Reference Manual


ras - interact with the RAS Server Elevation required
ras [start | stop | status]
wancfg [i | ras]

The ras command is used to start or stop the Remote Access Server.

If argument status is specified, details of all current client connections are printed.

The RAS Server adapter is normally configured as a private interface within NAT32, and external clients that connect to it via VPN are given transparent access to the Internet through NAT32. Client machines can thus use the VPN connection to temporarily bypass the NAT32 DNS Resolver and Honeypot.

On Windows Client platforms, NAT32 supports the RAS Server via the RAS (Dial In) Interface also known as the Incoming Connections interface (even though it supports only a single connection at a time). This service is a restricted version of the Routing and Remote Access service available on Windows Server platforms and has the following limitations:

  1. Only one connection at a time is allowed.
  2. If the RAS Server is DHCP-configured, the client will always be given a 169.254.x.x address.
    New This problem has been fixed in Windows 8.1 Update.
  3. Only a limited IP configuration (no DNS address) is initially supplied to the client on systems fitted with multiple network interfaces.
    In this case, clients that do not request further configuration details via a DHCP INFORM request will have no Internet connectivity.
    Examples of such clients are all APPLE Corporation IOS devices and many Android devices.
Devices that do not request a DNS address via a DHCP INFORM will only work correctly if each network interface on the Remote Access machine has a DNS address configured. This is because the Remote Access Service always supplies the DNS address of the last active interface to the client. If that interface has no DNS address configured, then none is supplied to the client, and name resolution on the client system cannot function. Note that Windows 8.1 Update also exhibits this behaviour.

For the RAS Server, the fixed configuration mode is recommended, and a private IP address should be assigned in the Properties of the Windows "Incoming Connections" connection. Most clients request further details via a DHCP INFORM request, which is why NAT32 enables its DHCP Server on the Remote Access Server interface.

Note that devices manufactured by the Apple Corporation (iPod, iPad, iPhone) only send a DHCP INFORM over VPN connections that have the "Send All Traffic" option turned off. However, Internet traffic is then not sent via the VPN, so most users will normally want that option on.

None of the above issues apply to the Remote Access Service on Windows Server platforms, because their Routing and Remote Access Service (RRAS) always configures the connection correctly at connection establishment time.

DNS Resolver, Honeypot, RAS Help, VPN Help, How To