Topic: pptp from 2k servers to 5.5 sme

[Mark]

This is  a weird one. I have 2 x 2k servers that act as gateways for branch offices that connect to our head office via an 5.5 box using pptp (can't use L2TP). The 2k servers can ping and succesfully connect to all internal headoffice servers/services and the clients connected to the 2k servers can ping and appear to initially connect to the head office services (specifically exchange and an internal web server) but they "sort of taper off and hang". This doesnt appear to be a routing issue (everything pings everything everywhere fine) or a dns issue (you can ping by name or ip address - makes no difference - it all works).  This problem goes away if I replace the 5.5 box with another 2k server. I have 2 gateways into the head office ( 1 adsl & 1 cable) and both fail if the 2k server is replaced by one of the 2 5.5 sme boxes I have built. An example is if I open a telnet session to our main server from a client in a branch office it connects and the server accepts a connection and accepts the username & password and then it just dies off..freezes. although I can still ping the main server .... I am really going up the wall on this one so any help greatly appreciated.

cheers

Mark

[Ray Mitchell]

Mark
I know you said v5.5, but this may be related to the issue with multiple Win2K VPN connections to a v5.6 server not working correctly ie that feature is supported in v5.6 (but not working correctly) but was not supported at all in v5.5.
see
http://forums.contribs.org/index.php?topic=6994.msg25386#msg25386
and
http://www.e-smith.org/bugs/index.php3?op=showBug&bugID=93

Only guessing though !

To quote Ed:
"What I still CANNOT do is have two W2k workstation behind HOME connect to the same WORK server, Could not do that in 5.5 either."


Regrads
Ray

[Mark]

Hi Ray - Thanks for repsonding.
Is there a difference between trying to have 2 seperate vpn links being 'nat'ed through the sme box (as per Ed's scenario) which I understand the logic of why it won't work and having 1 vpn stream established by the 2k server and multiple clients connect via that one vpn tunnel - I would have thought that the sme box would be "unaware" of how many clients are passing through the 2k managed vpn tunnel and it would only see 1 vpn link. I am going to try port forwading the vpn ports (1723 is no problem but can someone confirm the following will work for the gre protocol - sbin/ipchains --append input -p 47 -s 0/0 -d my external ip -j ACCEPT) through the sme boxes to the NT PDC and terminate the tunnel that way and see if the problem goes away (hate to admit defeat on this one - I use sme for remote vpns quite a bit and have plenty of uses for this particular type of scenario)

BTW - I have experienced the 5.6 fault and its quite different as the whole vpn link stalls - in this scenario the 2k server can continue to work fine - its just the clients behind that are dead (even though they can continue to ping the machines that they can't succesfully connect to).

thanks again

Mark

[Ed]

Mark,

1.  Are you having the two gateways (Client <-> Main) form a tunnel?
     e.g. You login to the Client GW box and run pptp client to
             the Main GW's pptp server.

    Then your assumption are correct and is a different scenario and should work.  There is a How-To somewhere on these boards.  Try the Dev one as well to double check..

2.  If you are doing #1 above, it'll be better/easier if you used IPSec tunnels.

Ed