Koozali.org: home of the SME Server

PPTP and Iphones

guest22

Re: PPTP and Iphones
« Reply #30 on: August 13, 2017, 02:28:28 PM »
I once messed up a corporate network by enabling the DHCP service on one of my very first RedHat 5.x boxes on the corporate network within the same subnet. That was fun!!! ......

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: PPTP and Iphones
« Reply #31 on: August 14, 2017, 01:52:18 AM »
:-) mate I am no networking guru, just bumble along until it works, when it doesn't work go back and start again.

Have gone back into what is actually  five softether installations, 1 x VM server only, 2 x standalone server only, 2 x standalone server/gateway. Softether install is as per wiki.

Of the two in server only mode, both with DHCP disabled, both with ports forwarded to localhost, both modem/routers have port forwarded to the sme ip - 1 has to have the virtual nat enabled to work the other does not, the only difference between the two is the brand of modem-router. 1 x TPlink, 1 x Billion, the billion is a 7700N R2 needs the virtual nat.

Theres some food for thought for you bosco555
« Last Edit: August 14, 2017, 01:54:20 AM by TerryF »
--
qui scribit bis legit

guest22

Re: PPTP and Iphones
« Reply #32 on: August 14, 2017, 05:06:02 AM »
Just curious, did you try the LDAP part yet?

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: PPTP and Iphones
« Reply #33 on: August 14, 2017, 05:15:58 AM »
Just curious, did you try the LDAP part yet?

No..is it worthwhile..
--
qui scribit bis legit

guest22

Re: PPTP and Iphones
« Reply #34 on: August 14, 2017, 05:18:17 AM »
No..is it worthwhile..


Dunno, I'm using it and was curious if somebody else does. Obviously permissions like PPTP options in server-manager are not present, but then again the VPN Manager of Softether provides some options.

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: PPTP and Iphones
« Reply #35 on: August 14, 2017, 09:13:54 AM »
Standby for a tryout :-) certainly has its advantages.
--
qui scribit bis legit

Offline bosco555

  • ****
  • 152
  • +0/-0
Re: PPTP and Iphones
« Reply #36 on: August 14, 2017, 09:44:06 AM »
Hi Guys,

Managed to get it working. Remote devices can VPN to the SME through Iphone hotspots

I found that you have to do all the db portforward_tcp rules on the sme server from the command line,

and that the remote device gets an IP address, but doesn't get a gateway. Need to test further to see what the issue is.

guest22

Re: PPTP and Iphones
« Reply #37 on: August 14, 2017, 10:38:28 AM »
Hi Guys,

Managed to get it working. Remote devices can VPN to the SME through Iphone hotspots

I found that you have to do all the db portforward_tcp rules on the sme server from the command line,

and that the remote device gets an IP address, but doesn't get a gateway. Need to test further to see what the issue is.


Congrats, good it is working. Can you provide details on the commands you have used and other stuff you did please?

Offline bosco555

  • ****
  • 152
  • +0/-0
Re: PPTP and Iphones
« Reply #38 on: August 14, 2017, 10:45:26 AM »
Sure thing, they are those in the wiki, namely:

#############################################
db portforward_tcp set 1194 forward Comment 'SoftEther OpenVPN' DestHost localhost DestPort 1194 AllowHosts ' ' DenyHosts ' '
db portforward_tcp set 5555 forward Comment 'SoftEther Management' DestHost localhost DestPort 5555 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 1194 forward Comment 'SoftEther OpenVPN' DestHost localhost DestPort 1194 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 500 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 500 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 1701 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 1701 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 4500 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 4500 AllowHosts ' ' DenyHosts ' '
signal-event portforwarding-update
#############################################

Basically followed the wiki to the "T"

Set SME server NOT to provide DHCP and configured the router to do that. Also opened the above ports on the router and forwarded as per wiki to the SME server.
Keep in mind to keep the IP-sec pre-shared key to 8 characters or less.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: PPTP and Iphones
« Reply #39 on: August 14, 2017, 10:49:37 AM »
Keep in mind to keep the IP-sec pre-shared key to 8 characters or less.

Seriously ??? !!!!
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline bosco555

  • ****
  • 152
  • +0/-0
Re: PPTP and Iphones
« Reply #40 on: August 14, 2017, 10:58:48 AM »
Seriously ??? !!!!
Well if you want to write a novel in there, then do the extra work, but I wasn't prepared to do that as I was pressed for time. Also, it works just as it is, so I'm not going to try to break it for the sake of extra characters, not at this stage at least.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: PPTP and Iphones
« Reply #41 on: August 14, 2017, 11:12:49 AM »
Well if you want to write a novel in there, then do the extra work, but I wasn't prepared to do that as I was pressed for time. Also, it works just as it is, so I'm not going to try to break it for the sake of extra characters, not at this stage at least.

No, my point was is that a limitation of the software, or just a comment ?

Just to make it absolutely clear for other users.

If it is a limitation of the software then that's pretty poor IMHO, and may put off other users.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

guest22

Re: PPTP and Iphones
« Reply #42 on: August 14, 2017, 11:27:50 AM »
No, my point was is that a limitation of the software, or just a comment ?

Just to make it absolutely clear for other users.

If it is a limitation of the software then that's pretty poor IMHO, and may put off other users.


This is a limitation of Softether. Pre-shared key is limited to 9 characters atm. A request has been made to expand this.

Offline bosco555

  • ****
  • 152
  • +0/-0
Re: PPTP and Iphones
« Reply #43 on: August 14, 2017, 11:28:30 AM »
Hahaha...no trouble, yes it is a limitation, but there is a workaround, look in the wiki just below the radius authentication heading...Sorry I stand corrected it was 9 characters. In any event, the software will warn you when you are over the limit.

guest22

Re: PPTP and Iphones
« Reply #44 on: August 14, 2017, 11:28:44 AM »
Sure thing, they are those in the wiki, namely:

#############################################
db portforward_tcp set 1194 forward Comment 'SoftEther OpenVPN' DestHost localhost DestPort 1194 AllowHosts ' ' DenyHosts ' '
db portforward_tcp set 5555 forward Comment 'SoftEther Management' DestHost localhost DestPort 5555 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 1194 forward Comment 'SoftEther OpenVPN' DestHost localhost DestPort 1194 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 500 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 500 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 1701 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 1701 AllowHosts ' ' DenyHosts ' '
db portforward_udp set 4500 forward Comment 'SoftEther SoftEther L2TP/IPSec' DestHost localhost DestPort 4500 AllowHosts ' ' DenyHosts ' '
signal-event portforwarding-update
#############################################

Basically followed the wiki to the "T"

Set SME server NOT to provide DHCP and configured the router to do that. Also opened the above ports on the router and forwarded as per wiki to the SME server.
Keep in mind to keep the IP-sec pre-shared key to 8 characters or less.


hehe, I wrote that part :)