Difference between revisions of "VPN practical tips"

From SME Server
Jump to navigationJump to search
(added Howto)
 
(added RDP section)
Line 70: Line 70:
 
===IPSec network to network VPN===
 
===IPSec network to network VPN===
  
For establishing a permanent VPN connection between networks see
+
For establishing a permanent VPN connection between networks see
 
http://wiki.contribs.org/Ipsec
 
http://wiki.contribs.org/Ipsec
 +
 +
 +
===Remote Desktop Protocol (RDP)===
 +
 +
A good alternative to access workstations behind a SME server on a remote networkcontrol, is Remte Desktop Protocol (RDP). It uses encrypted connections, is fast and flexible, see
 +
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol  and  http://msdn2.microsoft.com/en-us/library/aa383015.aspx  and  http://support.microsoft.com/kb/186607
  
  
Line 81: Line 87:
  
 
http://wiki.contribs.org/Ipsec
 
http://wiki.contribs.org/Ipsec
 
The following is for general reference purposes only and is not strictly applicable to SME server.
 
http://pptpclient.sourceforge.net/howto-diagnosis.phtml
 
  
 
http://www.domain-logic.com/support/secure_tunnel_w2k.htm
 
http://www.domain-logic.com/support/secure_tunnel_w2k.htm
  
 
http://www.domain-logic.com/support/secure_tunnel_XP.htm
 
http://www.domain-logic.com/support/secure_tunnel_XP.htm
 +
 +
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
 +
 +
http://msdn2.microsoft.com/en-us/library/aa383015.aspx
 +
 +
http://support.microsoft.com/kb/186607
 +
 +
The following is for general reference purposes only and is not strictly applicable to SME server.
 +
http://pptpclient.sourceforge.net/howto-diagnosis.phtml
  
  
 
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]

Revision as of 23:02, 6 March 2008

Virtual Private Networking (VPN) concepts

Overview

This Howto gives practical examples regarding using VPN and making connections to remote servers and workstations.

Please refer to seperate Howtos for configuration of the VPN client on Windows 2000, XP and other workstations

http://www.domain-logic.com/support/secure_tunnel_w2k.htm

http://www.domain-logic.com/support/secure_tunnel_XP.htm


Background information

VPN uses port 1723 and protocol 47.

In server & gateway mode your modem should be configured in bridged mode and automatically forwards all traffic to the server.

In server only mode, your router must be configured to forward port 1723 to your server and must provide full support for protocol 47. Note that protocol 47 (GRE) is not a port and therefore you cannot forward it. Not all routers support this protocol so VPN is not always possible in this network arrangement.


You cannot establish a VPN passthrough connection through an SME server to a local machine due to problems with the sme server supporting the passthrough of protocol 47 (GRE).


VPN connections to workstations will run very slowly. It is not advisable to run programs across VPN connections, even with fast broadband Internet speeds. This applies to scenarios where a VPN connection is established to a sme server, and then a connection is made to a workstation on the remote network.


Check that the VPN user(s) in server-manager User panel are allowed VPN access

Check that the "Number of pptp clients" in the "Remote access" panel in server manager, is set to more than zero

Check that the connection is set to "Negotiate multi-link connections" in the Windows VPN client setup

Check that the VPN connection/service is allowed access through a personal firewall on Windows workstations


Please read the sections of the SME server manual that relate to VPN

For further information please also search the forums and bugzilla for numerous reports of localised and other issues using VPN


Establishing connections & drive mapping

Important.png Note:
The following presupposes that if VPN'ing from behind another sme server, then the IP number and name of the local sme server & the remote sme server are different.


After establishing a VPN connection with the sme server, users then need to connect to shares

to map a ibay do

net use N: \\serverIP\ibayname

or

net use N: \\servername\ibayname


to see all server shares do

\\serverIP

or

\\servername


to connect to a workstation C: or D: drive (that has been shared in Windows) do

\\workstationname

or

\\workstationIP

or

net use W: \\workstationIP\c


IPSec network to network VPN

For establishing a permanent VPN connection between networks see http://wiki.contribs.org/Ipsec


Remote Desktop Protocol (RDP)

A good alternative to access workstations behind a SME server on a remote networkcontrol, is Remte Desktop Protocol (RDP). It uses encrypted connections, is fast and flexible, see http://en.wikipedia.org/wiki/Remote_Desktop_Protocol and http://msdn2.microsoft.com/en-us/library/aa383015.aspx and http://support.microsoft.com/kb/186607


Reference links

http://forums.contribs.org/index.php?topic=40314.0

https://secure.logmein.com/home.asp?lang=en

http://wiki.contribs.org/Ipsec

http://www.domain-logic.com/support/secure_tunnel_w2k.htm

http://www.domain-logic.com/support/secure_tunnel_XP.htm

http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

http://msdn2.microsoft.com/en-us/library/aa383015.aspx

http://support.microsoft.com/kb/186607

The following is for general reference purposes only and is not strictly applicable to SME server. http://pptpclient.sourceforge.net/howto-diagnosis.phtml