Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Oluf Nissen on July 12, 2002, 11:54:26 PM
-
Hello everyone,
Having just come across the SME package, I thought I would employ it at my local church for information sharing and home access to church information. The setup is DSL with a Linksys BEFVP41 VPN/firewall/router and static IP on the external side. DHCP is provided internally by the Linksys box. It has PPTP forwarding enabled. For VPN access from home I want to employ SME, since it supports MS VPN clients.
My problem is how to set up the SME. I'm not sure if I should pick private server, private servergateway or public servergateway. Somehow the MS client needs to be able to connect to the VPN part of the SME behind the Linksys box. The issues I'm doubtful about are:
1) Do I set up SME with a second public IP on the external? How do I make the Linksys forward to that on it's LAN side?
2) Do I set up SME with DHCP on the external? How do I get the external VPN to find it through the Linksys in that case?
3) Do I buy another hub to put both the Linksys and the SME on the WAN side and circumvent all config problems? Guess this would be easiest.
Did I answer my own question there? I would like to get some advice on 1) or 2), if for no other reason than just to learn more. I've successfully tested the setup of SME with the VPN connection when not behind a firewall, so I have a little experience there.
-Oluf
-
Check out the documentation for public server gateway mode. This will allow you to replace the Linksys box with the SME server. The linksys is the hardware version of what SME does in Gateway and Server mode.
good luck
-
Ryan,
Thanks for your insights. My only comment to your suggestion is that my SME box (I didn't mention this before) is a Pentium 90, so for gateway functionality, I'd like to stick with the Linksys box for performance reasons (or am I too pessimistic here?). I also have this belief that the Linksys box is more secure, since I can't mess with it by adding stuff. I plan on adding things to the SME as budgets/donations allow us to upgrade the hardware on the SME. I am working with a very restricted budget, since it's a church.
-Oluf
-
I really doubt routing performance would be an issue even with a 486, and Ryan is right, the SME box should do everything the Linksys router will. Security shouldn't be a problem unless you make significant changes to the system.
-
Dan,
Thanks for the comments. I guess now I only need to kick myself for buying the Linksys router before learning about the SME package :-). Oh well. Maybe I'll buy the router for myself. Then again for the cost of that I can go to the local computer recycling place and get a decent PC and set it up at home... It is a bit bigger and noisier that way. Maybe not so great for an apartment where you can't really hide it anywhere.
-Oluf
-
This is what you have to do to vpn to your SME server behind the BEFVP41 firewall/router.
1. Configure the SME server as server only.
2. Disable DHCP service in your Linksys router. You have to do this to enable port fowarding.
3. Enable port forwarding in your Linksys router to forward TCP port 1723 to the local IP address of your SME server.
4. SME server can be configured as DCHP server for clients.