Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: indengr on August 03, 2008, 01:41:23 PM
-
I have SME running as a server only. It is not providing the DHCP. The rest of the machines are running XP except one running 2000. It all seems to be working ok for normal LAN. I now need to set up VPN to connect from the outside world. I can get the VPN tunnel connected but can see nothing on either side of the VPN. I can ping computers but not printers on the main (office) side. I think my problem is that there is no name resolution (WINS or DNS).
Has anyone else had this problem or know a solution?
Thanks,
-
what type of VPN are you using
are you using the one on sme if you want to connect to a network share you need to type \\ipaddres\share name like this \\192.168.0.1\share and make sure the ip address range on either side of the address is not the same like this 192.168.11.1 and the other side 192.168.1.1 other wise it will not work
if you want to type in the computer names rather than ip address for shares you will need to edit in windows c:\windows\system32\drivers\etc\ host file and add in your network
you connect to via the vpn and if you use domain logons you will also have to edit lmhost.sam and then save the file as lmhost with out the .sam i know this works as i have down this with VPN and exchange server's so you can use outlook and exchange via a vpn
when you say you can not ping printers are they connected to a pc then shared or do the printers have there own network cards
hope this helps
also if the server is in server only mode to see it you may need to port forward some ports to the server even if the sme server is doing the vpn you can use localhost to forward to its self
-
I am using a Linksys RV042 to serve as the VPN terminal for multiple VPN tunnels. The printers each have their own Network Cards, mostly HP printers with both the old and newer style network cards. I also have a FTP server running on a Windows XP machine that I can access without trouble.
I am using the RV042 to act as DHCP.
Can the SME server act as the WINS server or DNS if I set it to provide the DHCP also.
-
you could but you would have to use a custom template setup and add the extra options in dhcpd.conf as those 2 setting are not in there but can be added for wins support and dns in to it
high end vpn stuff like cisco and juniper do a better job but they cost large money
strange that you can not ping the printers will they ping from inside the lan
the thing is with VPN unless windows knows about the work group over the VPN you will not see them in my network places unless you add the network in to the host file in windows
you have a different ip addrwess range on one side of the vpn
as i said i had to do this with windows before to work with exchange over a vpn connection are you just wanting to access the SME server or all the work stations as well
-
Yes, I can ping any of the printers from the RV042 (office) side of the VPN but not from the BEFVX41 (home) side of the VPN.
It is critical that I can see the server but it is also important that I see the other units as well. It is also very important that I can access the printers that are connected to the LAN on either end.
I have 10.31.51.xxx on the RV042 side and 10.31.55.xxx on the BEFVX41 side.
I have an old server (Windows NT4.04 that I could set up on a special machine just to do the WINS if that would be the most practical solution. Seems funny that what seems such a simple task as recording and tracking a LAN name to a LAN IP address wouldn't be available in some other format. But there is MUCH that I am not familiar with about the WINS and DNS world.
-
Yes i know what you mean things that would seem simple are hard
if you can not see the SME server it has nothing to do with the wins part as linux does not use it
you still have a NT4 box wow man that is old i did start with NT3.1 and linucx with the old redhat 4 boy i feel old now
back to your problem are you running a firewall with the VPN have you done any port forwarding on the router at all
the linksys router VPN you are using it is not a modem so you have an ADSL modem in to the router can you give me a bit more information about your network setup do you use ADSL at work if you do have ADSL or another type of board band connection i need to know the lay out of you network setup so i can see how to fix this for you gone though the normal stuff
i will look at another way with out hacking the windows host file i will have a look tomorrow for you as i live in australia and it is 1am here now need my sleep
your ip address range is fine on both ends no problems there
-
I have not done the actual setup on the RV042 as our telephone IT guy did that. We have two DSL lines. One is set up in the WAN2 port for the telephones only. The other DSL line is brought in through WAN 1 and is everything except the telephones. The modems are in bridge mode for the WAN 1 but the WAN2 ( telephone) is not compatible so that is set up differently. That should not be any impact on this issue as we are coming in through WAN1 with the VPN setup.
The only firewall should be the firewall on the RV042. There is some port forwarding but that is for the other static IP addresses to specific machines for Remote Desktop applications.
Don't know what else might help.
Thanks.
-
that will do the trick
i am hitting the sack now will let you know tomorrow at some point of how to fix this
you know this is not really an SME problem because there is a problem with other PC on the network some people would say go and talk to linksys ETC but me i love to help people as far as i can go
i will let you know latter on today as it is AM now after i get up and have a look at some stuff now it is late here 2am almost
-
one last quick thing before i hit the rack you will need a win's server to resolve NetBIOS names i have an idea but i will check it out first then let you know latter on today better go to bed other wise i will do an all nighter trying to fix this which i have done before getting abit old for it now LOL
-
I understand that it isn't really an SME problem. I was just hoping that SME would have the capability of doing the DNS or maybe even acting as a WINS server to alleviate the problem. Will wait till tomorrow. Rest easy and THANKS.
Dave
-
for what i have found you need win's server so you could try this first of all switch the SME server over to server and gatway mode and put the bridged modem in SME server and setup the pptp server up in sme server you will need 2 network cards in the server then samba winbind will have to be turned on in sme server also set it up as the dhcp server as well
don't worry SME is very secure i have been use sme in gateway mode for years and the vpn server is very good in sme it uses poptop for pptp connection and you can have as many vpn tunnels in to sme server as well as port forwarding for RDP i have used the vpn server for many years with out a problem if you don't want to do it that way setup DMZ on the router and put the server ip address in the DMZ and setup the VPN server on SME that should work as well they way i have never tried but in theory it should work
i know the DMZ way works as i have tested it with a centos box and i can ssh in to it as well as webmail so the same thing should go with SME server
as i come up with some more stuff i will let you know you can send me an email if you like there is a email link on my profile
-
I am not very familiar with SME. If I set up SME that way will the computers on the other end of the VPN be able to see all of the computers and map to the printers that are on the LAN with the SME server?
-
that should be the case but you have to add some stuff to smb.conf for wins's stuff as i said there are a couple off ways around this thought from setting up SME in server and gateway mode and DMZ to hacking the windows host file i will test some of this stuff out myself to make sure it works i have sme running at home in server only mode in DMZ when i get to work tomorrow i will vpn in to my box and test this out i think the most fastest way is to setup the windows host file which i will try and test tomorrow if i am not out on the road to long
i was out all day today tomorrow should be in the office longer i have avery ealy start will let you know tomorrow
have you had much at all to to with Linux or just manly windows
how many VPN tunnels are you going to use
-
mainly just windows and only a little in getting SME set up. I had Ubuntu running before that. I have a long (feel old) experience all the way back to DOS. have done some programming so have some experience with line command, etc. Just not the familiarity with Linux and its unique commands.
I have 2 servers running in SME. The main server and a backup SMEbackup server. I use a sync program to synchronize the files from the main server to the backup server every 30 minutes. That gives me a cheap redundancy. I can set the backup server into gateway mode and experiment without taking down the main server. I just put a second NIC card in the backup server to be able to access the gateway. I have a block of static IP address so can use one of the other statics possibly to set up the VPN's. We will need at least 4 and maybe up to 30. Depends on how many individuals will want to work from home. but there are 4 remote offices, etc. that I know we will want set up.
-
indengr
A correctly configured sme in server gateway mode supports multiple VPN connections from different hosts.
Interconnecting equipment (routers etc) need to correctly support WINS.
You can only make one VPN connection from a host, meaning if you want 4 workstations at a remote location (same host) to connect via VPN to another sme server, it won't work.
You can make 4 (or many more) VPN connections from different locations (different hosts) quite OK.
The speed of the connection will greatly depend on the speed of the Internet connection at the main VPN server.
VPN connections are usually much slower, and not suited to running programs etc, but OK for uploading/downloading files, or opening smallish files across the connection.
If you want speed use a different technique.
If you want multiple VPN connections from workstations at the same location (host), you need to use a VPN tunnel like Open VPN or similar.
See
http://wiki.contribs.org/VPN_practical_tips
-
We had obtained and were setting up the Linksys RV042 on each end to act as the VPN tunnel. We won't be running programs exactly but we will be opening (and transferring) some relatively large files (50mB) with the CAD programs that will be running. It will be necessary to have up to 10 workstations at each end simultaneously being mapped onto the SME server at the opposite ends (both ways).
I had (niavely) thought that if we got the VPN tunnel set up between the two ends that the workstations at each end could see and utilize the same resources as the workstations at the other end. I realize there will be a speed consideration and we may need to go to a dedicated connection between the two offices. But the first step is to actually get the system working so we can actually map to the servers at each end.
-
It seems that we are talking about two different things here. There are two very different types of VPNs.
Site-to-Site VPNs (for linking two entire subnets)
Client/Host VPNs (For single workstations connecting to a remote subnet)
It seems like indengr is trying to do a site-to-site VPN with his routers.
mary is describing the built in pptp functionality of SME (Client/Host). I am not sure what zatnktel is working on but it seems like he has also switched to working with a client/host type of VPN.
I would leave workgroups and dns out of this at the moment. I know that multiple subnets across VPN work with SME as I use it myself.
1. Build the tunnel in the routers. Make sure it is linked and that you can ping the LAN IP of the routers from both directions. This must be done from inside each side of the network RDP is your friend
2. Test if you can ping the Printer/other device IP addresses from either side of the network. Workstation addresses do not work well for this test as local software firewalls can make it look like the ping is not working but actually it is.
3. Be sure to add the 10.31.55.xx subnet to your Local Networks in Server-Manager on the office SME and 10.31.51.xx on the Home SME here: http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Local_networks
4. Test that you can ping the SME IP address from both networks.
5. Test that you can login to server-manager from both locations using the IP address of the server
6. If you can get all of the above working, you should be able to map drives using the IP address of the server. At this point you are ready to start working with DNS if you still want to be able to browse by machine name and workgroup.
-
Once the VPN tunnel is connected on the routers I can see no reason why there should need to be firewall rules. Both networks will become trusted by the routers and adding the subnets to the local networks tab in server-manager should make them trusted to the SME.
-
mercyh: Thanks for the clarification on the two types of VPN. We are definately talking about site to site VPNs.
I am not at the home end and do not have an SME there (I can easily set one up to get this all working). We don't have an SME server at the other main office yet but will/can when we get to that setup. I am trying to get it working between my home and office here first before trying to do Albuquerque to Minneapolis.
I can ping the computers from the home (without SME) to the office but cannot ping the printers. I have not added the other area IP's to the trusted yet. I will work through your post and get it all done and see from there.
THANKS for the help.
-
I can ping the computers from the home (without SME) to the office but cannot ping the printers.
This makes no sense at all unless the printers have some sort of security that only allows you to print from the local subnet or you have assigned an IP and not assigned a gateway. They must have the vpn router assigned as the gateway or they will not be addressable through the tunnel.
-
:shock: simple when you know what you are doing. The gateway on the printers is set up to the gateway of the ip address of the printers. I will reset all the printers to have a gateway of the router just as the computers do. THANKS.
-
I think the only step that is left is to add the remote network subnet to the local network on the SME and you should be good to go.
-
I have gone through the steps and I can now map to a drive on the server from the remote site via the VPN. 8-) I haven't tried to do it with one of the printers. Think I will concentrate now on getting the Network Neighborhood to work. Guess I am going to have to get WINS Server or DNS resolved for that.
I will be out of this office for a few days now, in the Minnesota office, so will concentrate on getting those sites working up to this level.
I was able to open a couple of files across the VPN using AutoCAD 2008. One file took 2 minutes and the other 8 minutes just to open. That means that we are going to have to do something significant to speed up the process. I found that Redriver and Cisco both have application accelerator products that we will have to look at. They look expensive ($3,000 to $10,000 each end) so will do a lot of investigations before jumping on that bandwagon.
I hope you all recognize how much your input has helped me. I know that I certainly do. Can't thank you all enough for the HOURS and HOURS that you have saved me. Maybe I can get edgeecated enough to be able to help others. Actually spend a LOT of hours helping others in the Windows world so maybae it all evens out. Hope so.
Anyway, THANKS a bunch and will be back at it next week.
-
Bandwidth over VPN will be an issue if you are pulling down large data files.
Dmay mentions a product in this post http://forums.contribs.org/index.php?topic=41250.0 that I am personally not familiar with but may be an option for your situation.
EDIT: I see you mention the redriver product above.
-
my option works fine tested it today with windows host file
but as i can see other people have jumped in with idea's and they have more knowledge than me go with want they recommend as they have better knowledge
on a side point if you are going to have 20 people connecting via vpn that will use a lot of bandwidth you will need symmetrical ADSL that is the same as up and down with 20 people not sure but a min of 2meg up and down but with that many i think 4 meg up and 4 meg down would be the best but i think the cost would be high
ADSL2+ annex m would be more the go
-
zatnktel,
I have little or no knowledge of DNS/Wins server. My goal was to get the vpn working with IP addresses. Now that he has that going, I bow out. Your knowledge in the windows world is needed.
(from myself)
6. If you can get all of the above working, you should be able to map drives using the IP address of the server. At this point you are ready to start working with DNS if you still want to be able to browse by machine name and workgroup.
We have step 6 completed and I am out of my level of expertise.
PS> I have seen your work in the forums and respect and appreciate your knowledge and willingness to help. :cool:
-
Thanks mercyh
yes i have to know both server OS windows and linux as some people are stick in the muds and don't want to change from windows no matter what you say to them it is even free but they are MS borg's nuf said