Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Adrian S on November 14, 2002, 08:50:14 PM

Title: vpn internally with e-smith and NT
Post by: Adrian S on November 14, 2002, 08:50:14 PM

Hi all

I have an Nt domain here which i have been asked to do the following.

1x install wirless lan, wirless lan installed ok and works ok.(CISCO)

2  make wirless lan more secure that it is already, Ok i will use E-smith 5.12.

3 run vpn internally through wirless lan, Ok this works ok, both encripted.

Problem:

When i connect to the sme server i cant see any of the nt boxes on the lan infact it compains it cant login to the nt server PDC or BDC's. Note all clients are 2000 and XP.

Questions: If i connect through sme is it transparent aslong as i have the correct setting in my client?

Does sme need to be added to the domain if so how? i dont think it needs to be.

Do i need to set it up then as a server and gateway? or just server. I think it's server and gateway.

Proxy is being used here would this cause any issues with sme?

What else do i need to consider when combining these two platforms?

This is a great chance to get linux in the door next to all this microsoft kit.

Thank You All

Adrian S

Title: Re: vpn internally with e-smith and NT
Post by: Bill Talcott on November 14, 2002, 09:36:01 PM

I can PPTP VPN into our SME gateway, and have the client authenticated with the NT4 PDC on the LAN behind it. I'm assuming you already have the NT box providing DHCP and stuff to the LAN...

First the SME will be handing out the VPN IPs, not the NT box. Configure the SME to use whatever range you want (probably the same as the NT box is giving out, or a subset (x.x.x.240-x.x.x.250) of that). Then run the configuration again, and disable DHCP. It will remember that range, and use it (the top end of it actually) for PPTP connections even though regular DHCP is off.

Specify the WINS server to the SME using the instructions at http://forums.contribs.org/index.php?topic=4529.msg15729#msg15729 (I think this gets passed on to the client, but I'm not sure). It can only help...

Finally, make sure you choose the option to logon to or specify the domain in the Windows VPN connection. On XP, it adds a Domain field to the prompt screen, and 9x pops up a logon box like when I boot on the LAN...

Title: Re: vpn internally with e-smith and NT
Post by: Adrian S on November 15, 2002, 01:05:58 PM

Thank You Bill

I am going to try this today when we setup a mockup of the customer's network. We will replicate the problem first then try the fix.  

Thank You very much Bill