Topic: PPTP VPN out through SME 7

[Uncle]

I'm really stuck. I've just trolled through pretty much every scrap of documentation and postage I can find but I still have absolutely no idea how to solve this.

I'm running an XP box behind SME Server 7 and the server is connected to a router. I want to VPN out from the XP box through the server to a remote site (using built-in VPN of XP) through the router. The problem is that no matter what I do I just can't get it to work. If I skip the server and connect directly through the router evrything works fine. As soon as I go through the server first it's a no go. The server has the proxy enabled because it has to be. I also have to use PPTP.

Is there some configuration I must change to get this to work? Please can somebody give me a hint or two on how to sort this out. Will owe many favours!!

EDIT: I've also heard that certifcates or keys and things are involved in here somewhere... could these maybe be the problem?

[Uncle]

Not including this in edit since kinda separate.

I've done a couple of tests and this is what I've found out:

• I can ping the VPN server from the SME server
• I can ping the VPN server through the SME server
• I can telnet into VPN server port 1723 from outside SME server and through router
• I can telnet into VPN server port 25 from SME server
• I cannot telnet into VPN server port 1723 from SME server
• I cannot telnet into VPN server port 25 trhough SME server (end up telneting into SME server port 25)

So it pretty much looks like there is something up with port 1723 on the SME server. So either it's blocked or something bad is happeneing there. Does anyone know how to check which it is?

[CharlieBrady]

I'm really stuck.

Please report the details of your problem in the bug tracker. Thanks.

[tandum]

You are right, [edited for content]. Sometimes it works but more than often it doesn't.

And it's been reported to bugtraker multiple times.

The best option is to avoid the SME server if you want to VPN out, don't VPN though it.

[mmccarn]

I VPN out through SME servers regularly with no problem, and have on every version since 6.0.1.

PPTP VPNs have many very specific requirements, hence the earlier request for more information.

If you have opened a bug report, you have probably been asked by now to provide the output of /sbin/e-smith/audittools/newrpms - there are some contribs and howtos available that would block outgoing traffic from behind your SME, but SME does not do this by default.

When you 'telnet into VPN server port 1723 from outside SME server and through router' are you using a system with the same IP as the SME?  If not, your router could be blocking traffic from the SME WAN IP and you wouldn't know it...

[CharlieBrady]

I'm running an XP box behind SME Server 7 and the server is connected to a router.

You're less likely to have problems if you use SME server as the router - perhaps by converting the router to a simple modem (aka put into bridge mode) if your router includes an ADSL modem, or get rid of the modem, if you have separate modem and router.

[Uncle]

The router has to stay where it is. It's connected to a lot of other things as well so it can't simply be changed out. Well, technically it can but I'm not in the position to do so if you catch my meaning. I've checked the router and it's configured to allow all the necessary traffic in and out. If port 1723 was blocked by the server for some reason, how would I open it? Is there anyway I can actually check it?

As far as contribs go, I only have horde webmail, groupoffice, sme7admin and vacation messages. I also have php5 running there but that shouldn't have anything to do with the ports.

I've checked and the server is listening to port 1723. Is it possible that it might somehow intercept my VPN through the server?

As things stand now I'll have to connect directly through the router and forego SME altogether.

Thanks for the help so far guys, I'm pretty sure something's gonna click soon.

[CharlieBrady]

If port 1723 was blocked by the server for some reason, how would I open it? Is there anyway I can actually check it?

SME server doesn't block any outbound traffic. It does capture outbound port 80 and port 25 traffic, but that's not causing the issue here.

I've checked and the server is listening to port 1723. Is it possible that it might somehow intercept my VPN through the server?

No, that doesn't intercept VPN, but might affect GRE passthrough.

Report the details of your issue via the Bug Tracker.

[Uncle]

Well, I've resorted to connecting directly through the router. It isn't really worth the hassle of going through the server. I know there's also been some trouble actually VPNing into the server as well so these two problems might be interconnected.

Thanks again for all your trouble and effort.

[CharlieBrady]

Thanks again for all your trouble and effort.

Because you didn't report your problems in the bug tracker, we are no closer to identifying and fixing the problem (or problems), so you have wasted our time.

[Uncle]

Ouch! Nobody said I wasn't going submit it on the bugtracker. I've been really busy so I haven't had the time to submit a decent bug report. I have a significant break today so I'll be posting it later. I can't guarantee it'll be all that useful but it'll be there. I really think the problem lies with this server specifically and isn't a problem with sme.

One of my favourite sayings: Assumption is the mother of all... 

[tandum]

You are right, [edited for content]. Sometimes it works but more than often it doesn't.

I should clarify that one. I'm taking about VPN'ing though one SME server to another SME server.

I dunno if that bug ever got fixed or not.
I just put my server to one side and vpn directly through my router instead.
That gave me a 100% success rate.