1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

failing miserably at vpn

Discussion in 'Networks' started by shaunyboy, Oct 1, 2004.

  1. shaunyboy

    shaunyboy Nibble Poster

    75
    1
    27
    Having passed various exams where I had to show I knew how to set up a VPN and having VPN'ed across different LANs at home I thought I would set up my W2KAS box as a RAS Server and have discovered I'm not as bright as my certs would suggest.

    I have a w2kpro client and a w2kas server, neither are members of any domain, I have a robotics router and have opened up all the ports I thought were necessary (and at one time I opened all ports out of frustration.... nice to see MSBlaster is still doing the rounds). I have tried DMZ's and forwarding, the closest I have got is hearing the servers hard drive respond but the client giving a 'the remote computer is not responding' error. I tried to log all info on the server but nothing has been written down.

    It is going to be painfully stupid. Please be gentle.

    And have a smashing weekend.[​IMG]

    Shaun
     
    Certifications: A+, MCSA, MCSE
    WIP: Exchange
  2. Sandy

    Sandy Ex-Member

    1,091
    2
    65
    Think about what you have just said and what you are attempting to do.
     
  3. shaunyboy

    shaunyboy Nibble Poster

    75
    1
    27
    Hi Sandy,

    Thanks for the reply, I admit I am still none the wiser. I have checked www.guidescentral.com/help/vpn.html (this is a reasonable site for newbie level questions btw) which gives step by step for setting vpn on a standalone and enabling access for users. I have done everything by the book, the server does seem to be responding because the hdd springs into life whenever I access it, I have opened up the pptp ports, is there another authentication port that I need to open or something?

    Enough geeky stuff, the pub is calling.
     
    Certifications: A+, MCSA, MCSE
    WIP: Exchange
  4. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    bit of a shot in the dark here, i never use windows for vpn tunnels
    but do you not need to open the isakmp ports? you are using keys to establish connections i assume?

    sorry, again its just a shot in the dark
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  5. shaunyboy

    shaunyboy Nibble Poster

    75
    1
    27
    Hi Phoenix,

    Keys are needed (iirc) when using l2tp and ipsec which is WAY too confusing for my woefully inadequate brain, I use pptp to keep it simple.

    Now I think about it I have seen zonealarm cause problems on lans using workgroups, I seem to remember port 113 needed opening for it to work.

    I also think, seeing as the server is responding but my client is saying it is not responding, that a response may be sent from the server to the client on a port I have not thought of opening.

    Or maybe my ISP is not GRE friendly, or maybe my router is not GRE friendly.

    Grrr.[​IMG]
     
    Certifications: A+, MCSA, MCSE
    WIP: Exchange
  6. shaunyboy

    shaunyboy Nibble Poster

    75
    1
    27
    Just looked at your post again Phoenix, I guess you use SWAN or something similar. I am trying to remove windows whenever possible, (especially after reading Mr Myers interview on this site), could you point me to a good howto on how to set up a vpn server on a linux box if you know of one?

    I'll have a google in the meantime.

    Cheers,

    Shaun
     
    Certifications: A+, MCSA, MCSE
    WIP: Exchange
  7. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    actually i tend to use PIX firewalls :)
    gonna play around with a linux VPN tho, looks interesting
    and i dont have a 3k PIX at home
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  8. wizard

    wizard Petabyte Poster

    5,763
    35
    174
    I think what Sandy is saying is put them in a domain?
     
    Certifications: SIA DS Licence
    WIP: A+ 2009
  9. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    yes but you shouldnt need a domain to establish a VPN
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  10. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    Yeah, a mate and I set up a VPN in no time.A windows one as well, worked fine.There's nothing wrong with Windows VPN's if you implement them correctly.
    I think I logged into a domain, but like Pheonix said, I don't think they have to be domains.Anyway I still have the VPN connection on my desktop and it was a real buzz connecting to remote resources.Also connected to his Exchange server and sent direct emails to him using Outlook.

    But I suppose I realise what Sandy meant now with his "throwing dummies out of prams remark" in a previous thread.

    I recall that port 1723 has something to do with VPN.

    Maybe if you'd aim to set up a Windows VPN again, you could start this thread up again and we'll see if we can resolve your VPN's problems.
    On the other hand if you just give up after a few stumbling blocks, and conclude that Linux VPN is flawless and you'll have no problems, then fine.
     
  11. Sandy

    Sandy Ex-Member

    1,091
    2
    65
    Hi Guys

    Finally finished some work for my OU stuff.

    Firstly, what are you trying to do - simple set up a VPN

    Right now lets see what we have got.

    What are we attempting to connect to?
    What are we attempting to connect with?
    What are we attempting to connect through?

    Break the problem down into small chunks and understand what the technical issues are with each bit.

    Flex, how did you finally set it up.
     
  12. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    I connected to his machine.It was a while ago now, so trying to remember the actual config.
    But basically I connected to his machine directly through a VPN.

    We both worked on it setting it up.As far as I recall we just followed the instructions in the books/obline resources etc.
    Must admit, it didn't work correctly at first for some reason, but it worked in the end.
    Sorry to be vague, but this was over a year ago.Once it was set up though, it worked fine, and probably still works fine today.
    I speak to my fellow conuteach victim through yahoo.When I enxt catch him I'll have a chat and recap on it, then post here.
     
  13. Cartman

    Cartman Byte Poster

    210
    0
    9
    Sounds interesting in a cert obtaining way if you know wot I mean, lol.

    If you can remember more about it Flex, then please post about it - you have a captive audience[​IMG] .

    Strangely you seem to mis-spell that name quite often - cant imagine why?
     
  14. Sandy

    Sandy Ex-Member

    1,091
    2
    65
    Flex

    May I share a wee secret...

    The key to Information Technology is documentation!

    My usual bland statement - you may well say. But the number of times I have been called into an organisation where they have been having problems and I ask the very pointy question "can I see your systems documentation" and have been greeted with the reply "what documentation" is frightening.

    In the real world and in the Cert world puting together clear documentation will help you, and others, understand what you are playing with.

    Sermon over for today.
     
  15. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    Yeah that can't be stressed enough, and I totally agree.

    If you search certtuor or this site I believe I've started threads on network documentation, asking what people use, what are the most important things to documents etc, and in fact stressing the point myself about the importance of documenting.

    That doesn't exonerate me from the fact that I never documented the VPN scenario.It's just that like I've said, I did that scenario a long while ago, when just starting out with networking.I was probably too excited about building a tunnel through the internet than 'boring' documentation. :D

    Good point Sandy :iagree
     
  16. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    yup ill second sandy
    the ammount of places with no documentation is astonishing, it makes hand overs 100x harder and more dangerous, especially the types of places i have worked

    clients all need local admin because a piece of poorly coded delphi code needs it to run, it also connects to a server via hard coded ip not dns so changing thats out of the question, the ip range in use ofcourse is a stupid non standard ip scheme 169.198 (go figure)

    oh yes, and none of this is documented!

    I usually spend my first few days/weeks at a site recording everything i learn, and preparing visio documents on it, i can map out IP schemes, network connectivity, physical connections, incoming lines, then write up things like backup and restore procedures, and work out how long it may actually take for a restore if catastrophe hit (scariest was a insurance broker with a recovery time of over 48 hours!!! on a mission critical piece of kit which had redundancy that wouldnt actually work)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0

Share This Page

Loading...