Topic: can't see server on VPN

[indengr]

We had obtained and were setting up the Linksys RV042 on each end to act as the VPN tunnel. We won't be running programs exactly but we will be opening (and transferring) some relatively large files (50mB) with the CAD programs that will be running.  It will be necessary to have up to 10 workstations at each end simultaneously being mapped onto the SME server at the opposite ends (both ways). 

I had (niavely) thought that if we got the VPN tunnel set up between the two ends that the workstations at each end could see and utilize the same resources as the workstations at the other end. I realize there will be a speed consideration and we may need to go to a dedicated connection between the two offices. But the first step is to actually get the system working so we can actually map to the servers at each end.

[mercyh]

It seems that we are talking about two different things here. There are two very different types of VPNs.

Site-to-Site VPNs (for linking two entire subnets)
Client/Host VPNs (For single workstations connecting to a remote subnet)

It seems like indengr is trying to do a site-to-site VPN with his routers.

mary is describing the built in pptp functionality of SME (Client/Host). I am not sure what zatnktel is working on but it seems like he has also switched to working with a client/host type of VPN.

I would leave workgroups and dns out of this at the moment. I know that multiple subnets across VPN work with SME as I use it myself.

1. Build the tunnel in the routers. Make sure it is linked and that you can ping the LAN IP of the routers from both directions. This must be done from inside each side of the network RDP is your friend

2. Test if you can ping the Printer/other device IP addresses from either side of the network. Workstation addresses do not work well for this test as local software firewalls can make it look like the ping is not working but actually it is.

3. Be sure to add the 10.31.55.xx subnet to your Local Networks in Server-Manager on the office SME and 10.31.51.xx on the Home SME here: http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Local_networks

4. Test that you can ping the SME IP address from both networks.

5. Test that you can login to server-manager from both locations using the IP address of the server

6. If you can get all of the above working, you should be able to map drives using the IP address of the server. At this point you are ready to start working with DNS if you still want to be able to browse by machine name and workgroup.

[mercyh]

Once the VPN tunnel is connected on the routers I can see no reason why there should need to be firewall rules. Both networks will become trusted by the routers and adding the subnets to the local networks tab in server-manager should make them trusted to the SME.

[indengr]

mercyh:  Thanks for the clarification on the two types of VPN. We are definately talking about site to site VPNs.

I am not at the home end and do not have an SME there (I can easily set one up to get this all working).  We don't have an SME server at the other main office yet but will/can when we get to that setup.  I am trying to get it working between my home and office here first before trying to do Albuquerque to Minneapolis.

I can ping the computers from the home (without SME) to the office but cannot ping the printers. I have not added the other area IP's to the trusted yet.  I will work through your post and get it all done and see from there.

THANKS for the help.

[mercyh]

I can ping the computers from the home (without SME) to the office but cannot ping the printers.

This makes no sense at all unless the printers have some sort of security that only allows you to print from the local subnet or you have assigned an IP and not assigned a gateway. They must have the vpn router assigned as the gateway or they will not be addressable through the tunnel.

[indengr]

   simple when you know what you are doing.  The gateway on the printers is set up to the gateway of the ip address of the printers.  I will reset all the printers to have a gateway of the router just as the computers do.  THANKS.

[mercyh]

I think the only step that is left is to add the remote network subnet to the local network on the SME and you should be good to go.

[indengr]

I have gone through the steps and I can now map to a drive on the server from the remote site via the VPN.    I haven't tried to do it with one of the printers. Think I will concentrate now on getting the Network Neighborhood to work. Guess I am going to have to get WINS Server or DNS resolved for that.

I will be out of this office for a few days now, in the Minnesota office, so will concentrate on getting those sites working up to this level.

I was able to open a couple of files across the VPN using AutoCAD 2008. One file took 2 minutes and the other 8 minutes just to open. That means that we are going to have to do something significant to speed up the process. I found that Redriver and Cisco both have application accelerator products that we will have to look at. They look expensive ($3,000 to $10,000 each end) so will do a lot of investigations before jumping on that bandwagon.

I hope you all recognize how much your input has helped me. I know that I certainly do.  Can't thank you all enough for the HOURS and HOURS that you have saved me.  Maybe I can get edgeecated enough to be able to help others. Actually spend a LOT of hours helping others in the Windows world so maybae it all evens out. Hope so.

Anyway, THANKS a bunch and will be back at it next week.

[mercyh]

Bandwidth over VPN will be an issue if you are pulling down large data files.

Dmay mentions a product in this post http://forums.contribs.org/index.php?topic=41250.0 that I am personally not familiar with but may be an option for your situation.

EDIT: I see you mention the redriver product above.

[zatnikatel]

my option works fine tested it today with windows host file
but as i can see other people have jumped in with idea's and they have more knowledge than me go with want they recommend as they have better knowledge

on a side point if you are going to have 20 people connecting via vpn that will use a lot of bandwidth you will need symmetrical ADSL that is the same as up and down with 20 people not sure but a min of 2meg up and down but with that many i think 4 meg up and 4 meg down would be the best but i think the cost would be high
ADSL2+ annex m would be more the go

[mercyh]

zatnktel,

I have little or no knowledge of DNS/Wins server. My goal was to get the vpn working with IP addresses. Now that he has that going, I bow out. Your knowledge in the windows world is needed.

(from myself)

6. If you can get all of the above working, you should be able to map drives using the IP address of the server. At this point you are ready to start working with DNS if you still want to be able to browse by machine name and workgroup.

We have step 6 completed and I am out of my level of expertise.

PS> I have seen your work in the forums and respect and appreciate your knowledge and willingness to help. 

[zatnikatel]

Thanks mercyh
yes i have to know both server OS windows and linux as some people are stick in the muds and don't want to change from windows no matter what you say to them it is even free but they are MS borg's nuf said