Topic: Egg on my face thanks to 619 woes

[MSmith]

My sad story, herein.

Bigwig client: not too computer savvy but brokers multimillion-dollar real estate deals, fortunately good-natured.  

Me: fairly savvy but no six-figure commissions.  

The server:  Bone-stock SME 6.01-01.

The VPN client:  Dell Latitude laptop XP SP2.

The laptop was running Windows 2000 and had never left the office; bigwig heard that I'd set up a remote access solution (which I use almost daily, from a Win2K machine behind a SME 5.6u6 server).  Bigwig wants to take his laptop on a trip & connect to his Exchange server.  So I take the laptop, upgrade it to XP SP2 (probably my big mistake, but it's so much nicer for wireless connections & security) and test the PPtP VPN successfully about a gazillion times.  (Okay, not a gazillion really but at least half a dozen successful attempts and NO failures.)

He's leaving town today, so we walk across the street to another client's office for me to show him how to use his new capability.  I'm feeling pretty good about this and confidently fire up the desktop icon.

"Verifying username and password" ... for far, far too long.  Then the axe descends in the form of the dreaded 619 error.

I'm red-faced & stammering, as I've successfully connected several times with this laptop, and Outlook was perfectly happy talking with the Exchange server (hint:  entry in HOSTS file).  He goes away after poking some fairly good-natured fun at me; I slink away to my office figuring there's something funky about Office #2's setup that's interfering.

In my office, using the EXACT SAME setup under which the laptop connected several times without fail, it won't connect even ONCE.  My 2K workstation, on the same network (though it has a static IP, for what that's worth), connects about 1 out of 3 tries.

Nothing I try works, including rebooting the SME Server and the recent KB884020 VPN issue fix from Microsoft.  Time's ticking but I figure what the heck, I have skills, let's see if OpenVPN will do the trick.  I look up the HOWTO, roll up my sleeves & get started.  Oops, the bigwig's office network JUST HAPPENS to use 192.168.100.X for its IP range, just what the OpenVPN expects for the traveling side.  No problem, think I, I'll just adjust all the parameters that formerly read 192.168.100.X to 192.168.111.X and all that read 192.168.1.X to 192.168.100.X.

Service OpenVPN Start:    [FAILED]

So there you have it.  I'm technically humiliated and out of time and the bigwig is in the air, laptop-less.  C'est la vie.

[kmccarn]

For what it;s worth - I have several SME's in the Washington, DC area - which people vpn in to all the time. (probably have 12-20 connections at any given time)

AND - I have seen this problem many times.

I think it has to do with sunspot activity.

Our solution is to set the redial to 1 second - and, it may take 20 tries, but on the days when it's acting up - the client still gets through.

A more elegant solution - which we are rolling out - is to use the rpc over port 80 which is only availabe on XP-SP2 - then once Outlook is set up - you don't have to vpn - it just works. (inside and outside - same config)

 

[mophilly]

A more elegant solution - which we are rolling out - is to use the rpc over port 80 which is only availabe on XP-SP2 - then once Outlook is set up - you don't have to vpn - it just works. (inside and outside - same config)

I just got my first windows client (hard to believe, I know, but I have been lucky, I guess). Where can I read a bit more about rpc for Outlook in SP2?

[kmccarn]

Check out:

http://www.winnetmag.com/MicrosoftExchangeOutlook/Article/ArticleID/40018/MicrosoftExchangeOutlook_40018.html


 

[MSmith]

You think I'd INSTALL an Exchange Server anywhere I didn't absolutely have to?  Noooooo, this is an Exchange 5.5 rig working on NT 4 SP6, which is completely isolated from the general Internet.  (Though recently upgraded to mirrored 79GB SCSI drives.)  SMTP mail gets to it via (what else?) a SME Server acting as gateway/router/webserver.  So opening ports to the outside is Right Out.

The VPN solution is perfect ... when it works, which it doesn't seem to, often enough, especially with XP SP2.

[girkers]

With my limited experience with setting up VPNs is that IP address ranges can cause a big problem.
a
I will give you an example.  At work I was running a 192.168.101.x network configuration and the client I was connecting too was using 192.168.1.x No Problems.

At home I am running 192.168.1.x network and the client again was running a 192.168.1.x network and as soon as the connection was established, bang my network activity went to (insert expletive).

To get around this I found a tick box in the configuration for the VPN connection that says "Use default gateway on remote network"  when I took the tick out of this box I found that the VPN connection then worked fine.

I hope this helps, drop me an email if there is anything else, that my limited VPN experience may be able to help with.

[Peter]

Hi.
Been there, done that! Then went again and again give up. Could not maintain a reliable connection.

Put a D-Link VPN router in then walked away contented Oh! and so did my client!!

Peter  

[Ness]

Hi Peter

Which D-Link box did you put in?

I just need to replace a blown BT router with a reliable DSL router. LinkSys seems a bit wobbly so D-link may be a good choice.

In particular I need to support (ideally) No-NAT as BT are gave the old BT router a dynamic IP at connection and assign 5 statics for internal machines (SME Box will be the one - don;t know why they ordered 5!).

I could just switch off the D-Link firewall or even enable a DMZ that points to the SME's WAN IP.

How did you do it? Is there a "best way"?

Cheers!

Chris in Wales

[RobH]

Hi Everyone,

In answer to Peters statement, it's not a dlink box we use, it's a draytek vigor 2600 adsl router.

See - http://www.draytek.co.uk/products/vigor2600plus.html

You can buy online from insite - http://uk.insight.com/apps/brands/mfg.php?mfgcode=DRY

All you need to do is attach the router to your network, and activate the VPN via the remote teleworker wizard!

Rob.