Assuming the following configuration:
-the RRAS server (Win Server 2012 R2) has two NICs: one connected to the Internet with the public IP address 133.33.33.33, the other one connected to the Internal network with the IP address 10.1.100.250 (there is no NAT in my DMZ).
Internet interface:
- IP: 133.33.33.33
- Mask: 255.255.255.0
- Gateway: 133.33.33.1
Intranet interface:
- IP: 10.1.100.250
- Mask: 255.255.255.0
- No gateway
-my VPN clients are getting IP addresses from the DHCP: 172.16.1.0/24
-RRAS configured for VPN access (so enabled as an IPv4 router for LAN too)
-IPv4 forwarding enabled
-RRAS filters are disabled
My VPN clients are properly getting IP address from the DHCP server in 10.1.100.0 subnet but my issue is that if I don't configure any IPv4 static routes in the RRAS management console the VPN clients are unable to communicate with the internal network. I don't mind configuring static routes for my internal network but I would like also to have the VPN clients using Internet through the VPN tunnel but it's going to be an annoying job to summarize the public internet IPs...
- Is that normal that I have to configure static routes to make the VPN clients work? What about Internet? Any way I can troubleshoot this?
- Is there any documentation around on a DMZ setup and best practices?
PS: I tried DirectAcces but most of my client applications are not compatible with IPv6.