Topic: pptp client setup help

[brian kirk]

Hi - have given up on ipsec between two sme 5.5U6 servers as I think ipsec port 500 and protocol is not getting through one of the routers. So as second option I have tried to setup pptp client a la Lloyd Keens post to this list last Dec.
The client tries to connect but log shows
Using interface ppp1
pppd[24329]: Connect: ppp1 <--> /dev/pts/6
pppd[24329]: LCP terminated by peer (peer refused to authenticate)
As far as I can tell I have given a valid server machine user a/c and p/w in chap secrets. Any help appreciated with this.
Regards
Brian

[Michael Smith]

What are you trying to accomplish?  If you're trying to access a remote SME server from a specific workstation you'd want to set up the PPtP connection from that workstation, not from the local SME server.  Or is the workstation non-Windows?  As for IPSec, I've had a production VPN running across half a continent since shortly after 5.1.2 came out.  It didn't work until I got *everything* exactly right in the setup, then it did work and has continued to do so, reconnecting automagically after all outages scheduled & unscheduled  (knock wood!).  The only thing that doesn't work is NetBIOS browsing but we've gotten around that.

Looking back I see you have a dialup on one end.  How about a few more details?  Do you have SME boxes acting as gateways/routers at both ends, or is there something else doing the routing?  You'll be happiest if the SME boxes have that role.  Believe me, it will work when you find the magic combination of settings in the IPSec VPN servermanager panel.

[brian kirk]

Hi Michael - tnx for the reply. I have been trying to join a remote office n/w to head office using ipsec. They both have static ips and one is behind an adsl router which I have opened and established from the logs is passing ipsec. The other end is a high speed wireless link with associated router. I can't tinker with this and was told that it passes ipsec but having spent several days and convinced myself I have got the setup correct at each end following Darrel May's howto - I have concluded that the ipsec may not be getting through this router.
from log - max number of retransmissions (20) reached STATE_MAIN_I1.
Both ends show tx activity but no rx on ipsec.
Because of this I have been trying today to set up a n/w to n/w tunnel with pptp, however if you would like some info on my ipsec it looks like this.
Central is:
Int IP 192.168.1.1/255.255.255.0
Ext IP 210.xxx.xxx.106
Ext Gateway 210.xxx.xxx.105 (this is gateway on the wireless router not my sme ext interface ip)
Remote:
Int IP 192.168.4.1/255.255.255.0
Ext IP 219.xxx.xxx.232
Ext Gateway 192.168.100.1 (the adsl router gateway)

I have swapped their public keys and set up local n/ws
Central has local n/w added 192.168.4.0/255.255.255.0 with router 192.168.1.1
Remote has local n/w added 192.168.1.0/255.255.255.0 with router 192.168.4.1
I have tried leaving router as default.
Central has remote's Int IP 192.168.4.1/255.255.255.0, remote's Ext IP 219.xxx.xxx.232 gateway 192.168.100.1.
Nat'd and encypted all YES - Server
Remote has central's Int IP 192.168.1.1/255.255.255.0, central's Ext IP 210.xxx.xxx.106 gateway 210.xxx.xxx.105.
Nat'd and encypted all YES - Client
The only possible error I can see here might be the gateway addresses.
Regards
Brian

[Michael Smith]

The gateway addresses were what finally turned the trick for me.