in my Montreal DNS server, I have this: I'm pretty sure that If I had a DC in Vancouver, I wouldn't have that issue. ... View more

yes ... View more

well, if I disable the Montreal DNS, Vancouver can only ping IP adresses, no names. ... View more

well, I assume that since I have my DC and DNS on site, it finds it's route.   By the way, if I modify the hosts file of Vancouver's clients, it works, but I would prefer a better way.   ... View more

In have a zone on my domain controller in Montreal. ifs.*****gro.com when Vancouver's clients get their DHCP, one of the name servers is the IP address of that DC, so they are looking into that DNS records and get stuck. If I disable that name server in the DHCP, then the clients go through the Internet with no problem, but then they can't resolve Montreal resourcese's names. ... View more

I have no clue. I guess it was already there. Anyway, I'm planning to replace that router with an MX68 that I already have ready, but prior to it, I have to ensure that I fix the issue I have in vancouver because the same issue will come in Toronto as well. ... View more

this my Toronto's routing table   ... View more

So I assume that you call working site is Toronto, but no, that is the only static route I have, and it is just made to force the router to use the wan connection and it's gateway.   Regarding the MX64, the 66.11.93.166 is the IP address of the Cisco RV220 Gateway of Toronto, and 207.194.41.1 is the gateway address of Vancouver's MX64.   I'm just trying to replicate what I did in Toronto. ... View more

The problem got solved by itself, after an hour it started to work. Thank you. ... View more

there it is     and here is the script I've been using for a couple of years. I've just added  10.69.10.0/24 to the rotes today, but it didn't help.   # Path for the phonebook. $PbkPath = Join-Path $env:PROGRAMDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk' # Update these variables with the actual VPN name, address, and PSK. $ConnectionName = 'ABC VPN' $ServerAddress = 'cisco-******-wired-********.dynamic-m.com' $PresharedKey = '*************' # If no VPNs, rasphone.Pbk may not already exist. # If file does not exist, then create an empty placeholder. # Placeholder will be overwritten when new VPN is created. If ((Test-Path $PbkPath) -eq $false) { $PbkFolder = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\pbk\" if ((Test-Path $PbkFolder) -eq $true){ New-Item -path $PbkFolder -name "rasphone.pbk" -ItemType "file" | Out-Null } else{ $ConnectionFolder = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\" New-Item -path $ConnectionFolder -name "pbk" -ItemType "directory" | Out-Null New-Item -path $PbkFolder -name "rasphone.pbk" -ItemType "file" | Out-Null } } # If VPN exists, delete VPN connection so you can build fresh. Remove-VpnConnection -AllUserConnection -Name $ConnectionName -Force -EA SilentlyContinue # Adds the new VPN connection. Add-VpnConnection -Name $ConnectionName -ServerAddress $ServerAddress -DnsSuffix 'int.nomoist.net' -AllUserConnection -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod PAP -EncryptionLevel Custom -Force -WA SilentlyContinue # Sets the VPN connection to split tunnel. # Comment out for full tunnel. # Note: Some PCs get angry w/o a short rest to process Add-VPNConnection Start-Sleep -m 100 Set-VpnConnection -Name $ConnectionName -SplitTunneling $True -AllUserConnection -EncryptionLevel Custom -WA SilentlyContinue # If you need parameters to add metrics or for IPv6 subnets, open Powershell and run: # get-help add-vpnconnectionroute -full # This will give the full list of valid parameters for Add-Vpnconnectionroute and # instructions for using them. # Adds the route for the interesting subnet # $RouteList is an array of interesting subnet(s) with CIDR mask # Split tunnels must have at least one route. # Comment out for full tunnel. $RouteList = @('10.0.1.0/24', '10.1.0.0/16', '10.2.0.0/16' , '192.168.254.22/32' , '10.69.10.0/24') Foreach ($Destination in $RouteList) { Add-Vpnconnectionroute -Connectionname $ConnectionName -AllUserConnection -DestinationPrefix $Destination } # Load the RASphone.pbk file into a line-by-line array $Phonebook = (Get-Content -path $PbkPath) # Index for line where the connection starts. $ConnectionIndex = 0 # Locate the array index for the [$ConnectionName] saved connection. # Ensures that we only edit settings for this particular connection. for ($counter=0; $counter -lt $Phonebook.Length; $counter++){ if($Phonebook[$counter] -eq "[$ConnectionName]"){ # Set $ConnectionIndex var since $counter only exists inside loop $ConnectionIndex = $counter break } } # Starting at the $ConnectionName connection: # 1. Set connection to use Windows Credential (UseRasCredentials=1) # 2. Force client to use VPN-provided DNS first (IpInterfaceMetric=1) # Setting the IpInterfaceMetric to 1 will force the PC to use that DNS first. # Some companies have local domains that overlap with valid domains # on the Internet. If VPN-provided DNS can resolve names on the local domain, # then end user PC will get the correct IP addresses for private servers. # Otherwise, the PC will use a public DNS resolver. for($counter=$ConnectionIndex; $counter -lt $Phonebook.Length; $counter++){ # Set RASPhone.pbk so that the Windows credential is used to # authenticate to servers. if($Phonebook[$counter] -eq "UseRasCredentials=1"){ $Phonebook[$counter] = "UseRasCredentials=0" } # Set RASPhone.pbk so that VPN adapters are highest priority for routing traffic. # Comment out if you don't want to try VPN-provided DNS first. elseif($Phonebook[$counter] -eq "IpInterfaceMetric=0"){ $Phonebook[$counter] = "IpInterfaceMetric=1" break # IpInterfaceMetric comes after UseRasCredentials, so break will cancel # our loop once we're done with it. } } # Save modified phonebook overtop of RASphone.pbk Set-Content -Path $PbkPath -Value $Phonebook # Create desktop shortcut using rasphone.exe. # Provides a static box for end users to type user name/password into. # Avoids Windows 10 overlay problems such as showing "Connecting..." even # after a successful connection. # Create a desktop shortcut $WScriptShell = New-Object -ComObject WScript.Shell $Shortcut = $WScriptShell.CreateShortcut("$env:Public\Desktop\Polygon VPN.lnk") $ShortCut.IconLocation = "C:\WINDOWS\system32\SHELL32.dll, 135" $Shortcut.TargetPath = "rasphone.exe" $Shortcut.Save() # Prevent Windows 10 problem with NAT-Traversal (often on hotspots) # See https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809 # for more details $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent" $name = "AssumeUDPEncapsulationContextOnSendRule" $value = "2" New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null     ... View more

100% sure. and my issue is not to connect to the VPN, it works fine. I just can't access the remote site to site vpn, but I can access all my network resources through the vpn. ... View more

None of these updates are installed on my computers. ... View more

No rules at all. ... View more

the 10.69.11.0/24 is the local office where the MX-64 is located. I don't need a route, I already have access. My VPN is split tunnel.   ... View more

you mean here?   ... View more

This is not related to my problem. all clients successfully connect to the VPN. You should create anotre case. ... View more

Thank you. ... View more

@PhilipDAth  Thank you. ... View more

@PhilipDAth I've created the Radius server and selected the appropriate group. It works like a charm. Thank you for your help. ... View more

@PhilipDAth I have no experience with radius. Can I create on an existing server, or do I need a dedicated one? ... View more