Topic: Sean Gray PPtP Multipoint routing problem

[Luis]

Hi!.. i have 2 SME with adsl connection both.

I need routing betwen lan's..

I use 192.168.2.0 net address for "SME server" and 192.168.1.0 net address for "SME Client".

I Configure pptp client, connect to server and have full access to .2.0 lan  on server (server and other host on this lan)

In the server side, i can ping to "SME client server" and have reply from server but  don't have reply from other host in the "client lan".

A "tcpdump -i ppp2" (tunnel) in the "SME client server" display packet from the "SME server machine" but echo reply is generate only for ping to "SME client IP address" and not for  other host in the client LAN.

Is this a Firewall configuration problem?..

The SME version are both SME 5.5U6

I am lost... thanks!!... and sorry by the english.

[Kelvin]

Hi Luis,

You're using the wrong tool for the job. You should be using the IPSec VPN contrib (check it out at contribs.org) and not PPTP.

Kelvin

[Luis]

Thank.. but i don't have Fixed IP address and IPSEC required this. ..

I Have sucefully implement IPSec with other SME 5.5 Server but i used ip fixed in both servers.

I recheck all step in PPtP Multipoint and review IPSEC HowTo

Thanks a lot.

Luis

[Kelvin]

Luis,

I believe the current IPSec contrib was supposed to address the problem with not having a static IP address. Check the contrib info again.

Kelvin

[Luis]

8(... i have not find any reference in the IPSEC VPN howto for a implementation with dynamic IP.

I am lost...
Thank's a lot..

Luis

[Kelvin]

Luis,

I'm not sure which how-to you are looking at. The how-to I'm referring to is hosted by Shad Lords.

If you look at the example setup given in the How-to, you will notice that the external IP of the sites are given as either an IP address or as a domain name. Now, assuming you are able to maintain your dynamic IP updated to your domain name (or one of the many dynamic domain names provided by dyndns and others), you should be able to use the IPSec contrib with dynamic IPs.

Kelvin

[Luis]

THANKS Again.. i find the howto in

http://lordsfam.net/downloads/production/freeswan/freeswan-howto.html

But this is only for  SME 5.6.

The big Diference in the configuration is that it not requiered external IP Gateway and the version for 5.5 requierd this.

THANKS Again..!!


Luis

[ryan]

Take a look at IPCop.  It installs on older systems and is a IPSec VPN router that allows for dynamic addresses.  I have put IPCop at each of my sites and have SME behind it either on the lan as a server only, or as a server gateway, with the external SME nic residing on the DMZ lan from IPCop.  IPCop also has built in Port Forwarding and Snort, plus it's web interface is easy and powerful.  The IPCop download is under 30mb...but is is only a router..no users, no email, no file or print server, so it is not a replacement for SME.  

My life is simpler know that I use SME for stock services.......trying to keep SME up to date while keeping the addon services working was a big headache for me.  

good luck,

ryan