Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Bob on August 21, 2003, 05:35:52 AM

Title: vpn
Post by: Bob on August 21, 2003, 05:35:52 AM

I am a newbie to linux, and  am trying to set up a vpn connection between a windows 98 client that is connected to a SME 5.6u4 server to another server (same software ). I cannot connect to the distant server through my server, but I can if I use my dialup connection directly from the '98 client. Both networks are in the same work group, and in the same subnet (192.168.2.xxx) both are to cable modems through broadband sharing routers. I have pointed the DMZ of each router to the static IP of external address of the server. (secondary question, do I really need the router?) I have tried to search this but cannot find any discussion.

Bob

Title: Re: vpn
Post by: Paul on August 21, 2003, 06:15:01 AM

Bob,

First, if your a newbie, Dump the router(s).  It will cause headaches for you especially if you are trying to establish any VPN's.  Your SME box is an excellent gateway(router)/firewall by itself and will provide all the services you need.

Second, are you trying to connect the 2 SME boxes thru a VPN or are you trying to connect to the SME boxes outside of the network?

If you are trying to connect the 2 SME boxes then there is a great contrib for just that reason.

If you are trying to connect a client behind one SME box to another SME box over the internet, then a VPN should work thru the first SME box to the second one, it just needs to be set up properly.

Title: Re: vpn
Post by: bob on August 21, 2003, 06:34:48 AM

Paul,

I am trying to connect from a client behind one SME box to another box over the intenet. Is there a "how to" on this ? Am I correct to have the same subnet on the nic for both internal networks. I am making sure the IP's do not conflict ( I use static IP on clients)

I am attempting this to provide remote administration. I can use ssh for some of it, but vpn makes it easier to use the control panel.

Thanks


Bob

Title: Re: vpn
Post by: bob on August 21, 2003, 06:45:39 AM

Paul,

when you say it needs to be set up properly, are you refering to the SME box, or the '98 client?

I am sooooo pleased with this software. I am finding it easy to configure, and add functions.  I am learning a lot, and am pleased with the depth of support from the forums.

Title: Re: vpn
Post by: Paul on August 21, 2003, 06:48:23 AM

All the machines including the client!

Title: Re: vpn
Post by: Bob on August 21, 2003, 06:51:57 AM

I think I have the client configured properly because I cau disconnect from the network, and use a dialup and connect to the distant ( or my own ) network with out any problem.

Title: Re: vpn
Post by: Paul on August 21, 2003, 07:03:42 AM

Bob,

The first thing you should try is to put the 2 server's internal IP's on a different subnet because you nic and VPN (which gets it's ip address from the remote server's DHCP pool) will end up on the same subnet and could potentially have the same ip address.  This is probably not a good thing and may confuse your connections. eg:

nic on w98 pc 192.168.1.100 sending out VPN request thru server 1 to server 2 and server 2 sending back 192.168.1.101 for the VPN to use. Now you have the VPN trying to communicate with both servers at the same time, I don't think it will work.

Title: Re: vpn
Post by: bob stalzer on August 21, 2003, 10:25:37 AM

Paul

Tried what you suggested, did not work.

The remote server still has a router between the SME box and the internet. external ip of the remote server 192.168.1.31 Local ip of remote server 192.168.2.21

IP of my windows client 192.168.3.3

put router back in my system, external IP address 192.168.1.10

as a side note, I have to configure my browser to use the proxy if I remove the router from my system, and I cannot receive email

Title: Re: vpn
Post by: Kelvin on August 21, 2003, 04:30:21 PM

For VPNs to work properly, the two networks cannot be in the same subnet :-

LAN #1 : 192.168.2.xxx

LAN #2 : 192.168.3.xxx

Will be fine (but not if LAN #2 is also 192.168.2.xxx).

Kelvin

Title: Re: vpn
Post by: brian kirk on August 21, 2003, 04:40:40 PM

I assume we are talking pptp here? Ditch the routers if you can - or be 1000% sure that they are passing correct ports and gre protocols. I have had major problems with routers claiming to pass pptp and discovering they dont!
The subnets should be different for each n/w.
Some messages from your messages log file might be helpful to see what is being attempted. You might also like to consider pptp-linux. See http://forums.contribs.org/index.php?topic=15935.msg61496#msg61496
This establishes a vpn tunnel between two sme servers and allows pcs on the lan to browse the remote network. I have just got this working on 5.5 (should work on 5.6) and I have done a howto if you are interested.
Regards
Brian

Title: Re: vpn
Post by: bob stalzer on August 21, 2003, 04:52:24 PM

Brian,

    I will keep trying. I don't want to set up a vpn between the SME boxes because I need to do the same thing with different remote servers, and don't need them tied togeather. I just need to connect from my '98 box through my server.

Will look in the log files.

I am new to this part of computing, and it is a steep learning curv. Thanks to all for the great support

Bob

Title: Re: vpn
Post by: Bob on August 21, 2003, 08:21:22 PM

I am not sure what happened, but today everything for the vpn is working fine now

Thanks for the help

Title: Re: vpn
Post by: Bob on August 21, 2003, 09:12:02 PM

still in trouble, works only part time. Which logs can I look at to see what is happening?

Title: Re: vpn
Post by: mark on August 24, 2003, 11:11:07 AM

have you made sure that your win98 box is using 128 bit encryption for the pptp connection - if its 40 bit it will never work.

Mark