Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: VPN Quiry one sme to another?
« previous next »
Pages: [1]   Go Down

VPN Quiry one sme to another?

  • 3 Replies
  • 1220 Views

Offline steve288

  • *
  • 336
  • +0/-0
VPN Quiry one sme to another?
« on: September 28, 2009, 04:57:30 PM »
VPN Practical tips says the following …

You cannot establish a VPN passthrough connection through an SME server to a local machine due to problems with the sme server supporting the passthrough of protocol 47 (GRE).

VPN connections to workstations will run very slowly. It is not advisable to run programs across VPN connections, even with fast broadband Internet speeds. This applies to scenarios where a VPN connection is established to a sme server, and then a connection is made to a workstation on the remote network.

Is it true that you still cannot do it. Although it’s a little confusing because the second paragraph seems to indicate that you can to it, although performance is poor. (If I understand it and maybe I don’t.)
 
Does this mean that you cannot VPN directly say from the Remote windows ( Internet) ->SME1 though to  SME2. I believe I read that some where else that you cannot do this but for the life of me I cant find it.

I’m not looking at doing this, per say. Just playing about and want configure it really just for the education of it. Further my knowledge with forwarding etc.  I could see some possible uses for it, although I’m sure others will have the opposite view.

Anyway just wondering if this is possible or if anyone is thinking of implementing it in the future.
Logged

Offline janet

  • *****
  • 4,812
  • +0/-0
Re: VPN Quiry one sme to another?
« Reply #1 on: September 29, 2009, 04:22:27 AM »
steve288

Quote
VPN Practical tips says …
You cannot establish a VPN passthrough connection through an SME server to a local machine ......

This means a VPN connection between an external client and a LAN workstation ie you cannot do that.

What can be done, is that you can create a VPN connection from an external client to the sme server, then you have access to workstations on the LAN via IP & share mapping etc.
They are different "things".

Quote
....it’s a little confusing because the second paragraph seems to indicate that you can to it.....

I belive that is referring to a VPN connection from an external client to a sme server, and then connecting to shares on the sme LAN workstations, and trying to run applications that reside on the sme server or on the LAN workstation (which can be very very slow).
The article does have this proviso (where connection = connect to a share): "This applies to scenarios where a VPN connection is established to a sme server, and then a connection is made to a workstation on the remote network."

As the article also says:
"A good alternative to access workstations behind a SME server on a remote network, is Remote Desktop Protocol (RDP)."
Logged
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline steve288

  • *
  • 336
  • +0/-0
Re: VPN Quiry one sme to another?
« Reply #2 on: September 29, 2009, 03:32:55 PM »
Thanks for the information. That does help me to understand what it is saying.

I suppose what I'm playing with (cause I learn by playing with various configurations I suppose) is a situation where you have one SME on the wan/lan (external/internal) and then another internally  creating another separate network. Really the second is like a wan/lan server set just like the first. Then when you connect to the first server it automatically takes you to the second.
In other words your connecting to the internal server/gateway through the first. Then from there you can connect to the windows computers on the second network. (I wonder out loud if you can forward the http port to get a web page internally on that second server, haven't even thought about that, for future play I suppose, sorry I digress.)

Yes I have used the Remote Desktop, which is a good solution and forwarded an external ip and protocol to an internal Windows Server. One of the drawbacks of this is that you can only remote desktop to one computer. You don't have a choice of connecting to any other computers unless, you Remote desktop to the first and then remote desktop to the second from the first, use VNC from the first to other computers or I suppose maybe? change the ports on the Windows computers that receive the remote desktop so that depending on which port you connect to you connect to a different computer.

Anyway these are my musings.
Regards
Logged

Offline janet

  • *****
  • 4,812
  • +0/-0
Re: VPN Quiry one sme to another?
« Reply #3 on: September 29, 2009, 04:59:01 PM »
steve288

Quote
In other words your connecting to the internal server/gateway through the first (sme).

What you are asking for is VPN passthrough.

As the wiki article says:
You cannot establish a VPN passthrough connection through an SME server to a local machine due to problems with the sme server supporting the passthrough of protocol 47 (GRE)

Which part of that do you not understand ?
Logged
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: VPN Quiry one sme to another?