Topic: No response from https via pptp client

[s2s888]

Hi All,

I'm running SME Server 7.3 and active pptp service. It works OK to access company server resources via pptp at my home pc. But there are no response to access https web site from my home browser (IE7), it's OK on http sites only.
Do you know how to solve it?

Thanks to all.

Samuel

[tmaleshafske]

Which Https are you trying to access?  If it is the Server-manager page.  by default it doesn't allow access from outside IP address meaing your external interface. if this is the case there is a workaround.

[s2s888]

I'm using windows (XP and Vista) built-in pptp client to access company vpn server at my home, and can goto any http web site except https (like Internet Banking or any run https Payment gateway).
Yesterday I change to use 3rd party vpn client and can goto any https web site now. But I hope to know how to solve on using windows client still.

Thanks!

[mmccarn]

I suspect that the 3rd party client is *not* using the PPTP server as the default gateway.

The Windows PPTP client sets your workstation's 'default gateway' to be the PPTP server by default - so that once you are connected, all network traffic is sent by your workstation to the SME server, then out to the Internet.  HTTP, by default, is proxied by the SME, and so will behave differently from other protocols.

You can "fix" this with the windows PPTP client by looking at the properties for your VPN connection, then the properties for TCP/IP, then clicking the 'Advanced' tab, then removing the check-box from 'use default gateway on remote network' (I'm on an Apple right now, so these quotes and prompts are from memory and may not be exact...)

[s2s888]

Thanks to mmccarn!
Fixed by untick 'use default gateway on remote network' on windows pptp client.
And, do you mean sme proxy server can't support outside https? Or should I disable
sme http proxy service if I prefer all traffic of http and https go via sme vpn?

Thanks!

[mmccarn]

My understanding is that proxy servers don't attempt to do anything with https traffic.

The theory is this:  How can you be sure your data is securely encrypted from end to end if you're really only talking to to a proxy server in the middle?

[s2s888]

Thanks mmccarn!