Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: mheymann on March 05, 2008, 05:07:45 PM
-
I have a SME 7.3 server and have a couple of questions about VPN access
If these questions have been answered please forgive me and help me find where
The situation is this, I have a couple of workstations on my LAN that are running
Ultra VNC with the proper port forwarding setup on the server so a user can
access their local desktop from a remote location (their home.) For the few
connections we currently have this is acceptable. It looks like we might have
a need for several more connections and I was looking at using VPN to allow
a connection from a remote system to pass through the server to a local
desktop. Most of the documentation seem to indicate that VPN is to allow a
remote user to connect to the server to access server resources.
-
Hi..
when you connect to the server via vpn you are "in".. your remote pc behave exactly as it is in your lan..
so, no problem to do what you want..
HTH
Stefano
-
I don't think you understand my question
I try to make a little diagram to better explain the layout and desired task
Internet ----------------------------- Remote Workstation
|
|
Router
|
|
SME Server in server Gateway mode ------- Lan workstation
I want to be able to connect from the remote workstation to the
lan workstation to access several different resources on the
lan workstation. I do not want the user to connect directly to the
SME server. The only resource on the SME server they would
use would be E-Mail and I have them using Horde webmail
The Idea is like the "Go To My PC" program
We have done this by installing VNC server on the Lan workstation
and creating the correct port forwarding rule on the server but the
number of connections and ports that are being forwarded is growing
and I am not sure this is a good idea
-
mmmhh...
maybe you don't understand.. :-)
connect via vpn to sme.. then you can connect to every lan vorkstation with every kind of program you prefer..
if you don't want to make a vpn, you can make a ssh tunnel
HTH
Ciao
Stefano
-
OK maybe I don't fully understand.
If I have an in house program on the C:\ drive of the Lan workstation
as well as an input data file on the C:\ drive of the Lan workstation
after I connect to the server via a VPN connection how would I connect
to the Lan workstation to say, run the local programs modify the text
files on the C:\ drive, or send output to the printer connected to
the paraelle port on the Lan workstation.
I must admit I am quite a noob about VPN and need help
-
my 2 cents: start reading about RDP
-
If you connect via VPN to the SME Server the Remote Workstation get's a local IP. So it is in the same LAN as the LAN Workstation. That means you can access the LAN Workstation in exactly the same way as if you are using another LAN Workstation.
Hope that helps
Niklas
OK maybe I don't fully understand.
If I have an in house program on the C:\ drive of the Lan workstation
as well as an input data file on the C:\ drive of the Lan workstation
after I connect to the server via a VPN connection how would I connect
to the Lan workstation to say, run the local programs modify the text
files on the C:\ drive, or send output to the printer connected to
the paraelle port on the Lan workstation.
I must admit I am quite a noob about VPN and need help
-
Let's clear up a couple of things here so the OP is fully aware before he dives into VPN:
1-VPN is a tricky beast, it uses port 1723 AND protocol 47. Protocol 47 (GRE) is not a port and therefor you can't just forward it and establishing a passthrough is difficult.
2-You can't VPN through an SME server to a local machine (as of now it doesn't work because of complications in #1).
3-You may have problems trying to establish a VPN through a router to the SME box (as in your setup) for the same reason as #1 but this depends on the router.
4-If you can VPN into the SME with your current configuration, trying to "run" programs or access large files on the local network over the VPN will be brutally SLOW.
I've always wanted to say this :-): "Like Confucius say"...look into RDP.
-
Remote access have a look at:
https://secure.logmein.com/home.asp?lang=en
-
mheymann
Perhaps you have missed the following concepts to do with normal VPN into a sme server & remote network.
After establishing a VPN connection with the sme server, users then need to connect to shares eg
to map a ibay do
net use N: \\serverIP\ibayname
or
net use N: \\servername\ibayname
to see all server shares do
\\serverIP
or
\\servername
to connect to a workstation C: drive (that has been shared in Windows) do
\\workstationname
or
\\workstationIP
or
net use W: \\workstationIP\c
Note that if VPN'ing from behind another sme server, then the IP number and name of the local sme server & the remote sme server must be different.
-
Pfloor provided me with the answer i was searching
2-You can't VPN through an SME server to a local machine (as of now it doesn't work because of complications in #1).
This says that what I was hoping to do I am not able to do "oh well"
What I will need to do is
1- install VNC Server on the local machine
2- give the local machine a static internal IP address
3- create a port forwarding rule on the server to direct port XXXX to the static internal IP address of the local machine
4- have the user logon to "xxx.xxx.xxx.xxx:xxxx" (external IP address of server:port number)
from their web browser on their remote machine
This method works like "LogMeIn" or "GoToMyPC"
While this works, it is slow and more to the real issue is that for each connection
another port forward rule needs to be created which is another potential security issue
Thank you all for help
-
I say it 1 more time : Dig into RDP (Remote Desktop Protocol) ... Encrypted, fast & flexible.
-
If you want to connect directly to a workstation and not to the server at all, although it may not be possible to do this via VPN at the moment, depending on your needs you might consider RDP.
You can port forward a random port on your server to your workstation machine's port 3389. That way you can have direct RDP access to that machine. To access it you would need to RDP to something like http://yourServerAddress:2345 2345 would be the port you forwarded to your workstation's port 3389... etc
Probably not what you're after, but it's an option anyway... :-D
-
Dear All
I created this VPN Howto, I'm sure more practical tips can be added to it.
http://wiki.contribs.org/VPN_practical_tips
-
Your VPN guide was very helpful to me thanks. Also the RDP section explains the missing link needed for remote desktop into a lan workstation.
-
The setup you are looking for I have used for years with OpenVPN setup in routing mode. We have internal/LAN workstations running either Windows or Linux (CentOS) and we connect to them from home. The CentOS systems run a VNC server and I can from home connect to these without any problems from a VNC Viewer.
The setup we have used is as this:
http://wiki.contribs.org/OpenVPN
Regards,
Jesper
-
New user here so easy does it. Now reverse it for me. What comes to mind if my SME lan workstations need to access a remote desktop at a remote location so they can access a server based database? This database is behind a Cisco pix 515e on Windows 2003r2 software setup as domain controller.
Anything required from me on the lan workstation side using SME?
I know on the remote location I will have to configure that desktop for RDP, allow the pix to pass and possibly lock up this pc in the server room. Yes there will be slow access times but it's that or purchase a 900.00 thin client setup from database company. Am I thinking right or am I in left field again?