Topic: VPN client behind 5.0 SMEserver

[mark]

Good afternnon everyone,
I'm hoping someone else has been through this before and can help shed some light on what I need to do.
I'm using SMEserver 5.0 and I'm trying to get my wife's machine to connect to her office using vpn-1SecureClient from checkpoint software. But whenever I attempt to get a connection it is always denied. I am assuming it is due to being behind the SME server and I'm missing some config on the server to allow the vpn client to work. I've looked in the server manual and cannot find anything concerning this setup and a search of the forum posts mostly dealt with setting up freeSwan.
I did find one post that said to run the following:
    /sbin/e-smith/config setprop masq ipsec yes
    /sbin/e-smith/signal-event remoteaccess-update
but it did not seem to help at all.

I did not install freeSwan which I believe is just if I want to run vpn through my server to connect back to my home network and not needed to just use a client to connect out. Is this correct?

anyone have this working that could make some suggestions?
I'd like to get this working and not be forced to get a second net connection to the house for my wife's work machine.

any pointers/help would be greatly appreciated.
thanks
-Mark

[Rob wellesley]

test your setup by connecting to the Internet via dialup from the computer running your VPN client. Make a VPN connection - this should answer your question re: SME "blocking"

We use standard microsoft VPN (dun1.4 on win9x) and have no problems.

[mark]

I just had a chance to reconfig and try the client connected straight to the cable modem to eliminate the SMEserver from the setup and the vpn works fine this way. so I am now sure that it is indeed something about the SMEserver it does not like.

thanks
-Mark

[Rob wellesley]

Which is actually kind of weird since NAT will allow any packet thru that where the request was initiated from the LAN.

Maybe the VPN server you are trying to connect to needs a port open to allow it to initiate communication with your client?

[gary]

Yes, I am having the same problem.  I think Mitel did something in 5.5 that they left out in 4.1.2 and 5.0.

Anyone care to comment?

I'm going to try Darrel May's "Port Opening" module and see if that helps.  I just need to get the TCP port listing from Checkpoint's website, first.

Mark, why don't you try this as well.  I will share my results on this board.