Topic: VPN woes

[slewis1972]

Ok - setup the server - great. NOw its at my mates.

Give the server - 192.168.0.20 ip

He has a Netgear DG834 wireless adsl router.

Anyway - setup VPN access for admin
I can login to the server via vpn but when I go:-

http://192.168.0.20/server-manage - the border starts to loan but the rest just stops

Also - trying to get putty to work aswell via vpn but there is no instructions for server version 6 and the ones for 5.1 dont seem to work. Unless of course its an issue with the router as set it up to allow incoming on VPN PPTP and go straight to 192.168.0.20
but do I need to allow Outgoing ports for the vpn service?

Scott

[MSmith]

I actually started to poke around a bit but decided you should do some of the legwork ... how about posting a link to the Netgear's manual so I or someone else can have a look at how it handles VPN passthrough?

[slewis1972]

Thanks for the help.

Ok - heres the bit about port forwarding:-

http://kbserver.netgear.com/kb_web_files/N101145.asp#FR114PAnchor

and need to go to the section ref DG834G

As I said, I have enabled incoming - gave it an ip to goto of 192.168.0.20
I can connect via VPN but cannot get on via putty to use ssh but alos not access server-manager

Scott

[bobk]

Check the FAQ on ports to be forwarded when using a router - http://no.longer.valid/phpwiki/index.php/InstallationFAQ#portslist

There is a link to the current PuTTy HowTo there also.

[slewis1972]

Hmm, that documentation on putty is what I used.

OK - will try and manually add 1723 to incoming but already selected it as its a common port.

One issue though - I have DHCP turned off via the sme-server. And I cannot give my vpn a static ip as get error 1723 - as the server wont allow. So - which I cannot confirm - does DHCP have to be on with the server?

Scott

[bobk]

Check out this thread http://forums.contribs.org/index.php?topic=25843.0

Also

The SME VPN server must be able to assign dynamic internal IP addresses via DHCP for whatever limited range of IPs you wish to be available to your VPN client(s). If you have another DHCP server on your internal network you can disable DHCP on your SME server but only after you have first enabled it for some range of addresses. This will still allow your clients to recieve an IP address when they connect even though the SME server is not providing your internal workstations with addresses. The range you set on the SME server must not conflict with range on already functioning DHCP server on your network.

Howto Setup VPN to use specified IP addresses
1. Choose the IPs that you want.
2. Make the custom template fragments:
mkdir -p /etc/e-smith/templates-custom/etc/pptpd.conf
3. Create the template fragment needed:
touch /etc/e-smith/templates-custom/etc/pptpd.conf/remoteip
4. Edit the fragment with your favorite editor and insert these contents:
remoteip <ip-range>

ip-range will be the range of IPs that you want to use. It must be in this format:

10.0.0.230-240 would specify IPs 230 through 240 are usable

5. Save the file and expand the template:
/sbin/e-smith/expand-template /etc/pptp.conf
6. Restart the pptpd service:
service pptpd restart
7. Test the VPN by making a connection and check your IP.

[slewis1972]

OK - followed those instrcutiosn to the letter - alos used the other guide.

I can now get in via VPN - get an ip address of 192.168.0.250

Ok - BUT I cannot see the workgroup computer

And I cannot get putty to work.

plus - access to :-
https://192.168.0.20/server-manager
http://192.168.0.20/server-manager
are both non starters.

Is it the router as 1723 is enabled as a service to allow incoming.

Scott