Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: asterof on May 23, 2007, 04:47:51 PM
-
Might sound silly but
How do you connect and run SSH once the VPN has been established ?
Or am I confused
Im am trying to run a shell from a windows XP machine
-
Might sound silly but
How do you connect and run SSH once the VPN has been established ?
Or am I confused
Im am trying to run a shell from a windows XP machine
You can use putty to establish this. But are you sure what you are doing? With VPN you access from a remote location your local network. I use ssh also this way.
It's also possible to connect directly with ssh to your server (and putty) port 22 needs to be open...
-
the idea was to access a directory as a mapped drive
located on the server
-
Im not sure you will need ssh if your are VPN'ing into your machine and simply want to map a shared directory.
I'd try the following:
First when you are on the LAN (ie not remote VPN) see if you can see the share you want on the sme server and make sure you can map a drive letter to it and access files etc.
Then, when logged in remotely via VPN try opening an explorer window (ie file explorer not internet explorer) and in the address bar type in "\\192.168.1.1" where you replace the ip in my example with the lan ip of the sme box. If you are vpn'd in you should be able to access the sme box by its lan ip - you can check by pinging that address.
if this works you should see the samba shares (ie ibays, hoem directory) pop in in explorer - you can then map a drive letter to this.
Once you have got it working, you should be able to use a script on your xp box - something like:
"net use z: \\192.168.1.1\myshare"
Does this help?
-
I can share and access and map drives from a local machine
Server is not behind a firewall
I can ping the server
The VPN shows connected
I can ftp files
but when I do a \\208.127.71.14 I get no connection
-
I can share and access and map drives from a local machine
Server is not behind a firewall
I can ping the server
The VPN shows connected
I can ftp files
but when I do a \\208.127.71.14 I get no connection
You need to use your internal IP address and not the external one.
-
My server has two nic's
One on my internal lan
One on my external lan
the external is connected to the internet
the internal is behind a firewall
the external is 208.127.71.14
so explain that statement please
-
My server has two nic's
One on my internal lan
One on my external lan
the external is connected to the internet
the internal is behind a firewall
the external is 208.127.71.14
so explain that statement please
What is the IP address of your internal nic?
What does "the internal is behind a firewall" mean. Your SME server is a firewall, do you have an additional firewall installed?
-
I have a internal LAN 10.10.26.1 - 255
The IP's are assigned by my router
All my computers are connect to that Router including one of the NIC's
on the SME. It uses a static address.
I also have six static IP address's in the INTERNET world
I have the router connected to the INTERNET using 208.127.71.12
I also have the second NIC on the SME server
connected to the INTERNET with a static
IP of 208.127.71.14
Reason? I have a domain registered to that IP
so email, file access, and web access from the internet
is a lot easier to set up and maintain
So all my computers are behind a router/firewall
with easy local access to my server files
and I have easy access to the INTERNET side of the SME server
except I can seem to get ftp set up correctly the way I want it
as well as VPN
-
When you establish a VPN connection what you are doing in fact is becoming a part of you LAN. That means all ip addressing becomes local.
If for example you access your server using \\10.10.26.10 when on the LAN, once you establish the VPN you access it using exactly the IP address.
-
I have a internal LAN 10.10.26.1 - 255
The IP's are assigned by my router
All my computers are connect to that Router including one of the NIC's
on the SME. It uses a static address.
I also have six static IP address's in the INTERNET world
I have the router connected to the INTERNET using 208.127.71.12
I also have the second NIC on the SME server
connected to the INTERNET with a static
IP of 208.127.71.14
Reason? I have a domain registered to that IP
so email, file access, and web access from the internet
is a lot easier to set up and maintain
So all my computers are behind a router/firewall
with easy local access to my server files
and I have easy access to the INTERNET side of the SME server
except I can seem to get ftp set up correctly the way I want it
as well as VPN
What kind of a configuration do you have???
Do you have 2 internet connections? Why is your SME connected to the router if it is in front of the router? Why do you use a router?
If your SME is behind the router it should be in the same range (or do you use DMZ?).
-
QUOTE"
What kind of a configuration do you have???
Do you have 2 internet connections? Why is your SME connected to the router if it is in front of the router? Why do you use a router?
If your SME is behind the router it should be in the same range (or do you use DMZ?).QUOTE"
I explained all that above
-
I am setting on a LAN right now with DHCP address's of
10.10.26.0 - 255
My home Lan behind my firewall is also 10.10.26.0 - 255
DHCP assigned by my router
My SME server has an internel address of 10.10.26.100 Static
My SME server has an external address of 208.127.71.12
All Internet web access gets to the SME server using 208.127.71.12
Your saying when I connect to the server using VPN pointed to 208.127.71.12, that at that point I need to map to 10.10.26.100
However if im already on a LAN that is using 10.10.26.0 - 255
the local system I am on is gonna look for a local address of 10.10.26.100 not go out the VPN to look for it. Now does this machine I a on need to be part of my home local workgroup??
Now your gonna ask, why have the SME outside and inside the router/firewall ?
Think about it....
With the SME outside, it is a lot easier to configure for all web activities
With the SME inside it is a lot easier to configure for Local LAN file sharing
-
So if I understand you correctly, your setup is something like this?
/208.127.71.12>Router----\
Internet< >10.10.26.xxx Internal Network
\208.127.71.14>SME Server/
-
When you VPN into your server from outside, that machine becomes part of the local network (that is what a "Virtual Private Network" is). Your remote machine will accuire an IP in the 10.10.26.xxx range and become a local machine and act just like any other connected to the local network.
You may however run into a small problem if your local network is getting DHCP from the router instead of the SME Server.
What are you using for your internal DHCP server, SME or the router?
-
So if I understand you correctly, your setup is something like this?
Code:
/208.127.71.12>Router----\
Internet< >10.10.26.xxx Internal Network
\208.127.71.14>SME Server/
_________________
Yes
That way full Internet access to the server, but Lan is fully protected
What are you using for your internal DHCP server, SME or the router?
Router
-
I would recommend to use different local address ranges; say your home network is 10.10.26-255, then your "remote network"should have an address range of 10.10.27-255. On top you have to limit the address range of your local network in order to be enable to allocate some addresses for your VPN. When you connect fm the remote PC to your local network, the "VPN Server" of you local network will consequently allocate via DHCP an address (which you have reserved) to your remote PC.
So far I do not know which software you use to establisch the VPN network - as far as the SME server is concerend, I recommend to go with VPN contrib - it is an easy exercise and it works.
gerd
-
What if I changed my local (home lan)
IP's from the 10.10.26.0- to say 10.10.30.0-
Alowed the DHCP on the router to issue 2-100 as local dynamic IP's
and reserve all above the 100 for alocation from the VPN or other
future requirements.
-
I would suggest you get rid of the router, it is redundant and the server does everything the router does anyway. SME is a server, firewall, gateway and a DHCP server (plus more) all in one.
Internet<->SME (in server/gateway with DHCP enabled)<->LAN
This is the simplest method and will achieve everything you need.
-
If you set your home machine to AUTOMATIC IP, and then make the vpn connection to your global IP, things will be simpler.
If you successfully create the VPN connection, you can access the SME shared ibays using the command line from Xp
NET USE Z: \\local 10 IP of the ntserver\shared Ibay name
I'm assuming your server is in a different work group or domain, so XP Explorer may not show show the VPN resources.
-
Wont use SME as my router
Computers are prone to failure
Hard box routers are less prone
I can handle a SME box crash, but not a network crash because
the SME box went down