Topic: vpn through e-smith to e-smith

[ADSERG]

Hello All

I have a question which i hope some one has tried already. I have tried the forum's but cant find exactly what i am looking for.

Site 1

I have one e-smith server sitting on a dsl on and ip of 212.xxx.xxx.123 (Main Server) setup to receive 3 vpn connections.

Site2 (remote office)
3x workstations connecting through another e-smith server only being used as a fire wall this server has an ip on second interface of 212.xxx.xxx.456.

Three workstations can connect individually to site 1 but not all together. (doesnt suprise me)

I have created an ip alias on the second server on site 2.  1x nic 212.xxx.xxx.456
went in to /etc/sysconfig/network-scripts and created the alias here. Now have an alias of eth1:0 ip address 212.xxx.xxx.789.

Problem:
I want to be able to connect to both addresses to allow more than one connection 2, 3 or more if needed. I can connect to 456 ok but 789 wont respond is there some script i need to change for this to happen? i suspect that it is a security issue. I can ping to it from the outside world ok.

Hope some brain boffin out there can point me in the right direction.

Thank you

Regards

Ade

[Bill Talcott]

The SME VPN server can only receive one PPTP per IP address. In your case, that would be the other SME. Each client needs a unique IP (as opposed to a single one shared with NAT), or needs to connect to a different IP on the server (which is what you're trying to do). So everything in your situation is as it should be. If you want to add more clients later, you'll need more IP addresses, either for the server or for each client...

http://forums.contribs.org/index.php?topic=5086.msg17901#msg17901 tells what you need to do to assign more IPs to an SME interface. Check my post after that one too, as I forgot a step... The 212.xxx.xxx.789 that you're using is a valid public IP right?

You might want to look into IPSEC. You could use it to make a "tunnel" between the two SMEs to connect the two LANs. There's only one VPN connection being made (SME-SME) instead of one for each client.

[Bill Talcott]

I've typed this up as a separate page and put it at http://www.chrouch.com/e-smith/extraip.html to make things easier.

[ADSERG]

Hi Bill

Thank you for that your a star.

I will give it a go, ill probably try both?

Kindest Regards

Ade

[ADSERG]

Question?

I have installed ipsec on 2 test servers.

Server1:
===============================
Remote Network 172.xxx.xxx.0

Remote Internal IP: 172.xxx.xxx.1

Remote Subnet Mask: 255.255.255.0

Remote External IP:215.xxx.xxx.245

Default Gateway: 215.xxx.xxx.241

-------------------------------------------------------------

Server2 Remote End

===============================

Remote Network 130.xxx.xxx.0

Remote Internal IP: 130.xxx.xxx.5

Remote Subnet Mask:255.255.255.0

Remote External IP:217.xxx.xxx.27

Default Gateway: 217.xxx.xxx.30

-------------------------------------------------------------
On both i have added the encription from both server's cut and paste from notepad, I take it that that is ok?

I cant get both server to talk to each other ,do you need to reboot when you have made this change? I dont think you do?

When the change has been made i find that any VPN session currently in session to the e-smith server's is cut short and trying to establish a vpn from a 95/98/2000 or linux workstation impossible. If i then remove the statements from both server's and reboot the e-smith servers i then regain a vpn connecton?

Should i expect to lose pptp connectivity when using ipsec?

Thank you for your help so far

Kindest Regards

Ade

[ADSERG]

Help Help Help

I think it's set up however if i use ifconfig i dont see any traffic on TX & RX for ipsec0.

Also if i use the command /etc/rd.d/init.d/ipsec status i get IPsec Running pluto pid 1523. Is this telling me the tunnel is there or that ipsec is simply loaded?

I have checked both ipsec setting on the server manager on both servers and it is setup ok, i have also added the local network settings, but still no joy.

I have even turned off compression in ipsec.config but no joy, is this the right place? if not any idea of where i should turn off compression.

I have gone through the forums and found loads of things with ipsec and tried different things suggested but no i am stumped... I have re-checked the how-to's

Why is there no traffic on ipsec0 on both server/client units?

Can anyone help me please?

Regards

Adrian