Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Cyrus Bharda on July 14, 2003, 10:03:15 AM

Title: VPN Noob
Post by: Cyrus Bharda on July 14, 2003, 10:03:15 AM

Hellu,

Here is my problem:

We are getting a broadband connection here at work, and we are also setting up broadband connections for several employee's to work from home, all have static IP's. We run a SME 5.5u6 as Server and Gateway and our Windows 2000 Server (PDC) sits happily behind it on our local network.

What we want to do is allow the home users to access the Terminal Server running on the Windows 2000 Server.

This can be done with putty and/or some port forwarding, but putty is messy and confusing for some of the less-computer-wise staff, I do not want to open up our terminal server to the world by opening/forwarding 3389 on the SME box and was looking at trying to set up a VPN between the home users and work.

Now be gentle, I am a noob, so here are some questions:

1. Is Freeswan and PPTP different or the same?
2. The howto for setting up Freeswan on SME is great, but does that mean that at every employee's house I need a SME for it to connect to, can I just set it all up in Windows to connect to the SME VPN?
3. Once a VPN connection is made, does that mean that they are on the local network at work, so they have to login to the domain controller to access the terminal server?

Thanks for any suggestions!

Cyrus Bharda

Title: Re: VPN Noob
Post by: Guck Puppy on July 14, 2003, 10:58:25 AM

I'll have a crack...

> 1. Is Freeswan and PPTP different or the same?

different. Freeswan defines "permanent" always on vpn connections from server to server. PPTP is a "temporary" client based "dial-up" connection.

> 2. The howto for setting up Freeswan on SME is great, but
> does that mean that at every employee's house I need a SME
> for it to connect to, can I just set it all up in Windows to
> connect to the SME VPN?
Hmm... I think the howto just covers connecting SME servers together. Whilst it is possible to connect various different types of IPSEC "permanent" firewalls together, it can be haphazard and time-consuming. Connecting Freeswan "directly to Windows" is not possible (AFAIK(?)).

> 3. Once a VPN connection is made, does that mean that they
> are on the local network at work, so they have to login to
> the domain controller to access the terminal server?
They are on the local network. And specifically with respect to a PPTP connection, the setting for the "Use Default Gateway on remote network" in the Advanced TCP/IP settings of the "TCP/IP" properties of the "Networking" tab of the PPTP connection (phew) dictates whether or not ALL the users net traffic goes through the PPTP connection or just the traffic destined for your work LAN.
As for logging in to the domain controller - I guess that depends how you have your windows security setup. I know that when PPTP-ing into work from my home machine I can use terminal server on a work box just by logging in with appropriate credentials and specifiying the domain in the appropriate dropdown at the TS login screen.

I'm sure you'll get a lot of responses to this question :)

G

Title: Re: VPN Noob
Post by: Cyrus Bharda on July 14, 2003, 11:05:23 AM

Guck Puppy,

Yeah cool thanks, I really should've RTFM!! Well after playing around with some settings after reading the SME manuals I have it working freakin great!

So basically to answer mine own question:

1. IPSec is for VPN two servers, just like you said.

2. Setting up windows 2000 is easy as adding another network conection and choosing VPN. Just be sure to put the number of pptp connections you want to have enabled in the Remote Access panel in your server-manager.

3. Once the connection is made you are on the local network, just like Guck Puppy wrote!

How easy was that! Sorry for the unsubstaniated, stupid post, I really have to learn to RTFM first sometimes before rushing to google, find nothing and post here!

Cyrus Bharda

Title: Re: VPN Noob
Post by: David Woolley on July 14, 2003, 02:32:02 PM

Hi Cyrus

Did you answer this part of your query:

>but does that mean that at every employee's house I need a SME for it to connect to, can I just set it all up in Windows to connect to the SME VPN?

I have a VPN between home and work administered by 2 SME5.5 server/gateways. I use Win2K machines behind the gateway. All OK.

Now, another employee wants to work from home, and I don't know whether you're saying another SME box and LAN at their place is mandatory as well as their workstation.

Thanks

David

Title: Re: VPN Noob
Post by: Ray Mitchell on July 14, 2003, 03:21:41 PM

Cyrus Bharda wrote:
> I really have to learn to RTFM first sometimes before rushing
> to google, find nothing and post here!

Why not rush to sme/e-smith.org forums first, do a search (all dates) and probably find what you want !! and of course RTFM as well !!

Regs
Ray