Koozali.org: home of the SME Server

VPNs again .... sorry ! - VPN Passthrough ?

jezrichens

VPNs again .... sorry ! - VPN Passthrough ?
« on: May 19, 2004, 12:48:49 PM »
have been running sme 6.0beta3 since last september, and as a linux novice I am delighted with it.
But I have run into an issue, not sure if its sme related or not !

I have 3 local users connecting through the sme to a third party IPSEC VPN server. the local clients run a cisco vpn dialer on a w2k pc.
One user can connect no problem, when a second connection is made both connections terminate.
I have trawled the FAQ's and implemented the commands:-
/sbin/e-smith/config setprop masq ipsec yes
  /sbin/e-smith/signal-event remoteaccess-update
but this didnt alter the situation.

Has anyone else seen anything like this, or does anyone have any sugestions. thanks

Jez

Offline MSmith

  • *
  • 675
  • +0/-0
My best guess would be ...
« Reply #1 on: May 20, 2004, 08:58:18 PM »
... that the machine at the far end won't permit two connections from one IP address, i.e. your external IP.  So you'll probably have to implement some sort of FreeS/WAN tunnel or the equivalent between your SME box and the doodad at the other end.
...

jezrichens

VPNs again .... sorry ! - VPN Passthrough ?
« Reply #2 on: May 21, 2004, 11:21:58 AM »
Thanks for the reply...I was concerned that the use of the phrase 'linux novice' and 'Cisco' in the same post might make me a forum outcast !!!!!

Back on topic...
I dont have control of the far end VPN server, so I can't confirm its config... BUT my temp' work around was to put in a cheap Netgear 'cable broadband' wireless router that supports VPN passthrough and runs the usual NAT and firewall functions. This isnt a 'nice' way to achieve an end but it works OK although I only had two user's available to test it. It to uses a single external IP address.

all of which leads me back to VPN passthrough on the SME ???  
What Im really confused as to why 'one' user will work, but once the second user trys to connect through the SME, the connection appears sucessfull to the VPN server, but then all end to end device connections (eg to separate mail server) just hang there at that point. Once all VPN connections are taken down there seems to be a timeout period of minutes when no user can connect before returning to a condition when any one user can connect OK.

any more thoughts, or is anyone out there using multiple IPSEC connection to a non SME device successfully ???

cheers

Jez