Topic: VPN/PPTP & DHCP

[Gary Kenny]

Hi,

I have recently installed E-Smith 5.6 and I am playing with VPN setup. I am using a Windows XP Pro client:
(1) When dynamically obtaining an IP address from E-Smith, the IP address is allocated but the subnet is 255.255.255.255. This causes it's own problems.
(2) When specifying a static IP address, I receive an error:
TCP/IP CP reported error 735: The requested address was rejected by the server.

I am not an expert on VPN/PPTP but I am learning fast. Please can anyone advise on the situations above or give general information that may help in locating the error.

Kind regards,

Gary Kenny

[Bill Talcott]

VPN IPs are assigned from the top of the SME's specified DHCP range (regardless of whether you're actually using the SME as a DHCP server). The netmask is supposed to be 255.255.255.255. I'm not sure about static IPs, but it probably has to do with the SME's config. It's probably designed to only allow PPTP connections from the IPs it has listed. You could probably change things to allow your own static IP to be used, but I'm not sure if that would allow you to do anything differently.

What exactly is the problem you're having?

[Gary Kenny]

Hi Bill,

Thanks for the reply.

Regarding the static IP problem, I have tried to disable DHCP and I have tried to state an IP address within the DHCP range with the same error...

Regarding my first problem, I am (very) new to VPN's and I am trying to connect to my office network. I can logon successfully, an IP address is allocated from the range, I have a subnet of 255.255.255.255 and a gateway that is the same as the allocated IP address.

How do I see/connect to other computers within the network? I want to be able to obtain files from another computer. I had thought that connecting through the VPN would allow me to be seen as part of that local network and treated as the same.

Thi is obviously a failure in my understanding.

Thankyou for your very prompt response!

Cheers,

Gary

[Bill Talcott]

Gary Kenny wrote:
>
> Regarding the static IP problem, I have tried to disable DHCP
> and I have tried to state an IP address within the DHCP range
> with the same error...

The DHCP range is still in the system, regardless of whether or not the SME is actually acting as a DHCP server. It is set up to hand out IPs to PPTP clients from the top of that range. We're using an NT4 PDC as a DHCP server and the SME just for internet stuff, so I had to enable the SME's DHCP, set its range as a subset of the PDC's DHCP range, then disable DHCP again. Like I said before, there's probably something in the SME's setup that won't allow you to specify static IPs for PPTP connections. I'm sure there's some way to get around that if you dig deep enough, but I don't think it would help anything.

> Regarding my first problem, I am (very) new to VPN's and I am
> trying to connect to my office network. I can logon
> successfully, an IP address is allocated from the range, I
> have a subnet of 255.255.255.255 and a gateway that is the
> same as the allocated IP address.

That's the way it's supposed to be. It looks odd, but that's the way PPTP connections are.

> How do I see/connect to other computers within the network? I
> want to be able to obtain files from another computer. I had
> thought that connecting through the VPN would allow me to be
> seen as part of that local network and treated as the same.
>
> Thi is obviously a failure in my understanding.

This is the way it should work. Once you connect, your VPN client should appear exactly the same as any other PC on the LAN. What exactly have you tried? What failed and succeeded? My guess is that Network Neighborhood isn't working for you. That's usually a WINS issue. \\share usually works just fine when names won't. Have you tried pinging LAN IPs?

I can't give you much help on SME WINS stuff. As I stated, we have an NT4 PDC which is acting as a WINS server. I specified this to the SME, and everything works great. I can't say anything about the SME's WINS capabilities, as I have no experience with it...

[Gary Kenny]

Hi Bill,

I had been hoping to use SME to act as a Domain Controller as well (although I haven't configured this yet!).

Currently I am using a Workgroup (rather than a domain) and I have NO primary domain controllers specified on the network.

I have a dedicated connection to the Internet through a local network and I am trying to access the VPN through this connection. Am I correct in stating that the two workgroups need to be the same?

The next step is to configure the Domain Controller within SME. Do you have any experience of this?

Thankyou for your help. In going through this process with you again I see that some other issues have been resolved. It has caused me to rethink as I type.

Thanks again,

Gary

[Jason Benedict]

Hi pple,

I need some advise. I had installed SME ver 5.6 as run as server only . I not new to e-smith software, had been using since 4.x version.

I had enable pptp to value 1 via the server-manager but i could not get connect using my winXP and windows 2000.

I had too installed:-
e-smith-packetfilter-1.13.0-07.noarch.rpm
pptp-conntrack-nat-1.0.0-4es.i686.rpm
ppp-mppe-modules-2.4.2-4es.i686.rpm

Here my log:-

root]# tail /var/log/messages
Feb 25 15:20:12 sglinux pppd[1876]: Sent 24 bytes, received 54 bytes.
Feb 25 15:20:12 sglinux pppd[1876]: Connect time 0.1 minutes.
Feb 25 15:20:12 sglinux pppd[1876]: Sent 24 bytes, received 54 bytes.
Feb 25 15:20:12 sglinux pppd[1876]: Exit.
Feb 25 15:20:12 sglinux pptpd[1875]: GRE: read(fd=5,buffer=804d940,len=8196) from PTY failed: status = -1 error = Input/output error
Feb 25 15:20:12 sglinux pptpd[1875]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Feb 25 15:20:12 sglinux pptpd[1875]: CTRL: Client 210.193.18.198 control connection finished
Feb 25 15:20:12 sglinux pptpd[1875]: CTRL: Exiting now
Feb 25 15:20:12 sglinux pptpd[1781]: MGR: Reaped child 1875
Feb 25 15:20:12 sglinux /etc/hotplug/net.agent: NET unregister event not supported
===================================

any help would be very appreciated as i been thru this trouble-shooting for a month....and not answer found in the list here as well.

Thanks alot in advance.

[Bill Talcott]

http://forums.contribs.org/index.php?topic=16298.msg62981#msg62981

[Duncan]

Gary

Set the e-smith machine up as a PDC. This will enable WINS wich will help "see" the computers on the remote network.You dont ned to set the pcs up to work in the domain - things will still continue to function correctly.

As Bill stated, you should be able to browse computers by using the \\share method. The only problem you might have is if the ip ranges where the same on both Lans.

It is not a requirement that both the workgroups be the same.

Jason

Sorry cant help. Looks like a bugger though.

Regards Duncan

[Bill Talcott]

Gary Kenny wrote:
>
> I had been hoping to use SME to act as a Domain Controller as
> well (although I haven't configured this yet!).
>
> Currently I am using a Workgroup (rather than a domain) and I
> have NO primary domain controllers specified on the network.

It may be easier to switch to a domain configuration first. You might run into problems in this temporary setup that you wouldn't with a domain setup. Or you might run into new problems when you try to switch over. I appreciate doing things one step at a time, but sometimes you create twice as many problems trying to make things work "for now" with plans to change things over later. Just something to consider...

> I have a dedicated connection to the Internet through a local
> network and I am trying to access the VPN through this
> connection. Am I correct in stating that the two workgroups
> need to be the same?

I'm not sure about Samba and VPN and everything else together, but with "normal" Windows networking, workgroups are simply a convenience factor. You can see every PC on the LAN regardless of its workgroup. The ones in your workgroup show up directly under Network Neighborhood, while you have to browse through Entire Network to see other workgroups. The workgroup provides some surface separation, but doesn't really affect communications between PCs.

> The next step is to configure the Domain Controller within
> SME. Do you have any experience of this?

Nope. We had our PDC before the SME. We're using the SME only for internet stuff. It should be fairly straight-forward from what I've read though.

Back to your original problem of it "not working"... You can obviously make a connection, based on the fact that you can get an IP. As long as the connection doesn't drop, I think you're avoiding the 5.6 PPTP bug (but I'm still on 5.5, so I'm not sure). Once connected, can you ping the SME's internal IP? Can you ping other LAN PCs' IP addresses? Can you ping by hostname? Does \\share\ work? Does \hostname\share\ work? Can you browse through NN and see other computers?

[Bill Talcott]

Duncan wrote:
>
> Set the e-smith machine up as a PDC. This will enable WINS
> wich will help "see" the computers on the remote network.You
> dont ned to set the pcs up to work in the domain - things
> will still continue to function correctly.

Is WINS enabled on the SME only if it's set up as a PDC? As I said, we have an NT4 PDC handling Windows networking stuff, so I have very little experience making SME work for that stuff.

[Gary Kenny]

Hi Bill,

I suspect that the PPTP bug may have been adding to my problems. I have been experiencing dropped connections where I had to close and reopen the VPN connection.

Can anyone give me a clue as to how to roll back to the previous PPTP package (Package name and commands)?

Cheers,

Gary

[Duncan]

Bill Talcott wrote:

> Is WINS enabled on the SME only if it's set up as a PDC? As I
> said, we have an NT4 PDC handling Windows networking stuff,
> so I have very little experience making SME work for that
> stuff.

I thought this was the case but now i am not sure. Seems that SME sets itself up as a WINS server either way. If you set it up as a DHCP server it will point to itself as the WINS server.  That would be okay so long as you were happy with SME acting as your WINS server. I am not sure what happens if you want SME to be your DHCP server but another machine to be your WINS server. Normally you would tell the DHCP server to reference the other WINS server - but i cant see any process to do this in the DHCP setup.

It probably wouldnt be much of an issue as any machine (ie 2000 Server) capable of being a DHCP server is going to be able to act as a WINS server.

Regards Duncan

[Bill Talcott]

Duncan wrote:
>
> I thought this was the case but now i am not sure. Seems that
> SME sets itself up as a WINS server either way. If you set it
> up as a DHCP server it will point to itself as the WINS
> server.  That would be okay so long as you were happy with
> SME acting as your WINS server. I am not sure what happens if
> you want SME to be your DHCP server but another machine to be
> your WINS server. Normally you would tell the DHCP server to
> reference the other WINS server - but i cant see any process
> to do this in the DHCP setup.

http://forums.contribs.org/index.php?topic=16075.msg62040#msg62040

# /sbin/e-smith/db configuration setprop smb WINSServer 192.168.20.1
# /sbin/e-smith/expand-template /etc/smb.conf
# service smb restart

I found an old post where I said that the SME will act as a WINS server by default, so I must have seen that somewhere too...

[Gary Kenny]

Bill Talcott wrote:
> Back to your original problem of it "not working"... You can
> obviously make a connection, based on the fact that you can
> get an IP. As long as the connection doesn't drop, I think
> you're avoiding the 5.6 PPTP bug (but I'm still on 5.5, so
> I'm not sure). Once connected, can you ping the SME's
> internal IP? Can you ping other LAN PCs' IP addresses? Can
> you ping by hostname? Does \\share\ work? Does
> \hostname\share\ work? Can you browse through NN and see
> other computers?

Hi Bill,

It seems that some of my problem was infact related to the 5.6 PPTP bug. I have a temporary fix in place giving a much more stable connection.

Now, with SME acting as a PDC, I can login to the domain and see all registered computers under Network Neighbourhood.

However, I can only connect to the SME server using the Computer Name. Using the computer name for another server states that the computer cannot be found (although I can connect using the IP address). The computer is a Windows 2000 server and it is connected but not logged on. Any ideas?

Cheers,

Gary

[rob wellesley]

Gary Kenny wrote:

> However, I can only connect to the SME server using the
> Computer Name. Using the computer name for another server
> states that the computer cannot be found (although I can
> connect using the IP address). The computer is a Windows 2000
> server and it is connected but not logged on. Any ideas?

You should only have 1 WINS server on your network - make sure that you point your W2K server to the sme box for wins, or vice-virca

rob