Topic: VPN question SME 7.0Pre4

[AiJ0k3r]

OK maybe my posts do not have enough information so ill try to add a bit more.  I have a Windows 2000 domain with about 25 clients, 1 Windows 2000 fileserver 2 SuSe file servers one with a Nagios system monitor a secondary Windows 2000 BDC I would call it, 2 Linux and 1 Windows mail servers.  I have Exchange running on the main DC only for internal mail and folders.  I just would like to know if the VPN in SME server 7.0Pre4 would allow me to access my domain and its shared resources from outside my local area network. Because if this is not possible I’ll look for another solution.  I have set the VPN access to 4 and set me to have VPN access on the SME Server.  I can connect from home using a Windows XP pro machine, the server verifies my user name and password and enables the connection but I have no access to shared resources.  If I need to add more information please let me know. One more note: the workgroup on the SME Server is set  the same as my domain without the .prv convention ie: sme server is workgroup and windows domain is workgroup.prv my home computer has a different workgroup and is not on the domain.

[tog]

What exactly do you mean by

but I have no access to shared resources

What resources are you trying to access?  if you are trying to go to to \\serverName in explorer, the issue may very well lie with name resolution.

If you have a local DNS server at work, you can tell the pptp connection to use it.

I have had great success with accessing network resources through a pptp vpn.  I am able to access \\computername in explorer, access http://localComputerIPAddress in a browser, etc.

Accessing exchange resources would be no different, you just need to get to the point where you can resolve the exchange server's name to an IP through the vpn.  OR access them explicitly by ip.

Once connected from home, can you ping work ip addresses?  can you ping any hosts by name?

Also, it may be a credentials thing.  You may need to login to resources using domainName\UserName

Or, I am telling you a whole bunch of stuff that you already know.

[addodge]

One thing i learned is that you have to manually specify the wins server in the vpn properties.  I usually specify the sme's ip since that is what i use to hand out dhcp, but seeing as you already have a pdc, you might have to specify that ip.  It also helps if you goto the hostnames tab and specify there the name and ip of other computers on the network.  That way you can use \\server to access the other machines.  Hope this helps a little.
Andy

[gordonr]

One thing i learned is that you have to manually specify the wins server in the vpn properties.  I usually specify the sme's ip since that is what i use to hand out dhcp, but seeing as you already have a pdc, you might have to specify that ip.  It also helps if you goto the hostnames tab and specify there the name and ip of other computers on the network.  That way you can use \\server to access the other machines.  Hope this helps a little.
Andy

If the SME Server is the domain controller, PPTP will hand out its IP address as the WINS Server and browsing will work.

If you have another WINS server, you can do this:

Code: [Select]

config setprop smb WINSServer 1.2.3.4
signal-event remoteaccess-update

[AiJ0k3r]

The SME server is not the Domain Controller or the DHCP server.  The SME server has an external static IP that is routable and an internal IP that is the same as my LAN.  The Win2k server is the DHCP, WINS and internal DNS with DNS forwarding.  The LAN is behind a router with NAT on another static IP. I can connect to the SME server from home, it verifies my user name and password and registers my computer on the network but I cannot see the SME server or any other resources on that network.  Also if I ping the internal address of the SME server it times out.  I feel like its almost working just not sure where to go next.  Ill try the smb settings for the WINS server next.
Thank you all for the reply

[tog]

Keep the faith.  I had to wrestle a little with pptp but it's working slick now.

WINS won't help if you can't ping the ip.

What is your IP address when you connect?  What is your Lan's network id?  Are they different network ip's?

One SME box I set up as a pptp server only was assigning addresseses to pptp clients from an arbitrary network address (192.168.1.x) but I was using a 10.x.x.x network address.

I had to:

shell in as admin
turn on dhcp
configure it to use an ip range from the correct network address
exit
shell in again
then disable it again

Then the pptp server assigned ip addresses to the pptp clients using the right network address.

I am sure there is an intelligent way to configure but I do not know what that is.

[tog]

Once we figure out if there is an ip address issue, we can address telling SME about the Windows WINS/DNS server.  Then the pptp clients will resolve names through the vpn using the windows server.

[AiJ0k3r]

Connection Status

Device Name               WAN Miniport[PPTP]
Device Type                 vpn
Server type                   PPP
Transports                    TCP/IP
Authentication               MS CHAP V2
Encryption                     MPPE 128
Compression                  [none]
PPP multilink framing       on
Server IP address           192.168.1.45    This is the internal SME address
Client IP address            192.168.1.247

ipconfig /all
Description        WAN <PPP/SLIP> Interface
Physical Address 00-53-00-00-00-00
Dhcp enabled      no
IP Address          192.168.1.247
Subnet Mask        255.255.255.255
Default Gateway   192.068.1.247
Dns                     192.168.1.72
Primary Wins server 192.168.1.72

This is what I get when connected, not sure why dhcp is no or why the subnet mask is like that, also the ip and df are the same???
thanks for the help so far...im sure its close to working

I did try the dhcp on SME but it still had the same results with the connection.

[tog]

Yeah, the ppp connection uses it's own ip as the gateway and the subnet mask should be that way.  I am not familiar with the internal workings of that, but that's how it is.

The network at work is indeed 192.168.1.x?

Now can you ping the sme server?

These is a slim chance that the ip 192.168.1.247 is too high.  i know that sounds crazy, but one time I had a win 2k boxx that couldn't talk to the other machines without it's ip ending in a number < 100.

when you configured dhcp on the sme what range did you set?  When you then turned dhcp off, did you clear out the range values?  can you add a range of, say, 192.168.1.20 - 192.168.1.25 to test?

[AiJ0k3r]

i got the server to assign a lower address but it still does not let me access recources on my network.  I can vpn to my wifes work from my home machine and i can access all the recources on that network, I can even go to whatismyip.com and it shows the ip of their location.  thier server is Win 2003 it acts the same at the connection time and all ip's seem to be in correct order.  I cant understand what is wrong it should just work from what i've seen from both connections.

[tog]

That sounds frustrating.

I am sort of grasping at straws here, but is there any chance of the vpn communication being blocked by Norton or similar security software?  Some have to be configured to communicate on certain network id's.

Once connected, if you double-click the connection's icon in the lower right corner, does it show packets being both sent and received?

Is there a chance that the ip address you are getting is already in use on the network?

You seem to be connecting consistently, you're getting assigned a valid ip/gateway/etc, the packets just aren't getting through.

Have you tried connecting to/pinging remote computers directly by 192.168.1.X ip?  We want to rule out name resolution.

and you're certain the SME can ping local hosts?

[AiJ0k3r]

Ok some more interesting information, I updated the WINS on the SME server and then tried to connect from my work computer to the VPN, it connected and I was able to connect to the internet through the VPN.  I cant tell about the network shares because I was still on the LAN but it seemed to be connected.  Also note that when it is working the sent and received packets both keep increasing but when I connect and it doesn’t work the sent increase and the received stay at around 400 consistently.  I went home and tried it again but it still didn’t work it connected but no access to shares.  Now get this I VPN to my wife’s work and then VPN through this tunnel and I can access the internet and it shows my work IP but I cant access network shares.  I use charter cable internet at home and its sbc DSL at work I called SBC and they don’t block VPN but I haven’t asked charter yet is it possible that my isp can block vpn to sbc and not to the T1 line at my wife’s work? That is all the new info I have for now
Thanks for the help so far

[tog]

For me dns name resolution works better than wins through the tunnel.  I have no idea why just yet.  And I don't mean broadcast wins resolution, I have a wins server.


I now have a few questions.  

tried to connect from my work computer to the VPN, it connected and I was able to connect to the internet through the VPN

Did you mean you connected to the SME while on the same lan it is on?  Your work computer is where the sme is, correct?

Also note that when it is working the sent and received packets both keep increasing but when I connect and it doesn’t work the sent increase and the received stay at around 400 consistently

So it is working from time to time?  The fact that anything is coming back is good.  Unless windows is mis-reporting.  Most likely, you're getting data through successfully.

Regarding ISP's, PPTP uses protocol #47 (not port, a protocol) AND tcp.  It is not unheard of for an isp to tighten the traffic it allows to flow through its pipes.  I had ipsec crap on me once because of an isp.

I really need to know, before we go any further, if you can directly ping the ip address of any computer through the tunnel.

Can you ping the SME?
Can you ping any of the other lan servers?