Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Alan Lawrence on November 19, 2002, 12:14:30 PM
-
I am using SME 5.5 and have set it up to use PPTP, alowing 5 users to connect.
All works fine when trying to connect from muliple locations, as long as they all have different public ip addresses. Can have up to 5 people connected at any one time.
The problem is when trying to connect 2 clients from behind a cisco router running NAT. The error in the log on the SME server is 'Discarding out-of-order packet ....'.
Any one of these 2 clients connect on their own OK, just a problem when both trying to connect at the same time.
So is this a problem with using NAT, or a misconfiguration on the cisco router, or a problem with SME.
Many thanks in advance for any input into this problem.
-
That's the way PPTP works. The server can only have one connection per IP address, and the NAT-ed clients are using the same public IP address. You may want to look into Freeswan to set up a tunnel between the two networks, giving all those clients VPN access.
-
Thanks Bill, thats what i thought but needed to be sure, i have a few options available to me, vpn tunnel between 2 cisco routers, using public ip's for the two machines in question.
Thanks again for a quick response.
-
I experienced these PPTP problems beginning with SME 5.0. You might play with a e-smith 4.1.2 server. With 4.1.2, I was able to have more than one PPTP connection through 4.1.2 to the same external IP. Please post your results if you are successful.
Ryan
-
Not quite. I am using e-smith 4.12 and get the same 'Discarding out-of-order packet' error when more than 1 PC tries to connect using a common public IP. Can you share your experience since you have done it successfully?
Richard
Ryan wrote:
>
> I experienced these PPTP problems beginning with SME 5.0.
> You might play with a e-smith 4.1.2 server. With 4.1.2, I
> was able to have more than one PPTP connection through 4.1.2
> to the same external IP. Please post your results if you are
> successful.
>
> Ryan
-
Richard,
I don't have any of my documented installs and fixes for 4.1.2, but I think 4.1.2 uses the same kernal as 5.1.2, so the fix for 5.1.2 should work....simply activate the ipsec pass through module in the kernel with the following commands:
/sbin/e-smith/db configuration setprop masq ipsec yes
/sbin/e-smith/signal-event remoteaccess-update
I can't say if this is the absolute right command for 4.1.2, so you might research it before trying it.
By the way, this can't be done on a 5.6 or 6.0 box.......no such kernel mod exists at this time (that I am aware of).
have fun,
ryan
-
Hi Ryan,
Thank you for your respond. Are your steps for ipsec or pptp vpn connection?
Richard
ryan wrote:
>
> Richard,
>
> I don't have any of my documented installs and fixes for
> 4.1.2, but I think 4.1.2 uses the same kernal as 5.1.2, so
> the fix for 5.1.2 should work....simply activate the ipsec
> pass through module in the kernel with the following commands:
>
> /sbin/e-smith/db configuration setprop masq ipsec yes
> /sbin/e-smith/signal-event remoteaccess-update
>
> I can't say if this is the absolute right command for 4.1.2,
> so you might research it before trying it.
>
> By the way, this can't be done on a 5.6 or 6.0 box.......no
> such kernel mod exists at this time (that I am aware of).
>
> have fun,
>
> ryan
-
My previous posting commands for the ipsec kernel module will allow for multiple outbound ipsec (not for AH 51) connections. 4.1.2 out of the box should support multiple outbound/inbound pptp connections.
ryan