself.I don't know if this occurs with all VPN connections as the list of addresses that I have specified on the server does not have 255.255.255.255 as the subnet mask. Do you know how this might occur or how to specify a correct subnet mask? (In VPN TCP/IP properties I can specify the IP and DNS but not the subnet mask as the field is missing)

 

[RaDiKaL_]

Usually the /32 mask is assigned to the public IP from both ends, to ensure that only that IP is able to connect to your system and viceversa, so nothing to worry about that.

Since the VPN is established between the Server and the Client, the router might still be filtering the data, try forwarding ports 139,445 TCP and 137,138 UDP to your server, those are the ports file sharing uses.

 

[White Lancer]

I think I have finally found the answer. The server had Network Access Protection installed on it, probably a server 2012 default, and it seems that my Vista OS was not being properly detected. I'm not sure why this was occurring but checking the NAP lists showed my Vista laptop in the blocked list. I think I've had the VPN correctly configured all along but just missed NAP.
Thanks for you help!

 

[RaDiKaL_]

Glad to see you found the solution.