Difference between revisions of "VPN practical tips"
RayMitchell (talk | contribs) (renamed Howto) |
RayMitchell (talk | contribs) (server name & IP note enhanced) |
||
Line 44: | Line 44: | ||
===Establishing connections & drive mapping=== | ===Establishing connections & drive mapping=== | ||
− | {{Note box|The following presupposes that if VPN'ing from behind another sme server, then the IP number and name of the local sme server & the remote sme server are different.}} | + | {{Note box|The following presupposes that if VPN'ing from behind another sme server, then the IP number and name of the local sme server & the remote sme server are different ie if the local sme server's local IP is 192.168.1.1 then the remote sme server's local IP must be 192.168.2.1 etc, if the local sme server's name is server1 then the remote sme server's name must be server2 etc.}} |
+ | |||
After establishing a VPN connection with the sme server, users then need to connect to shares | After establishing a VPN connection with the sme server, users then need to connect to shares | ||
Line 66: | Line 67: | ||
or | or | ||
net use W: \\workstationIP\c | net use W: \\workstationIP\c | ||
− | |||
===IPSec network to network VPN=== | ===IPSec network to network VPN=== |
Revision as of 05:33, 8 March 2008
Virtual Private Networking (VPN) practical tips
Overview
This Howto gives practical examples regarding using VPN and making connections to remote servers and workstations.
Please refer to seperate Howtos for configuration of the VPN client on Windows 2000, XP and other workstations
http://www.domain-logic.com/support/secure_tunnel_w2k.htm
http://www.domain-logic.com/support/secure_tunnel_XP.htm
Background information
VPN uses port 1723 and protocol 47.
In server & gateway mode your modem should be configured in bridged mode and automatically forwards all traffic to the server.
In server only mode, your router must be configured to forward port 1723 to your server and must provide full support for protocol 47. Note that protocol 47 (GRE) is not a port and therefore you cannot forward it. Not all routers support this protocol so VPN is not always possible in this network arrangement.
You cannot establish a VPN passthrough connection through an SME server to a local machine due to problems with the sme server supporting the passthrough of protocol 47 (GRE).
VPN connections to workstations will run very slowly. It is not advisable to run programs across VPN connections, even with fast broadband Internet speeds. This applies to scenarios where a VPN connection is established to a sme server, and then a connection is made to a workstation on the remote network.
Check that the VPN user(s) in server-manager User panel are allowed VPN access
Check that the "Number of pptp clients" in the "Remote access" panel in server manager, is set to more than zero
Check that the connection is set to "Negotiate multi-link connections" in the Windows VPN client setup
Check that the VPN connection/service is allowed access through a personal firewall on Windows workstations
Please read the sections of the SME server manual that relate to VPN
For further information please also search the forums and bugzilla for numerous reports of localised and other issues using VPN
Establishing connections & drive mapping
After establishing a VPN connection with the sme server, users then need to connect to shares
to map a ibay do
net use N: \\serverIP\ibayname
or
net use N: \\servername\ibayname
to see all server shares do
\\serverIP
or
\\servername
to connect to a workstation C: or D: drive (that has been shared in Windows) do
\\workstationname
or
\\workstationIP
or
net use W: \\workstationIP\c
IPSec network to network VPN
For establishing a permanent VPN connection between networks see http://wiki.contribs.org/Ipsec
Remote Desktop Protocol (RDP)
A good alternative to access workstations behind a SME server on a remote network, is Remote Desktop Protocol (RDP). It uses encrypted connections, is fast and flexible.
In use, forward a chosen port (say 2345), either in the port forwarding server manager panel (sme in server gateway mode) or in your router (sme in server only mode), to port 3389 on a workstation, which will allow direct RDP access to that workstation using a URL like http://yourdomain:2345
See
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
http://msdn2.microsoft.com/en-us/library/aa383015.aspx
http://support.microsoft.com/kb/186607
Reference links
http://forums.contribs.org/index.php?topic=40314.0
https://secure.logmein.com/home.asp?lang=en
http://wiki.contribs.org/Ipsec
http://www.domain-logic.com/support/secure_tunnel_w2k.htm
http://www.domain-logic.com/support/secure_tunnel_XP.htm
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
http://msdn2.microsoft.com/en-us/library/aa383015.aspx
http://support.microsoft.com/kb/186607
The following is for general reference purposes only and is not strictly applicable to SME server. http://pptpclient.sourceforge.net/howto-diagnosis.phtml