Topic: IPSec using external Router

[kevin]

I hope this is the right section to post this in.

Anyway, I have a network using m0n0wall for my router/gateway and I have some mobile users connecting via m0n0wall's IPSec.  They can connect fine to everything (printers and windows machines), but cannot connect to the SME server ibays.  The server is set to server only mode.  I believe it is in the IPtables or Samba and have poked around a bit and searched the forums, but thought I would ask for some help before I mess things up.

What needs to be opened up on the server?

Thank you for any help.

--
Kevin

[jdavey]

Are your users connecting to SME resources via IP address or machine name? With IPSec, or course it's IP addresses only, and not names unless you set up a name server for those users.

[kevin]

We are using the IP addresses to connect. The clients are windows workstations.  I also cannot login to server manager.  I get a forbidden message so i believe SME still sees the IPSec traffic as an external address and blocks the traffic.  What blocks external IP's from connecting to SME?  Even though we are using an external router i would still rather just pinhole SME to allow access to the ibays from external addresses. I would like to open up the SME server a little and let the m0n0wall do its work.

--
Kevin

[jdavey]

I know that I frequently have to define the LAN gateway as the router (security: local networks) and add the remote ip range to administer the server manager remotely.

Does that make a difference for you?