Re: VPN connection, but no LAN traffic.
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Fri, 29 Jul 2005 21:41:31 +0000
Mark Foster wrote:
Sorry, I didn't really explain that awfully well. So I'll explain a bit more in detail.First of all, you won't be able to 'set the machines up on the server'.
Ok, we have a single NIC based server network with a Linksys WRT54G router performing DHCP duties. 4 Windows XP Home machines and 1 Mac are also connected. I have fully set-up the VPN on the server, and the client machines are able to connect.
Client machines use the VPN connect software from SBS 2003. They are given an IP address within the 10 address range specified. The problem is that they are unable to connect to the server remotely to map drives.
One last thing, although I am not sure if it's an issue is setting up the machines on the server. This has not be done yet through the user set-up wizard.
XP Home cannot join the SBS domain. You need XP Professional to do that.
I have no idea if a Mac can do so, but Microsoft will certainly have
intended that it should not. The XP Home machines will be able to do some things, but not all that a domain machine can do. You probably
know that it is difficult to set file permissions on XP Home, which
alone is enough to make it undesirable on a network machine.
A VPN client may or may not be a domain member. Some facilities are available to a client which is joined to the domain which are not available otherwise, notably network browsing. XP Home can be a non- domain VPN client.
One of the things we can see at this stage is that DHCP is not correct. The SBS *must* be the DHCP server, as it passes a number of things other that the IP address to the other machines. One of these things is the address of the DNS server, i.e. its own LAN address. Without having SBS as its DNS server, a potential client is never going to work properly.
Second point: when you say 'the 10 address range specified', do you mean
that you have set up a pool of addresses for VPN which are not in the
same subnet as the SBS? If so, this will not stop a VPN connection from
occurring, but it will stop a number of other things. Most importantly,
the VPN client will have no idea how to reach the SBS subnet, which
contains its DNS server, among other things. There is probably a
scenario where a non-overlapping VPN pool is required, but I haven't yet
worked out what it is. The only thing I can think of is that if the VPN
pool is within the SBS LAN subnet, but not in its DHCP pool, it is
easier to see which addresses belong to VPN clients. Leave this range unspecified, and let SBS allocate addresses from its own DHCP range.
This works a lot better.
As to the VPN, quite a few things have to work in order for VPN to do its thing. Can you ping the SBS by its IP address? If so, can you do it by name? Those two tests will tell us quite a lot about how far you have got. If neither work, then we probably need to see the output of the ifconfig command from both SBS and VPN client, the latter when connected and when not connected. I'm fairly sure that until the SBS is handling DHCP, nothing will happen.
Another point about subnets, while we are here, is that all TCP/IP interfaces on the VPN client machine, apart from the VPN link, must *not* be in the SBS subnet i.e. if the client is part of a network then its subnet must not overlap with the SBS subnet. .
- Prev by Date: Re: "unable to display the folder" error message
- Next by Date: Re: Motherboard for dual Opterons?
- Previous by thread: Re: How do I set up FTP properly? FAQ would be great
- Next by thread: Re: Motherboard for dual Opterons?
- Index(es):
Relevant Pages
|
Loading
