Topic: Remote VPN server connectivity issue

[Rakeshpaul]

Hi,
    I am using the SME server version 6.01 behind which is my LAN, so when i try to connect to the remote VPN server from one of the machines in my LAN it gets connected.But when i am trying to connect to the same VPN server using a diff pc from my LAN it is not able to connect(with the previous machine already registered to the VPN).The remote VPN server is configured to accept multiple machines with the same IP.They checked their log files it had the entry of one of the macine which was connected but the other machine entry was not there,neither its attempting to connect was found.They said it was problem with our SME server only.I couldnt figure out what could be the problem.I have allowed multiple users on the PPTN still the issue was not resolved.Then i configured DHCP for the internal LAN but i still the issue is not resolved.Can you please help me out in resolving the issue.

Regards,
Rakesh Paul.

[irian]

You probably have double NAT configured.
Does your server do NAT and does your router and/or firewall do NAT as well?

Did you install the server with 2 NIC´s?

[Boris]

Single NAT with PPTP will do the same. The problem is with PPTP (and IPSec for this matter) and NAT. When VPN connection is established via NAT, remote VPN server knows to send traffic back to the public (WAN) address of your SME server, which in turn sends it back to originating LAN PC1. If second session open, remote VPN server sends traffic for it back to the same WAN address, but your SME has problem forwarding it correctly to the second LAN PC2.

The correct approach for multiple connections to the same VPN server would be router to router (SME to SME, Site to Site) VPN. In this case PCs will not need to start VPN individually and share single existing tunnel.

[Rakeshpaul]

Hi,
    I was glad to receive the solutions from you.I will tell you the configuration of my server.I have configured the SME server in Router and Gateway mode.I havent configure the NAT on this so i think it wont affect as you had suggested.We are using the same server for connecting to the Motorola VPN but in that case we dont have any issue, we can have multiple logins on the motorola VPN (i.e MVP) from any machine in the LAN but when we try to connect to this other VPN server (provided by US Lec) then only its an issue.So we asked them to make a double check but they couldnt find the entry of the other mahine (with one machine connected to the their VPN) in their log files. Then i tried to stop the squid service and try and connect but it did not make any difference.One thing that we note a bit different is  :- We have two ISP providers, so we have configured two SME servers for different ISP providers with different set of LAN's behin them.Both the SME servers have two ethernet cards and is configured in the Router Gateway Mode(So one card has Public IP and the other has a Private IP).When we connect from one machine each behind the two different SME servers then they both get connected(i.e both the local machines are having different gateways ).But if we try to connect two local machine behind one SME server then it wont allow to connect, then it is on first come first serve basis i.e whichever machine gets hooked up first then that is allowed rest are unable to connect.So i think the situation is critical,if you can put some light on it.I tried all the options ,now the last thing left on me is going for a router to get rid of this VPN problem..I would be glad if you can resolve my issue and help me out.

Regards
Rakesh Paul

[Boris]

SME in the router-gateway mode (server-gateway to be acurate) does NAT. Hence you have Public and Private IPs on two interfaces. Squid is HTML proxy and does not affect VPN.
My previous post still valid. I would consider site to site VPN option.

[Rakeshpaul]

Hi Borris,
            I just wanted to enquire how to configure site to site VPN using SME server.What are the changes i need to do for configuring my server for site to site VPN.

[irian]

Site to site VPN:
ftp://funkylinux.com/pub/e-smith/HOWTO-assigned_PPTP_tunnel_for_multipoint

Martijn

[Rakeshpaul]

Hi Boris,
          I tried those scripts but no log files were created, we could not make out much details from the scripts that were given.Please can you help me out in detailing the scripts.i will give you the details
My SME server ip is : 192.168.102.50
Remote VPN server ip is :209.92.233.214
the two pcs that try to connect to the vpn are 192.168.102.4 and 192.168.102.26..
See if you can modify the files and help me out..I am using 6.01 version of SME server.
Remote server is not a SME server.

Regards
Rakesh Paul.

[Boris]

Remote server is not a SME server.

Do you know what it is? Collect as much detailes on the remote VPN server as you can. Protocols used, internal IPs etc..
You may need to contact network administrators on the other side for help.