Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: JoshuaR on August 20, 2007, 09:32:34 AM
-
Hi guys and sorry for bothering everyone again with newbie questions.
I've tried to set up my server with VPN access (which looked pretty simple :o) Anyway, I've changed the number of connections allowed and enabled the user account to accept VPN acces like it said in the documentation.
Problem is, I can't get it to work :smile:. I've tried to set up the connection from a separate network but it won't connect--the computers (I've tried on XP and 2K) up with an error 796 that it can't reach the host. I'm using the SME server that has the VPN also as a proxy with DHCP etc, and while on a computer on that same LAN I can connect via VPN with the same settings...so is it a problem with external access...maybe a port isn't open? I don't know :sad:...
Any ideas? (Btw, I've searched the forums etc so excuse me if I've repeated a topic)
Josh
-
- which version of SME do you use
- which OVPN contrib do you use?
It seems rather strange when you say:
".... and while on a computer on that same LAN I can connect via VPN with the same settings...so is it a problem with external access...maybe a port isn't open? I don't know ..."
because I don't think it's possible to connect with a computer on the same LAN via VPN. Pls note:
- on the remote PC which has to be connected to local LAN (with the SME as a server) you have to use a different LAN address fm the loacl LAN!!!!
- Did you allocate a LAN address range on the SME server for the OVPN remote PC's via DHCP?
- did you enable for the user wich shall use OVPN the VPN feature in the SME webinterface??
- no need to modify a what-so-ever port (it's OVPN), that is to say the PC/notebook is considered to be a part of the local network.
Believe me, it is simple - but you need to understand frist the OVPN mechanism! In this context I would recommend to use the search function of the forum.. I must confess I needed some time to understand OVPN, and now its really simple.
regards
gerd
-
Some firewalls/routers don't/can't handle GRE packets that are involved with PPTP VPN connections that are used by SME. GRE is a protocol and does not bind to a specific port so you can't just "forward" them. Port 1723 is used to establish the connection itself but without the ability to forward the GRE packets, it won't work.
If you have a firewall/router between your SME Server and the the client that is trying to connect, you need to forward port 1723 and make sure the firewall/router is capable of handling VPN connections that use GRE.
Please tell us your network setup including what kind of routers and firewalls you are trying to transverse.
".... and while on a computer on that same LAN I can connect via VPN with the same settings...so is it a problem with external access...maybe a port isn't open? I don't know ..."
because I don't think it's possible to connect with a computer on the same LAN via VPN.
I don't know where this misconception is coming from (I have seen this posted before) but you can certainly connect via VPN through your local LAN. I have done it many time and am connected to it as I am typing this right now.
-
pfloor;
newbie question -- why would you want or need to connect via vpn when you are on the local network?
tia
-
pfloor;
newbie question -- why would you want or need to connect via vpn when you are on the local network?
tia
No real reason, just to see if it works.
Kinda the "Forest and the tree thing" :-)
-
Wow, thanks for all the responses.
First off gerd, I'm using SME server v 7.0pre4, umm, and I guess this is dumb but I thought that the server came with the necessary contrib/or whatever package by default :sad:.
because I don't think it's possible to connect with a computer on the same LAN via VPN.
I don't know ... :sad: pfloor thinks so
I don't know where this misconception is coming from (I have seen this posted before) but you can certainly connect via VPN through your local LAN. I have done it many time and am connected to it as I am typing this right now.
I thought you needed to be on a different subnet to connect, maybe that's where the misconception is from? Like I said--I don't know... but never-the-less that's what it says.
I have a remote DNS account set up so I can still dial in when my IP is renewed. I wouldn't think that'd mean anything, but I thought I'd mention it just in case.
- on the remote PC which has to be connected to local LAN (with the SME as a server) you have to use a different LAN address fm the loacl LAN!!!!
- Did you allocate a LAN address range on the SME server for the OVPN remote PC's via DHCP?
- did you enable for the user wich shall use OVPN the VPN feature in the SME webinterface??
- no need to modify a what-so-ever port (it's OVPN), that is to say the PC/notebook is considered to be a part of the local network.
-yep, got that. It's in a different range.
-I specified a LAN range for the DCHP on the local network, but when I set it up initially I wasn't aware I had to specify a remote PC DHCP range :roll:
-yep, I mentioned that in my post
-sweet
Ok, pfloor.
Please tell us your network setup including what kind of routers and firewalls you are trying to transverse.
My network is very simple. Modem>SME server>WAP>Client PC's(about four)
My modem doesn't route or have a firewall setup--I've set it just to bridge, so I don't think that it should be a problem forwarding the GRE packets.
imcintyre, pfloor is exactly right, it was just to see if my logon settings were correct + at that moment I didn't have access to a remote computer to test the access out with :D
I'm beginning to think it might be a problem with the remote network and not mine... :sad:
Actually, I'm kinda hoping that it is :P
PS, sorry if this was a long post--lots of answers to write out :lol:
-
First off gerd, I'm using SME server v 7.0pre4, umm, and I guess this is dumb but I thought that the server came with the necessary contrib/or whatever package by default :sad:.
It does, it's called pptp (Gerd assumed that you had added the OpenVPN contrib, which I don't think you have). And WHY are you using 7.0pre4???? The reason it's a pre is because not all the bugs had been fixed...... 7.2 works very well.
Paul's answers are vs. the inbuilt pptp connection (as mentioned in the manual) and are correct.I have a remote DNS account set up so I can still dial in when my IP is renewed.
That's what Dynamic DNS is for (like DynDNS and Zonedit). The smeserver will automagically update the IP when it changes.
Trevor B
-
Hi Trevor,
I'm just running the version that a friend gave me...in fact, until I got asked, all I knew was that it was version 7.x no idea that it was a pre...umm, this is a stupid question, but the way I checked the version was just by looking at what the server manager said at the bottom of the welcome page--is that an accurate way to check?
That's what Dynamic DNS is for (like DynDNS and Zonedit). The smeserver will automagically update the IP when it changes.
Umm yeah, that's why I've got it...
BTW, thanks for the post, I'll see if updating helps...I'll have to do it later though when there's no traffic--just in case.
-
A lot of the preX versions had VPN bugs in them. You are wasting your time trying to get VPN working until you update your server to 7.2.
You need to update and I would suggest downloading 7.2 and doing a CD upgrade. This is a safer bet and should work.
I don't know if you can yum update from pre-4 to 7.2 (it should in theory work), you'll just have to give it a try. It will be tricky as the yum repos have changed since then and may require some manual changes BEFORE you do anything. CAREFULLY READ (then read again) and then follow the update instructions here: http://wiki.contribs.org/Updating_to_SME_7.2 (http://wiki.contribs.org/Updating_to_SME_7.2).
You MUST update yum and it's related packages first, post-upgrade, reboot. Then I would update the e-smith/SME related packages, post-upgrade, reboot. Then update everything else. Try to do it in smaller steps as almost everything will get updated and your download will probably be 300-400 MB (might as well download the ISO :-))
Note: You can connect via VPN on the local network but you'll have trouble browsing the network because your your local connection and the VPN will be on the same subnet. I think this is where the misconception comes from. Local VPN will successfully connect but isn't very useful for anything other than testing if it works.
-
A lot of the preX versions had VPN bugs in them. You are wasting your time trying to get VPN working until you update your server to 7.2.
I'll update it over the weekend when it won't matter so much if the network is down. (and I'll follow those steps exactly)
Thanks very much for the help everyone--I hope this works lol.
can't believe I was running a pre... :roll:...so dumb...anyways, thanks again.
Josh
-
Josh,
in case you want to have a OVPN solution which is really simple to set up, then I recommend to use
the OVPN contrib (see: http://sme.firewall-services.com/), provided that the features of this contrib
fits to your requirements. It works fm scratch on the SME7.2.
regards
gerd
-
Thanks gerd,
I'll have a look at that. If I'm hearing right, PPTP isn't as reliable, so that might be the better option.
Cheers,
Josh
-
Josh;
I have had the opvn contrib for some time and it works perfectly and solves the problem that occurs if you want to be able to vpn from out of an sme server (eg home to work) and later into an sme server (work to home).
IMc
-
Hi imcintyre,
I've been hearing good things about the opvn contrib, and actually I'm gonna have to get to SME-server based networks communicating via VPN, so that's good to hear :-D.
Anyway, I'm posting just to say thanks, and let those who posted know that I've updated to SME 7.2, and as far as I can see, everything is working fine. :-)
Talk to you guys later (as no doubt I'll have to :lol: )
Now, on to integrating Vista into the network... :-x
Josh