Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Rob on June 06, 2002, 06:31:36 AM
-
For those who have been trying unsuccessfully to implement this i will share what i know
If you could share your successes and failures we might be able to post a "knowledgebase" for this ;-)
1. follow the howto http://www.myezserver.com/downloads/mitel/contrib/freeswan-0.4/freeswan-howto.html
But - when you add the remote network to your local local network, the local gateway IP is the router
Then
2. use the server-manager, hostnames and addresses panel to add the remote computers
But - use the "create a new hostname for a local host." option
and enter the remote hostname and its IP address - use your domain name
You MUST have a puplic IP on the external NIC on each gateway OR a route to it. If you are using an ADSL modem with NAT forget it! turn the modem into a bridge and use your static IP no the e-smith box.
The only thing that really threw me is that I have a win 98 laptop that won't map network drives across the WAN (but can ping to name and number) and a win98 desktop that will. I wasted hours trying to figure out why it would only work one way. changed test machines and bingo!!
If anyone knows how to get the whole thing happening in network neighbourhood i'd like to know
rob
-
Nice tip on the hostnames thing.
I have managed to get ipsec up and running between two SME servers across a wireless link using the howto and some behind the scenes template editing.
The only thing i might add is make sure you set all the
Protect Network to Network traffic:
Protect Gateway to Gateway traffic:
Protect Gateway to Network traffic:
to yes as this sets up four tunnels between the servers and lans. This is only important if you want to do things like rsync backups or even just ping tests from the sme machines (this one took me a while work out).
With respect to browse lists and network neighbourhood, you would need to look at the wins proxy feature in Samba or assign one sme to be the wins server for both lans. Point all the client machines on both lans at the one machine for wins resolution and it should work (it would really suck as wins and the browse lists rarely stay in sync so you end up seeing machines that are switched off etc).
Better to map drives across different subnets.
Regards Duncan
-
> If anyone knows how to get the whole thing happening in
> network neighbourhood i'd like to know
Since you have SME boxes (and thus samba WINS servers on both side) you can try setting the PC's WINS settings to include both SMEs in WINS (the local one 1st).
I do this all the time, except, my WINS servers (one MS and one SME) are behind the VPN gateway, not acting as the gateway. This may make a different since I don't know if you can see/use the distant SME server's internal interface. If you can ping the far SME box on the internal NIC you're probably good to go.
- Todd
-
note these discussions also
http://216.191.234.125/bboard/read.php?f=3&i=13365&t=13365
http://216.191.234.125/bboard/read.php?f=1&i=11936&t=11936