Topic: VPN Puzzle

[A.J.]

I am new to pptpd and have an unusual situation. My office gets its internet connection from an mpower partial T1 through an Adtran Total Access 608 T1 ATM. The Adtran specs says its IP router supports NAT/PAT, packet filtering, RIP V1/V2, Layer 2 PPP, and Frame Relay. My local Class C network uses static IP's in the 10.0.0.0 to 10.0.0.255 range.
   A few weeks ago I had mpower open up port 1723 and GRE to allow VPN remote access to my network.
    All worked well when I used an XP Professional box as the server. Worked flawlessly, in fact.
   I then installed 5.6, and upgraded to 5.6u3, on an older box (celeron 466 w/256mb ram) I didn't use anymore. I even followed the instructions regarding the pptpd bug.
    All seems to be well with the SME box except it can't be reached from the internet. I know the pptpd is working because I can connect to it locally. And I know that the firewall is configured to let VPN in because I can reach my network remotely if I reconfigure XP to receive VPN.
   I never had both SME and XP set to receive at the same time.

Thank you for any help or suggestions,
A.J.

[A.J.]

I forgot to mention that I configured VPN in the server-manager to accept 2 logins.

Thanks
A.J.

[A.J.]

I forgot to mention that I configured VPN in the server-manager to accept 2 logins.

Thanks
A.J.

[A.J.]

I forgot to mention that I configured VPN in the server-manager to accept 2 logins.

Thanks
A.J.

[Bill Talcott]

Are you connecting directly to the SME's IP, or a separate public IP? If it's coming in from a public IP, then the router would need to forward that traffic to the VPN server. If the SME isn't being swapped in place of the XP box (i.e. taking its IP), then the forwarding would be wrong (i.e. still pointing at XP instead of SME).

If the connection really is getting to the SME via the proper forwarding or using its IP directly, are you using a valid SME login/password? Sounds stupid, but people often forget little stuff like that when they've got several systems set up...

[Guck Puppy]

So the server is in server/gateway mode with two NICs?

I'd use nmap or some other port scanner to check that the 1723 port is open on the external NIC - bear in mind that you have to do that from a machine "attached" to the external NIC (i.e. on the net somewhere) - I mention that because even if you do a port scan of the external IP from the box itself you don't get an accurate listing.

G

[A.J.]

Thanks for the replies. I called mpower and it seems that the cable from the T1 modem needs to be a crossover cable. Problem solved.

Thanks again,
A.J.