Changes

To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network Control Panel (you may need to have your original Windows installation CD available). After it is installed (a reboot of your Windows system may be needed), you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. Once you're finished, you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your Network Neighborhood window, you should see your server workgroup listed there.

To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network Control Panel (you may need to have your original Windows installation CD available). After it is installed (a reboot of your Windows system may be needed), you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. Once you're finished, you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your Network Neighborhood window, you should see your server workgroup listed there.

{{DrawBoxNote|content=After changing the number of pptp clients allowed, the increased number of users is not updated until existing users have logged off.}}

{{Note box|After changing the number of pptp clients allowed, the increased number of users is not updated until existing users have logged off.}}

{{DrawBoxNote|content=PPTP uses TCP port 1723 and the Generic Routing Encapsulation (GRE) protocol. If you are using an external router or gateway to your server, and require an inbound VPN connection to support external users, you will need both TCP port 1723 and the GRE protocol to be forwarded.  

{{Note box|PPTP uses TCP port 1723 and the Generic Routing Encapsulation (GRE) protocol. If you are using an external router or gateway to your server, and require an inbound VPN connection to support external users, you will need both TCP port 1723 and the GRE protocol to be forwarded.  

However most PPTP passthrough routers only allow outbound connections. Not all allow inbound connections. Forwarding PPTP inbound is frequently unreliable due to the way PPTP works.

However most PPTP passthrough routers only allow outbound connections. Not all allow inbound connections. Forwarding PPTP inbound is frequently unreliable due to the way PPTP works.

{{DrawBoxWarning|content=To protect your network, the SME Server enforces the use of 128-bit encryption for PPTP connections, rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. If you are unable to establish a PPTP connection to your server, you should visit http://windowsupdate.microsoft.com/ and download the appropriate update. Due to the dynamic nature of Microsoft's web site, the page may appear differently depending upon the version of Windows you are using. In most cases, you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . You may need to install the 40-bit encryption update first, and then install the 128-bit encryption update. Note that with Microsoft's ActiveUpdate process, if you are not presented with the choice for this update, it is most likely already installed in your system.}}

{{Warning box|To protect your network, the SME Server enforces the use of 128-bit encryption for PPTP connections, rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. If you are unable to establish a PPTP connection to your server, you should visit http://windowsupdate.microsoft.com/ and download the appropriate update. Due to the dynamic nature of Microsoft's web site, the page may appear differently depending upon the version of Windows you are using. In most cases, you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . You may need to install the 40-bit encryption update first, and then install the 128-bit encryption update. Note that with Microsoft's ActiveUpdate process, if you are not presented with the choice for this update, it is most likely already installed in your system.}}

* TCP Port for secure shell access - Change the port the ssh client connects to the server, choose a  random free port eg. 822 This provides some protection from attacks on the usual port of 22.

* TCP Port for secure shell access - Change the port the ssh client connects to the server, choose a  random free port eg. 822 This provides some protection from attacks on the usual port of 22.

{{DrawBoxNote|content=By default, only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). Regular users are not permitted to login to the server itself. If you give another user the ability to login remotely to the server, you will need to access the underlying Linux operating system and manually change the user's shell.}}

{{Note box|By default, only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). Regular users are not permitted to login to the server itself. If you give another user the ability to login remotely to the server, you will need to access the underlying Linux operating system and manually change the user's shell.}}

* SSH clients

* SSH clients

[[Image:Local-networks.png]]

[[Image:Local-networks.png]]

{{DrawBoxNote|content=Depending on the architecture of your network infrastructure, the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. If you have questions regarding adding another network, you may wish to contact Contribs.org and visit the forums.}}

{{Note box|Depending on the architecture of your network infrastructure, the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. If you have questions regarding adding another network, you may wish to contact Contribs.org and visit the forums.}}

====Port forwarding====

====Port forwarding====

You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.

You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host. Doing so will permit incoming traffic to directly access a private host on your LAN.

{{DrawBoxWarning|content=Misuse of this feature can seriously compromise the security of your network. Do not use this feature lightly, or without fully understanding the implications of your actions.}}

{{Warning box|Misuse of this feature can seriously compromise the security of your network. Do not use this feature lightly, or without fully understanding the implications of your actions.}}

====Proxy settings====

====Proxy settings====