Topic: VPN ports

[CKConsulting]

Layout:
SME 6.0.1-01 server at my house
SME 6.0.1-01 server at my clients

I'd like to VPN from my XP laptop (at Home) to my clients SME server.  It works fine from outside my SME box but errors out when behind my SME box.  I opened port 1723 on my SME but it still doesn't work.

Do I need to open more ports?
Any other suggestions?

Thanks,
Rick

[CKConsulting]

I guess I'm the only one in the world that has tried to VPN from behind an SME server to and SME server.  

If anyone has done  successfully or unsuccessfuly please let me know.

Thanks,
Rick

[smeghead]

.. I do this all the time (I have about 20 servers in my favourites list).

No special settings required for me!

Just setup the VPN connection on the w/s at work/home and have the VPN option ticked on for the username on the remote server.

My server is a patched Mitel build 6.04 in server/gateway mode sitting behind a SPI ADSL router & ADSL modem (double NAT'd) - port forwards are just the usual suspects; i do not have 1723 open on my server.

WinXP Pro box is fully patched, with a/v & anti spyware software running.

Check your server logs for anything unusual.

[CKConsulting]

Thanks for the reply.

I have a very similar setup with a linksys VPN router.
With the SME server in the DMZ. pptp is enabled.

The VPN works fine until I get behind my SME 6.01 custom server.

mmmmmmmm

I set the ports back to default state and try it.
Rick

[briank]

Hi Rick
You don't need to open anything on the SME but for PPTP your router must be able to pass GRE protocol 47 and port 1723. Sadly not all do. See if there is a bridging mode you can use on the router.
Regards
Brian

[CKConsulting]

If I plug my laptop into my router I can connect just fine.  It's when I get behind the SME server.  I have PPTP enabled on the router and my SME server in the DMZ on the router so all traffic should be going to that IP.

What log can I look at to give me more info.

Rick

[briank]

Yes I understand that you can get PPTP through your router but do you plug your laptop into the same DMZ?
I don't think there will be a log on the SME as it is not handling the pptp connection but have a look in messages. You could also temporarily turn on logging all denied packets
/sbin/e-smith/db/configuration setprop masq Logging all
/sbin/e-smith/signal-event remoteaccess-update
This will log all denied packets to messages log and may show you if SME is blocking for some reason.
Logging levels are all, most, none.
Good luck
Brian

[CKConsulting]

Sorry for the delay, I've been out of town.  I'll try the logging and see if it gives me any clues.  

Thanks for the suggestions,
Rick

[Pete1]

Hi Rick,
I had the same problem with my server setup with a router running dmz.  (I guess the router could not pass GRE packets) My router had a 'half bridge' mode I was able to put it in, and setup external interface to get ip via dhcp. My external IP now appears on my external interface and I can now connect to remote vpn servers through my SME 6.01 box.
Hope this info may help.

Pete.

[MSmith]

Home server is 5.6u6, PPTP works great to SME Servers, v. 5.6 and 6.0.1, also to Snapgear SME550s, which I'm learning to like quite a lot.  (The SME550s cost $500 U.S. but they also have IPSec VPN and PPTP client AND server capabilities, which many router appliances don't.