Topic: SME Setup & VPN

[grahowler]

Hi

I used E-smith about 3 years ago for a cable connection. At that point I used it as a server/gateway and it worked perfectly, was always happy with it. Since that time I moved and couldn't get cable, so I had to get DSL. Since that time I have run a small network (2 computers) and had no problems with that.

Now, the netowrk has grown, I am setting up VOIP and I need to set up VPN access. I got a new DLink modem/router (DVA-G3340S) and got the netowrk up and running. The DLink runs an IP of 10.1.1.1, it has DHCP enabled and it handing out 10.1.1.2 - 10.1.1.5 to four computers on the network, so far so good.

The problem is that the DLink does not handle VPN, it only provides passthrough to a computer acting as a VPN server. So, it occured to me that SME Server would probably make a great option for this. Set the IP of the passthrough to the SME Server and should hopefully be up and running in no time. Here's where my problem starts...

1. I set up the SME Server (7.2) firstly as server/gateway, and while I could find it on the local IP I had assigned it, 10.1.1.200, and can get to the server manager via https://my-server/server-manager/ the test internet connection fails. (The machine does have two network cards for this purpose - I have one cable coming from the DLink into the SME Server, and another coming from it to a switch. All other machines are connected to the switch)

2. I then realised that the DLink handles the internet connection so the SME Server should probably be in server-only mode. So I made the changes in admin, it automatically detected the gateway IP as 10.1.1.1 so I let it go. After setting it and rebooting it the Internet connection still failed.

During this attempted set up I have always had the SME Server to handle DHCP, and have tried various settings with the DLink, DHCP switched on and off. I've also tried disabling the firewall on the DLink and that hasn't helped.

So my questions comes down to...

a) How should I setup this SME Server for this network?
b) How do I get the VPN working once I get the SME Server working?

Thanks in advance!

[billi]

I do this (im assuming a Windows workstation on the outside)
On the Dlink port forward port 1723 to your .200 (server) Set the server to do VPN ( PPTP) . Set the server to handle DHCP .

I have a few server doing this.
If I am just doing a few admin tasks I like to use SSH into the server and "su admin"
Port forward Dlink to the server on what ever port you have SSH set to on the server.
or
Look here and explanation of port forwarding using SSH (putty)
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding
This works thru putty on Windows and through SSH client on a Linux workstation.

[cactus]

I do this (im assuming a Windows workstation on the outside)
On the Dlink port forward port 1723 to your .200 (server) Set the server to do VPN ( PPTP) . Set the server to handle DHCP .

I have a few server doing this.
If I am just doing a few admin tasks I like to use SSH into the server and "su admin"
Port forward Dlink to the server on what ever port you have SSH set to on the server.
or
Look here and explanation of port forwarding using SSH (putty)
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding
This works thru putty on Windows and through SSH client on a Linux workstation.

If you are also considering using SSH I suggest you also read the howto on SSH public and private keys

[girkers]

I think as you have stated the first problem is that your SME server can't talk to the internet. I have a similar setup to yourself and use SME as server only, although I use the SME server as the DHCP server.

I only have a single NIC in my server and have it serve DHCP to the network, which is really what you will need to setup VPN as the VPN server will need to hand out IP addresses on the private network. Here is how I have my network.

x.x.x.1 - Router
x.x.x.10 - SME
x.x.x.81 - 89 DHCP Leases

The DHCP leases service both internal computers and those that connect through VPN, in the server-manager under the Security tab click Remote Access and there is a setting for Number of PPTP clients, set this to the maximum number of clients you expect to have connected through VPN. Be aware (trap for young players) that the number you use here will set aside that number of IP addresses for VPN connections from the range you have set for the DHCP server. E.g. you have range x.x.x.80 - 89 (10 Addresses) set for DHCP and you have 6 internal computers and set the No. of PPTP connects to 5, you will not have enough IP addresses for internal computers as there will only be 5 available.

With the SME's connection to the internet ensure you have the D-Link's IP set as the Gateway and DNS server.

[grahowler]

Thanks for the replies eveyone.

I am really showing my lack of networking understanding because I haven't actually had a win yet, but I am perservering. Girkers, I haven't had a chance to try your suggestions, but I will.

Thans again, appreciate the input!

[cactus]

The DHCP leases service both internal computers and those that connect through VPN

AFAIK that is an incorrect configuration, you VPN range should fall outside your default DHCP range (on the SME Server) as well as the subnets of both networks should be different: http://wiki.contribs.org/SME_Server:Documentation:User_Manual:Chapter1#VPN_Access

Be aware (trap for young players) that the number you use here will set aside that number of IP addresses for VPN connections from the range you have set for the DHCP server. E.g. you have range x.x.x.80 - 89 (10 Addresses) set for DHCP and you have 6 internal computers and set the No. of PPTP connects to 5, you will not have enough IP addresses for internal computers as there will only be 5 available.

Above solution should also resolve this problem...