Topic: IPSEC VPN and Port 80

[Sterling]

I have successfully set up 2 SME 5.5 servers with an IPSEC VPN tunnel between the two to connect the networks at our two locations. All is well and seamless until I try to connect to port 80 via http to one of the servers behind the SME 5.5 server remotely. If I change it all to use to port 81 everything works ok. I don't even know where to start on this one. Any ideas?

Thanks,
Sterling

[Lloyd Keen]

Can you supply more info on how you are trying to connect to port 80.

[Jáder Marasca]

And could you please explain how do you changed SME 5.5 to respond by another port than default (80) ?

I´m using a ISP that blocks port 80 and my router is unable to route 82  to 80.

Thanks!

Jáder

[Alphete]

Here you have the HOW-TO that explains how to change Apache's Listening port on SME.
http://www.familybrown.org/howtos/listen-port-howto.html

BTW, Sterling, could you explain to me (or show me a HOW-TO) about how to set up SME to work as a LAN-to-LAN VPN Router???
I'm trying to find a solution for connecting several networks (ones running W2000 Server, and others running SME as Firewall) on a mesh topology.
I heard that SME does not allow incoming pptp connections for inside hosts.
Thanks!

[Bill Talcott]

Alphete wrote:
>
> BTW, Sterling, could you explain to me (or show me a HOW-TO)
> about how to set up SME to work as a LAN-to-LAN VPN Router???
> I'm trying to find a solution for connecting several networks
> (ones running W2000 Server, and others running SME as
> Firewall) on a mesh topology.
> I heard that SME does not allow incoming pptp connections for
> inside hosts.
> Thanks!

http://myezserver.com/downloads/mitel/contrib/freeswan-0.4/

[Jáder Marasca]

Alphete wrote:
>
> Here you have the HOW-TO that explains how to change Apache's
> Listening port on SME.
> http://www.familybrown.org/howtos/listen-port-howto.html

I already had been there and even asked for help for his writer. But this is for SME 512 and I´m looking for help on SME 55. Even Mr Brown don´t know was to do this.

Thanks!

[Alphete]

Mmmm....I made it work, but on SME 5.12..
As a matter of fact, I rolled back my upgrade from 5.5 to 5.12 since I had a lot of problems with pop-before-smtp and other things like this.

[Jáder Marasca]

Yeah! I know. Just a few guys fix what isn´t broken, so SME 5.5 just on new installs... and there is so many reasons to do not install SME 55...
But I like to have a new version... by now I found a workaround to my problem.
Using DNS I was able to redirect all http://www.domain to http://httpS://www.domain

But this show a very borring screen about certificate...

On good routers I use a router translation from 82 to 80, but Zyxel 642R do not have this feature...
Neither Speed Touch Pro...

If you have a different approuch I´ll apreciate it!

Thanks!

Jáder

[Michael Smith]

http://myezserver.com/downloads/mitel/beta/freeswan-sme55/freeswan-howto.html

[Sterling]

I've outlined it the best I can here:

http://www.chavis.us/ipsec80.html

[Sterling]

Sorry it took me so long to reply. These are, in fact, the instructions I followed to get it to work on 5.5:

http://myezserver.com/downloads/mitel/beta/freeswan-sme55/freeswan-howto.html

Works beautifully, but my "port 80 through the tunnel" problem still persists, which I've outlined here:

http://www.chavis.us/ipsec80.html

The 192.168.100.64 machine behind the tunnel works locally, just not remotely through the tunnel on port 80 (port 81 is fine). It's running Microsoft IIS.

Thanks,
Sterling

P.S. I just tried FTPon port 21 through the tunnel to my XP Pro machine and it works great.

[Sterling]

I think I fixed it... I disabled squid and everything works now.