Topic: PPTP internal SME client to external SME server

[Drifting]

I need and internal machine to be able to connect pptp to external SME server. To be honest I use this so rarely, and cannot remember the last time it worked, and if I was using SME as the gateway or my old router.
But does the following from the FAQ mean outgoing? or incoming? :-
You cannot establish a VPN passthrough connection through an SME server to a local machine due to problems with the sme server supporting the passthrough of protocol 47 (GRE).
From what it says I would assume incoming?
I have set the gateway sme to no vpn access, and that did not make any difference. Is this possible?

Paul.

[janet]

Drifting

That FAQ comment refers to incoming.

The stated goal in your title works OK, I do it often ie from a local windows workstation behind a sme server in server & gateway mode to a remote sme server in server & gateway mode.

You can then connect to any server or workststion on the remote network by IP or name depending how you set things up.
Also each network would ideally have a different IP range eg local 192.168.1.1, remote1 192.168.2.1, remote3 192.168.3.1 etc, otherwise you can have difficuties mapping the correct shares

You MUST enable pptp on the remote sme server, disabling it as you have stated, will stop a pptp connection from being established.

Configure VPN on your workstation & set the host details as the remote sme server FQDN.

If you are using routers ss your firewall/gateway & sme server in server only mode, then you have to enable VPN in your router, & the passthrough issues will be applicable. Most modern routers support VPN passthrough but YMMV.

Remember all the (external) connections between each end must support VPN passthrough, sometimes equipment at ISPs or corporate firewalls can intentionally or unintentionally block VPN.

[Drifting]

Thank you so much for the reply Janet.

I thought I had done this before through SME. That was the odd thing, that something has changed on the SME server? I use two workstations, one a Windows 7 Pro and the other an iMac, with OSX and Maverick. Neither can create a VPN out to other SME servers. My SME is in server - gateway mode. However incoming from a friends network works.

Now there was one odd thing, when I turned off VPN into my SME, the VPN out seemed to take longer as if it was trying to negotiate, but with it on it declined a connection immediately.

Luckily my SME is on a VM, so can soon run up another without contribs to see if that works, was just curious what it could be.

Kind Regards Paul.

[janet]

Drifting

Rather than running up another VM, just see what the problem is by looking in your log files, in this case the more useful place to immediately look would be on the remote server.
This assumes of course, that you do not have another firewall at your outgoing end, other than the firewall in the local sme server.

PS (Edit:) Your friend can VPN into your local sme server, but can they VPN into the remote server, the one that you cannot get to also ?
That may help identify where the problem lies.

[Drifting]

Hi Janet

Well the server I was trying to VPN in to was my friends. He can VPN in to my SME, but I cannot into his. Here is the part of the log, nothing was in the pppd/current ? assume that only fills up on an active connection?

May 12 09:54:06 ins1 pptpd[15320]: CTRL: Client 21.*.*.* control connection started
May 12 09:54:07 ins1 pptpd[15320]: CTRL: Starting call (launching pppd, opening GRE)
May 12 09:54:08 ins1 pppd[15321]: Plugin radius.so loaded.
May 12 09:54:08 ins1 pppd[15321]: RADIUS plugin initialized.
May 12 09:54:08 ins1 pppd[15321]: pppd 2.4.4 started by root, uid 0
May 12 09:54:08 ins1 pppd[15321]: Using interface ppp1
May 12 09:54:08 ins1 pppd[15321]: Connect: ppp1 <--> /dev/pts/1
May 12 09:54:49 ins1 pptpd[15320]: CTRL: Reaping child PPP[15321]
May 12 09:54:49 ins1 pppd[15321]: Modem hangup
May 12 09:54:49 ins1 pppd[15321]: Connection terminated.
May 12 09:54:49 ins1 pppd[15321]: Exit.
May 12 09:54:49 ins1 pptpd[15320]: CTRL: Client 21.*.*.* control connection finished

IP's changed to protect the reckless, me!

Paul.

[Drifting]

I just love beating my head against the wall.
Hope this help other hapless souls such as I!

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2061834

Paul.