Topic: PPTP VPN problem (Solved)

[imcintyre]

I have been using the Openvpn contrib for some time with great success using SME 7.1.2.

Remotely, I can use the samba shares, manage my server, and get onto the private wiki that I run.

To help someone who cannot run Openvpn (an apple issue) I opened a couple of PPTP users, I however run Winxp pro.

Using the pptp, I can connect and see the Samba shares but cannot connect to the server manager or the wiki. I get the error

The website declined to show this webpage
 HTTP 403  
   Most likely causes:
This website requires you to log in.
 
   What you can try:
     Go back to the previous page.
 
     More information
 

Apparently this error indicates that IE can connect to the site but I am denied connection. I tried changing the security settings on my xp machine in regards to the connection but nothing seemed to work. Any constructive suggestions would be appreciated.

Thx in advance.

[imcintyre]

Now things are getting more difficult/interesting. I pptp'd (not openvpn) and opened server manager using firefox, closed and then opened using IEv7.  -- all good

I disconnected and then pptp'd in and tried using IEv7 and got forbidden message. I tried using firefox and got forbidden message also.

I disconnected again. Pptp'd in and tried firefox first and was forbidden again for both firefox and IE.

Could it be something with connecting and then disconnecting?

Any help would be appreciated.

Ian

[imcintyre]

Further developments, using either Firefox or IEv7:

If I use https://myserver.mydomain.com/server-manager, I get refused.

If I use https://192.168.xxx.xxx/server-manager, I get told that I have a certificate issue but if I click ok I get in.

When I use Openvpn contrib by Vip-ire, I get access by either method. I previously loaded the certificate for https://myserver.mydomain.com/server-manager so I don't think that is the issue.

Any comments, might this be a bug or am I ignorant of some security issue? I'll raise a bug issue anyways.

[gippsweb]

I don't think it has anything to do with VPN or the browser you are using.
We are seeing something similar here on the LAN since upgrading to 7.1.2 but I haven't had time to troubleshoot it yet.
We get the error depending on what name we use to access server-manager, I find the external domain name and ip address works without a problem but the servers actual computer name doesn't where as it did before the upgrade.
Bit of a bugger because the pc's name is only 3 digits, a lot easier to type than either the domain name of ip address.

[raem]

imcintyre

You need to ensure that WINS is configured correctly in your VPN client and that all the paths your VPN connections passes through support WINS.
Not all routers support WINS correctly.

You may therefore always need to use IP type URLs when accessing via VPN.

[imcintyre]

Thx for the replies.

gippsweb;

I can't comment on whether this is related to 7.1.2, because until now, I have used the Openvpn contrib by Vip-ire. Using this contrib I have been able to use pc names. It was only after I upgraded that I had to use this method to allow an Apple pc to connect (because could not configure Apple to use Openvpn).

As I was working this connection method out, I noticed the problem. If it did change between 7.* and 7.1.2, I guess that would make it a bug. Read Raymitchell's note about routers as maybe your connection hardware or location changed at the same time.

If still a bug, please add on to my bug

http://bugs.contribs.org/show_bug.cgi?id=2724

RayMitchell;

See my note above, re has there been a change. I only noticed this issue/problem as a difference between using the Openvpn contrib or using a connection setup using typcial WinXPpro/home connection setup with the "New Connection Wizard". I can work around the issue but I found it curious so I thought to look around then raise this post.

Because I only VPN back and forth between home (SME in gateway/server mode) and work (brand name appliance), I know that the route taken is identical. We outsource our IT at work, so I will check if there was a firmware upgrade but I know that the hardware has not changed. I can make the problem go away if I use Openvpn, so this seems to point to some fundamental difference between the two.
 
I can't remember if I use addresses or names when I VPN into work(not using Openvpn) so, I will have to check as I left my computer at work last night. Should be quick check as I have a bunch of shortcuts.

Actually, as I recall, I think I gave the apple person my server name, not numeric address. They connect from a couple of locations, I'll ask them but I may not get anything beyond "does work = is good, doesn't work=is bad".

And last but not least, I am sure I was able to connect once using firefox and server names as I mentioned abouve. I will try to confirm again today. I have a nagging suspicion that I may have temporarily had both pptp and openvpn connections on the go.

[imcintyre]

RayMitchell;

You were right, I am using the local ip addresses when I vpn into another  network using PPTP. It's curious that Openvpn contrib by Vipire does not seem to require this.

Ian