Topic: Newbie Question PPTP

[jlariscy]

Does the server have to be set up in Server/Gateway mode to utilize PPTP. I currently have a server-only sme box sitting behind my SonicWall firewall and cannot connect to it using PPTP. I have opened PPTP ports on sonicwall and created one-to-one nat in firewall to give the server a public address. Any help would be appreciated.

Thanks,

jlariscy

[CharlieBrady]

Does the server have to be set up in Server/Gateway mode to utilize PPTP.

No.

 I currently have a server-only sme box sitting behind my SonicWall firewall and cannot connect to it using PPTP. I have opened PPTP ports on sonicwall and created one-to-one nat in firewall to give the server a public address. Any help would be appreciated.

You should seek support from whoever is supporting your SonicWall firewall. It's unlikely that you are seeing an SME server issue.

[DungaBee]

I have a similar question.  I have a separate firewall that can do PPTP on it.  The firewall is also doing DHCP for the network.

I'd like to have SME do the PPTP because then I only need to create the user account in one place and allow PPTP for that user.

Can SME act as the PPTP server while being in server only mode and not being the DHCP server?

My firewall has settings for IP ranges for the PPTP clients and things like that so that has me wondering how SME would handle it if it is not the DHCP server.

Thanks.

[aaron]

DungaBee, yes I have a 5.6 then upgraded to 601-01 SME doing just that - office has a DLink 604 router providing the gateway + internal DHCP services while SME is a set up to allow n PPTP connections. The Dlink Port Forwards the external VPN port to the internal SME machine.

As Charlie has said, most of the time when I've set up SME PPTP if there are problem connecting at first (or even in use over time in fact) the intermediate firewall is the cause and is either misconfigured or needs to be rebooted.

[DungaBee]

Thanks for the heads up.  I wonder how SME assigns IPs for the PPTP clients when it is not doing DHCP?

Guess I'll find out.  I know my FW can forward the ports and protocols for PPTP since that is an option in it, so I'll give it a try and see what's what.

[johnhebert]

Hello everyone - I'm a new member and first post:

My situation is similar to DungaBee. I was planning to install an SME server in Server only mode with 1 NIC and enable PPTP for remote VPN access. SME will be behind an IPCop firewall which is also the DHCP server. How will remote PPTP VPN clients get an IP address on the internal LAN? Will the SME PPTP server relay the DHCP requests to the IPCop DHCP server? Would it be better to install the SME in Server/Gateway mode with 2 NICs and make it the DHCP server for the internal LAN? I want to keep IPCop as the external firewall. Would it be redundant to set it up like this: Internet->IPCop->SME->LAN?
If it makes a difference I want the PPTP VPN clients to be able to access other internal resources on the LAN not just the SME box itself.

[billmakr]

change the router you are using to MoNoWall and let it be firewall,pptp,ipsec tunnel etc. for your network and leave the sme in server only mode. that way all can be satisfied. this is address for monowall. It is a killer router and rock solid. The price is also right its freeware. I suggest if you make use of it you give a donation just as you would here to supprt SME.


http://m0n0.ch/wall/

[girkers]

I wish to know why you are using your Firewall as the DHCP server.  I am using SME in server only mode and as my DHCP server. My firewall is a hardware router and is exactly that, I do it this way to separate the external functions to the internal.

Think of it this way.  The router is a "bridge" between the inside and the outside world. The SME server is "GOD" in that it handles DNS requests, proxies the web, handles email and gives out IPs through DHCP.

Just my logic.

[DungaBee]

change the router you are using to MoNoWall and let it be firewall,pptp,ipsec tunnel etc. for your network and leave the sme in server only mode. that way all can be satisfied. this is address for monowall. It is a killer router and rock solid. The price is also right its freeware. I suggest if you make use of it you give a donation just as you would here to supprt SME.


http://m0n0.ch/wall/

I use a similar firewall in my installation that does PPTP as well.  My hope was to have SME do the PPTP control so that I only need to add users in one place.  With my current setup, I need to add a user to SME and then also add them to the firewall, if I want to allow PPTP access for them.

[johnhebert]

billmakr - I looked at MoNoWall but I like IPCop for transparent proxy with content filtering (Cop+ and Adv Proxy) and antivirus  (Copfilter) which MoNoWall doesnt seem to support AFAIK. I also would prefer PPTP on the SME box so I only have to create users in one place like DungaBee.

girkers - I like DHCP on the firewall router so that I have  internet acess (firewall/av/proxy/filter/dhcp) seperate from SME so that if SME goes down my users can still get on the internet. SME primarily will be a fileserver and intranet server for internal LAN.

So, will PPTP work with IPCop as DHCP and SME as Server-only with 1 NIC? Or must I have DHCP on the SME (Server-only or Server/Gateway)?

[tog]

The pptp server on the SME box will assign ip addresses to the pptp clients.

I believe dhcp is not involved at all.

It seems SME uses ip addresses from the top of the subnet:

I am on 10.2.2.0/255.255.255.0 and SME pptp starts assigning ip addresses at 10.2.2.254, 10.2.2.253 (i am pretty sure)

[tog]

I was half right.

It seems that if DHCP is enabled, SME will assign from that pool of addresses.  If DHCP is off, it will assign from the top of the subnet.