Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: J Hicks on November 18, 2002, 04:02:42 PM
-
A collegue of mine, Adrian S, posted here the other day asking for help with a VPN setup we're working on. Basically we're trying to connect users to the primary LAN via an E-smith box creating a PPTP tunnel. The LAN already has a DHCP server so SME's dhcpd is turned off.
Client -:- SME -:- LAN
The clients are windows based and require NT logons, this is where we encounter problems. SME seems to be giving the clients false addressing information. It dishes out IPs within the LAN's range, however the subnet mask, gateway and WINS servers come back wrong. (subnet mask comes back as 255.0.0.0 instead of 255.255.254.0, the gateway is the same as the clients ip and the wins servers are both set to the SME local (LAN) ip.
I myself have little experience with SME, VPN or windows NT based networks, so I'm not really sure what's going on under the bonnet. I'd like to know if SME or the LAN's DHCP server hands out IP's to VPN clients. From what I can see it's SME since it gets an IP, yet everything else is wrong. If I'm right, how can we tell SME to give VPN clients the correct information about the network they're connecting to (g/w, wins servers, subnet mask)?
Someone suggested setting up SME as a DHCP temporarily - when it is turned off it should remember client settings,,, this did not solve our problem unfortunately.
Also telling the smb service the ip of the wins server seemed to do nothing.
Any help/information would be much appreciated, I'd like to shed some light on this problem and hopefully solve it.
Jon
-
Yes, the SME will be handing out the IPs to the VPN clients. The IPs are static, taken out of the specified DHCP range. I believe it was posted here that the netmask on a PPTP connection isn't used, so it's not "wrong".
I'll do some more checking into what the SME passes on to our PPTP clients...
-
Bill, thanks for the swift response and clearing that up. What we're trying to do is have the vpn server act as a gateway between a Wireless LAN and a wired lan. This is simply for added security and nothing more. VPN acts as a cheaper solution than a TACACS/RADIUS server.
Does it sound like PPTP is the answer? If the VPN server won't pass on g/w information or WINS/DNS server information then there's little a VPN client can actually do once they are on the network, without a lot of messing around.
My apologies for my lack of knowlege on this subject, I prefer playing around at a lower level ;-)
Jon
-
We are using our SME 5.0U6 for web and email. We have an NT4 PDC behind the SME on the LAN. I can PPTP to the SME, and logon to the domain, and it acts exactly like the PC was hardwired into the LAN.
If I remember correctly, the PPTP connection doesn't pass on the netmask, but it does still work. I'm not sure exactly how all this works, so you can probably find a better source than me. I think the PPTP client makes a connection with the SME, and the SME makes the connection with the rest of the LAN, if that makes sense. Do you have the SME configured to look to your other server for DNS?
In the thread about adding the WINS server, a few posts later it mentioned that you had to rebuild the dhcpd.conf too if you're using the SME for DHCP. Since the SME is supplying the DHCP info to the PPTP clients, I'm guessing that you'd need to do that to, if you didn't already.
-
Regarding the netmask, i think that makes sense. Even though the netmask is all 255s, we can ping everything ok.
Regarding the WINS issue however, we've told the SME server the IP address of the WINS server yet clients are still obtaining the ip of the sme server as both primary and secondary WINS. SME is not acting as a DHCP server.
Afaik, we're not pointing SME at the DNS server, how does one achieve this?
Regards,
Jon
-
J Hicks wrote:
>
> Regarding the WINS issue however, we've told the SME server
> the IP address of the WINS server yet clients are still
> obtaining the ip of the sme server as both primary and
> secondary WINS. SME is not acting as a DHCP server.
I just checked, and the NT4's IP does not show up as the WINS server when I PPTP to the SME. I don't show anything in either primary or secondary actually. I realize the SME isn't actually the DHCP server, but the PPTP stuff is getting pulled from the SME's DHCP info. Setting the WINSServer value should create "option netbios-dd-server" and "option netbios-name-servers" values in /etc/dhcpd.conf. You do have those right? Like I said, I think the client connects to the SME, and the SME then connects to the LAN, therefore the client itself doesn't have the regular LAN values. I'm not sure on that, but I think it's how it works.
> Afaik, we're not pointing SME at the DNS server, how does one
> achieve this?
Run through the configuration again, and specify the "ISP" DNS server. I believe it says that you normally shouldn't have to enter anything there. That will cause the SME to forward any DNS queries on to the specified DNS server.
-
Thanks for your help. It seems we have it all working now. Again, thanks.
Jon