[PLUG] Mandrake + Win2K + VPN = need help

Derek Loree derek at infotects.com
Wed Nov 27 18:58:54 UTC 2002


On Wed, 2002-11-27 at 08:34, Michael Luevane wrote:
> Ah. Well, I tried Find Computers last night - no go. I can ping the server
> and I can browse the webpage on the server (it's just the Apache default
> page right now).

Sounds like the VPN is working.  I'm also assuming that you can "find"
to the Linux box when you access it through the LAN.  In which case,
NETBIOS on the remote machine is most likely using a protocol other than
TCP/IP, like IPX or NETBEUI or...

Apparently for this to work, TCP/IP must be the only protocol "bound" to
NETBIOS, the easiest way to do that is to remove all other protocols. 
Remember, that the VPN connection is different from the Internet
connection, and the two can have different protocols.

The last thing I can think of is the subnet.  NETBIOS is supposed to be
routable, meaning that it is supposed to be a well behaved protocol and
follow the TCP/IP rules.  However, reality according to Redmond is very
different.  Make sure that the IP address of the remote side is in the
same subnet as the IP address of the server.
> 
> The Linux box *is* the WINS server. If, by the "end point" of the VPN you
> mean "which device has the IP address that you tell your connectoid to talk
> to", that would be the router. The router then uses NAT to sent VPN to the
> server.

This doesn't read quite right.  When you use the VPN to connect to the
router, your remote machine should look like just another box on the
local network, with the IP address assigned by the router (or DHCP, if
the router is configured that way.)  So, I guess the big question is,
which box is controlling the IP address assignment of your VPN
connection.

My recommendation is to replace the router/firewall/NAT device with a
linux box that has a nice fresh 2.4 kernel with iptables enabled, PoPToP
(with mppe patch) and some firewall/NAT rules.  The documentation at
SourceForge is good enough to get things properly patched and configured
for reasonable security.

Hope some of this helps,

Derek Loree






More information about the PLUG mailing list