Koozali.org: home of the SME Server

ipsec/vpn address puzzle/query

KeVin M

ipsec/vpn address puzzle/query
« on: June 15, 2003, 07:48:56 AM »
Hi

I have been fighting to get a vpn (or similar) connection working with a known remote IP address.

I have a 5.5 (soon to be 5.6 box) as the server/gateway on dynamic adsl. Remote location connects via a 5.6 box, modem dialup - client/gateway. I run my own homegrown dynamic dns setup so have provided both machines withy a fqdn (mine provides some key extra things that the freeby dyndns don't).

A W2k user at the remote location can connect to the server/gw with a vpn and get a good connection. Stable and now generally lasts at least half a day often a full day.

The user then telnets into an internal server for a particular in-house application and all works fine. Significant issue is the internal server then needs to print back to the user to a fixed IP. I have set the server/gateway to dish out 2 dhcp addreses and it alternates. If I set the high and low to the same IP it still dishes out from two addresses. The remote user now knows that if printing doesn't work then drop/reconnect and get 'the other address' and all is ok.  

Now I need to add another remote location for the same setup so the printer address issue is now a major problem.

I have now been trying to set up an ip/sec (freeswan) connection to try that. Issue still seems to be how to provide a known ip to the remote user.  I investigated IPcop but the same problem exists.

If I could do it via the vpn/pppd I would use that but from my testing it clearly just uses dhcp. Since a mac address isn't the basis for the ip received I can't fix the dhcp provided address.

Any ideas will be appreciated.
Kevin

KeVin M

Re: ipsec/vpn address puzzle/query
« Reply #1 on: June 22, 2003, 06:43:43 AM »
Well we fixed trhe problem with a tweak to the startup script on the target unix server (not SME). It now sets the users print queue based on the IP they come in from so the VPN allocating an address from DHCP ceases to be a problem.

Regards
kevin