Topic: 2 SME Servers

[William]

Im wanting to connect two servers, from two completely different locations, Site A I want them to be able to see files on Site B and Site B to be able to see files on Site A's server. So, when I go through my shares, I can see the files that reside remote, and vice versa. Is there a howto on this, or can it be done?

[Kelvin]

Visit www.myezserver.com and llok for the freeswan contrib and howto.

Kelvin

[William]

Ok...I have two routers, i did all the the step by step, but still cant ping anything, Do i need to do anything to my routers to allow incoming? If so...what ports?

William

[Kelvin]

If your SME servers are not your routers (ie. you have hardware routers in front of your SME servers), then you will need to open some ports to the SME servers. If not, please post detailed configuration before we know how to approach your setup.

Kelvin

[William]

I have real routers in front,both routers are Seimens Routers, both connections are DSL. I can open ports, I just dont know which ones.

The internal ip of TCC Server is: 192.168.0.253
The internal ip of London Server is: 192.168.254.150

Gateway of London Server is:192.168.254.254
Gateway of TCC Server is: 192.168.0.254

Both Subnets are:255.255.255.0

Both servers have static IP's

TCC Server outside ip: XX.XX.XXX.30
not real IP's: London Server outside ip: XXX.XX.XX.30

TCC outside gateway: XXX.XX.XXX.50
London Server outside gateway: XX.XX.XX.50

This is the setup I have.

Also on both servers, on the Local Networks. What would I put there?

[Kelvin]

William,

This changes everything. The howto was designed for setups where the SME servers are the actual routers for the two LANs. If you must keep the 2 hardware routers then there are some things to be changed.

1. Both SME servers should have 2 NICs in them, one to connect to the router and one to service the LAN.
2. Reconfigure the LAN workstations to use the SME server as the gateway and not the hardware router.
3. If you can configure your routers to pass all traffic to the external NIC of the SME servers, then do that and follow the howto (or if your ADSL modem is separate to the hardware router, you could just get rid of the router !).

as for the port numbers, see :
http://forums.contribs.org/index.php?topic=15820.msg61026#msg61026

Kelvin

[William]

hehe...ouch...it would be a mess, there is no way around what i have?

William

[William]

hehe...ouch...it would be a mess, there is no way around what i have?

William

[Kelvin]

Well... not knowing about the Siemens routers .....

If your routers had VPN capabilities, this would be simple .... !

Kelvin

[boris]

are those cheap home router/gateways? They may not work for your set up. You can try to replace them with more expensive models Netgear FVS318 and you will have 8 points VPN, router to router. Then behind routers SME can be configured as server only and alow each others network be "local" for browsing.
Or take you routers out of the picture and use SME as router/gateways. With freeswan add-on you can make the same connections router to router. Make sure you use compatible (with freeswan) version of SME.

[William]

They have IPSEC Tunneling support, Is that what i need?

[Kelvin]

IPSec is what you need. However, you need to determine if the router only has IPSec "Pass Through" support (Which still requires your SME servers to do it) or it actually has IPSec Termination services built in (ie. it can initiate and receive IPSec connections itself).

Kelvin

[William]

They are Seimens 2604's

I dont know if that tell you anything...

[Boris]

I have looked up specs for Siemens SpeedStream® 2604.
They allow VPN passthrough but not the end point termination. You still can run IPSec (freeswan) VPN but you'll have to use SME to do it and do port forwarding on both routers to the servers behind it. It will be messy and confusing for a newbe.
I would still save myself time and use SME's instead of those routers or upgrade routers to the ones I mentioned in the previous post. I have had success with both types of setup before with multiple installations.
Good luck.