Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: alejandro on June 23, 2004, 11:47:30 PM

Title: strange vpn blocking
Post by: alejandro on June 23, 2004, 11:47:30 PM

Hi:
This is really strange, at least for me.
My side: "SME Server 6.0.1-01" some few adds.
fixed ip 200.81.xxx.yyy

My friend´s side: "SME Server 6.0.1-01"
fixed ip: 200.80.www.zzz

we tryed to set up a vpn between aur networks
the result was possitive for the first time, we could se each other's client pcs.
But...... since that beautifull moment we can't
neither send mail o see our web pages.
it looks as we were filtered eachother's IP
I would love to find wy.
any clues?
where to look at?

Thanks a lot in advance
Alejandro

Title: vpn blocking
Post by: ldkeen on June 24, 2004, 04:12:40 AM

Did you use IPSec to connect both LAN's? Are both the subnets using different IP's and did you add the remote subnets as local netorks in the server-manager?

Title: strange vpn blocking
Post by: alejandro on June 24, 2004, 04:02:26 PM

Thanks for the answer.
sorry for the lack of info in my first post.

Different local networks numbers
assigned eachother network as local networks
same subnet number.
just vpn from my client pc to his network
We did, in fact, many tests except ipsec.
problem now is that I can't test anymore because we are blocked.
I Would just know if there is a file or table where blocked IPs are stored so I can edit it and begin testing again.
Thanks again
Ale.

Title: Strange VPN
Post by: cc_skavenger on June 25, 2004, 07:58:43 AM

This is a problem I have been having, also.  Are these machines AMD based?  I have had trouble making VPNs work on AMD CPU based machines, but it seems to work just fine with Intel CPUs.  It seems that it will work the first couple of times and then it will break and never work again or never work at all.  Tried upgrading the pptp & iptables rpms with no luck.
I'm not sure where to go from here...

Title: strange vpn blocking
Post by: alejandro on June 25, 2004, 06:09:56 PM

Hello Again:
I will explain more:
servers are both intel based (pIII 500 and pIII 450)
clients are Intel and amd in both sides of VPN.
it has hapenned before and the only solution we found was reinstallation of both side servers. pretty radical but effective, now we are again facing incomunication between the servers.
As additional info, I can vpn both servers from my home computer (winxp AMD based, modem dialup coneection) and can see every resource of both networks.
So, my first suspect is a file or rule thas is dropping packets between servers.
I have no snort nor acid or anything alike.

 :roll:
I told it was strange

Title: strange vpn blocking
Post by: Anonymous on July 15, 2004, 01:46:24 PM

Check your vpn:

console:
# ipsec eroute
should give you info in the status of all connections. There should be no trap or hold

#ipsec setup status
is ipsec even running?

#ipsec verify
is ipsec installed correctly? (DNS keys are not required)

logs:
/var/log/secure
gives you all the info that you need about what fails and why

Title: No way
Post by: alejandro on July 15, 2004, 03:48:01 PM

Many thanks for the info

ipsec is not installed (either side)
it has never been installed before.
I didn't knew it was a "must be installed" for VPN
I will check installing it in a fresh server box

/var/log/secure is empty, and secure archives have not related info.

so, no clues again
Thanks anyway.
Ale