I've configured RRAS for NAT internet sharing and VPN remote access, both of which work fine.

However, if I connect remotely over the VPN with "use default gateway on remote network" selected then I can't break out to the Internet.

The routing tables look OK to me on both the client and the server, and both services work fine by themselves. If I connect to an alternative W2K server with the same settings then it works as required, so I'm pretty sure the client is fine.

The server has seperate LAN and WAN ports, and there's no clash of subnets with the client.

The primary point of the exercise was to create a (relatively) secure tunnel for Internet access, so breaking out to the Internet locally is not an option.

Any ideas? Thanks.

Check the IP settings, is the VPN tunnel getting the default gateway set correctly? Could be the DHCP settings on the target network are incomplete, also check the DNS settings for the VPN are being set correctly - can you ping something like Microsoft.com using the IP address, instead of the domain name?

The DNS is fine - I can resolve via the tunnel, but not ping the IP.

The default gateway on the client is automatically set to the same as the PPP interface IP, which is always the way. Comparing this tunnel to another which works, a route print on the client shows the same routes.

I have RRAS set to use the onboard LAN adapter to obtain DHCP and DNS which does seem to work fine, issuing the server IP as the DNS. There are other alternatives, including allowing the NAT to assign addresses. This server is the PDC and DHCP server for the network, so I have not enabled any further DHCP servers.

Is there somewhere I should be checking on the server to enable routing between the VPN and NAT interfaces?

You can only have one DHCP server on a segment, otherwise you will get problems.

Can't think of anything else obvious at the moment... I'll have think over lunch.

Just thought I'd update this.

I deleted the default route and added it back. For some reason, it now works fine!

I'm waiting to see what happens next time the server is reset...