Re: [H] VPN problems
On Thu, 12 Feb 2009, mark.dodge wrote: Using plink to logon to putty running on a windows box would be a rough learning curve for the owner much less me not knowing that much about it. You kidding? All you do is set up the putty connection. Have a batch file with the following: start plink -load office -pw mypassword start mstsc.exe (or whatever the damn executable for terminal services is) Tell them when they hear the BEEP, to hit connect on the terminal services client and they're in. No learning curve other than double clicking shortcut and clicking connect after the audible beep. Christopher Fisk -- "If the terriers and bariffs are torn down, this economy will grow." George W. Bush, January 7, 2000 Spoken in Rochester, New York during presidential campaign. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
Using plink to logon to putty running on a windows box would be a rough learning curve for the owner much less me not knowing that much about it. -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Christopher Fisk Sent: Tuesday, February 10, 2009 08:39 To: hardware@hardwaregroup.com Subject: Re: [H] VPN problems On Tue, 10 Feb 2009, Christopher Fisk wrote: > On Tue, 10 Feb 2009, mark.dodge wrote: > >> Come on there are a lot of network guys here, can anyone give me any >> suggestions? I really need to get this resolved. Someone just tell me the >> way they would set it up and I can start there. I'm thinking that >> eliminating the router and configuring one of the NICs for NAT and the >> other >> for the terminal services, is that correct? > > What are you trying to use for VPN? Windows 2003 RAS? I've never really > worked with the RAS settings in Windows, so I can't say one way or another if > that is a good idea. > > Your best solution (IMO) is to do the following: > > Setup a small linux box (anything better than a P1 with 64MB memory will work) > and install ssh on it. Setup a few user accounts for people who will connect > remotely. > > Forward the ssh port from the router to that linux box. > > Setup Putty with port forwarding for remote desktop. > > > > There you go, you're in. No more worrying about windows VPN. > > > Hell, you can test all this with a Gentoo LiveCD. Another valid (But untested by me) method would be to use the sshwindows package of openssh. http://sshwindows.sourceforge.net/ Install that on a windows machine that is always on (maybe even the server?) and setup the ssh forward to go there. Login with Putty, forward local port 3390 to the IP of the windows server, use remote desktop and connect from the client to localhost:3390 once you're connected with putty. Can even setup a batch file to call plink and remote desktop > > > > Christopher Fisk > -- You know you're using the computer too much when: Reading a text document on paper and getting angry when you realized it doesn't have a Find command -- martinbishop -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
On Tue, 10 Feb 2009, Christopher Fisk wrote: On Tue, 10 Feb 2009, mark.dodge wrote: Come on there are a lot of network guys here, can anyone give me any suggestions? I really need to get this resolved. Someone just tell me the way they would set it up and I can start there. I'm thinking that eliminating the router and configuring one of the NICs for NAT and the other for the terminal services, is that correct? What are you trying to use for VPN? Windows 2003 RAS? I've never really worked with the RAS settings in Windows, so I can't say one way or another if that is a good idea. Your best solution (IMO) is to do the following: Setup a small linux box (anything better than a P1 with 64MB memory will work) and install ssh on it. Setup a few user accounts for people who will connect remotely. Forward the ssh port from the router to that linux box. Setup Putty with port forwarding for remote desktop. There you go, you're in. No more worrying about windows VPN. Hell, you can test all this with a Gentoo LiveCD. Another valid (But untested by me) method would be to use the sshwindows package of openssh. http://sshwindows.sourceforge.net/ Install that on a windows machine that is always on (maybe even the server?) and setup the ssh forward to go there. Login with Putty, forward local port 3390 to the IP of the windows server, use remote desktop and connect from the client to localhost:3390 once you're connected with putty. Can even setup a batch file to call plink and remote desktop Christopher Fisk -- You know you're using the computer too much when: Reading a text document on paper and getting angry when you realized it doesn't have a Find command -- martinbishop -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
On Tue, 10 Feb 2009, mark.dodge wrote: Come on there are a lot of network guys here, can anyone give me any suggestions? I really need to get this resolved. Someone just tell me the way they would set it up and I can start there. I'm thinking that eliminating the router and configuring one of the NICs for NAT and the other for the terminal services, is that correct? What are you trying to use for VPN? Windows 2003 RAS? I've never really worked with the RAS settings in Windows, so I can't say one way or another if that is a good idea. Your best solution (IMO) is to do the following: Setup a small linux box (anything better than a P1 with 64MB memory will work) and install ssh on it. Setup a few user accounts for people who will connect remotely. Forward the ssh port from the router to that linux box. Setup Putty with port forwarding for remote desktop. There you go, you're in. No more worrying about windows VPN. Hell, you can test all this with a Gentoo LiveCD. Christopher Fisk -- Book: "The destination's not important. How you get there's the worthier part." --Episode #1, "Serenity" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
Come on there are a lot of network guys here, can anyone give me any suggestions? I really need to get this resolved. Someone just tell me the way they would set it up and I can start there. I'm thinking that eliminating the router and configuring one of the NICs for NAT and the other for the terminal services, is that correct? -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of mark.dodge Sent: Saturday, February 07, 2009 17:37 To: hardware@hardwaregroup.com Subject: Re: [H] VPN problems What would be better, continue using the router then do port forwarding, which I'm still not sure of or get rid of the router and use the two NICs, one for the terminal server and the other for the share to the internet? Do I assign a static IP with the sub net of the private range or use the static IP I have and set the server as a DNS server also? I have been reading some on the net and it is getting more and more confusing all the while. If I go the two NIC route, I still need some kind of firewall to keep all but what I want out making it more complicated but necessary. Do I need to then share the connection from that NIC so that not only the server can see the Internet but also the terminals need to see out. -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Christopher Fisk Sent: Thursday, February 05, 2009 1:03 PM To: hardware@hardwaregroup.com Subject: Re: [H] VPN problems On Thu, 5 Feb 2009, mark.dodge wrote: > I have one Windows 2003 server running Terminal Services set up in each of > three offices that I would like to get into from the outside world, one to > be able to do some admin stuff without having to go to each office and > another for the owner to be able to look at the cameras hooked up to each > store. I have attempted to use VPN to do this and although I can ping the IP > address I cannot log into the server. What are some things I need to look > for? I have two NICs in the server one for terminal services internal and > one for the vpn. The one office I am doing this at first has a static IP > address and I have set the router to do vpn pass-through or at least I think > I have it right. The router is a D-Link DI 808HV. I'll be honest I think I > bit off more than I can chew on this project I can set up internal LANs but > not much experience with getting them seen from outside, most of the time it > is preventing access from outside baddies. I also need later to set up a > cluster outside of the offices for fail safe and backup of all three > servers, but that is another project altogether that I am still doing > research on. I have to be able currently for the owner to log into either of > the servers and see an app that is running on them to see if and when he has > appointments and to do end of day and week and monthly reports, etc. and > then also to check on the cameras, and of course for me to add or delete > users and so forth, They all are working as Terminal Servers just fine > within each office, so at least I got that right. Is the subnet you are on the same as the remote subnet? (I.E. 192.168.0.0/24 at your computer and the same subnet at the office?). That can cause routing issues with certain VPN software (Other software is smart enough to get around that.) Also with multiple NIC's in the server you might be running into a routing issue. Less likely if you're able to ping, but sometimes the VPN software will respond to pings no matter what (very annoying) Christopher Fisk -- Leela: Oh no, there's no exhaust pipe. Project Satan: That's right. Thanks to Ed Begley Jr.'s electric motor, the most evil propulsion system ever conceived! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
What would be better, continue using the router then do port forwarding, which I'm still not sure of or get rid of the router and use the two NICs, one for the terminal server and the other for the share to the internet? Do I assign a static IP with the sub net of the private range or use the static IP I have and set the server as a DNS server also? I have been reading some on the net and it is getting more and more confusing all the while. If I go the two NIC route, I still need some kind of firewall to keep all but what I want out making it more complicated but necessary. Do I need to then share the connection from that NIC so that not only the server can see the Internet but also the terminals need to see out. -Original Message- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of Christopher Fisk Sent: Thursday, February 05, 2009 1:03 PM To: hardware@hardwaregroup.com Subject: Re: [H] VPN problems On Thu, 5 Feb 2009, mark.dodge wrote: > I have one Windows 2003 server running Terminal Services set up in each of > three offices that I would like to get into from the outside world, one to > be able to do some admin stuff without having to go to each office and > another for the owner to be able to look at the cameras hooked up to each > store. I have attempted to use VPN to do this and although I can ping the IP > address I cannot log into the server. What are some things I need to look > for? I have two NICs in the server one for terminal services internal and > one for the vpn. The one office I am doing this at first has a static IP > address and I have set the router to do vpn pass-through or at least I think > I have it right. The router is a D-Link DI 808HV. I'll be honest I think I > bit off more than I can chew on this project I can set up internal LANs but > not much experience with getting them seen from outside, most of the time it > is preventing access from outside baddies. I also need later to set up a > cluster outside of the offices for fail safe and backup of all three > servers, but that is another project altogether that I am still doing > research on. I have to be able currently for the owner to log into either of > the servers and see an app that is running on them to see if and when he has > appointments and to do end of day and week and monthly reports, etc. and > then also to check on the cameras, and of course for me to add or delete > users and so forth, They all are working as Terminal Servers just fine > within each office, so at least I got that right. Is the subnet you are on the same as the remote subnet? (I.E. 192.168.0.0/24 at your computer and the same subnet at the office?). That can cause routing issues with certain VPN software (Other software is smart enough to get around that.) Also with multiple NIC's in the server you might be running into a routing issue. Less likely if you're able to ping, but sometimes the VPN software will respond to pings no matter what (very annoying) Christopher Fisk -- Leela: Oh no, there's no exhaust pipe. Project Satan: That's right. Thanks to Ed Begley Jr.'s electric motor, the most evil propulsion system ever conceived! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [H] VPN problems
On Thu, 5 Feb 2009, mark.dodge wrote: I have one Windows 2003 server running Terminal Services set up in each of three offices that I would like to get into from the outside world, one to be able to do some admin stuff without having to go to each office and another for the owner to be able to look at the cameras hooked up to each store. I have attempted to use VPN to do this and although I can ping the IP address I cannot log into the server. What are some things I need to look for? I have two NICs in the server one for terminal services internal and one for the vpn. The one office I am doing this at first has a static IP address and I have set the router to do vpn pass-through or at least I think I have it right. The router is a D-Link DI 808HV. I'll be honest I think I bit off more than I can chew on this project I can set up internal LANs but not much experience with getting them seen from outside, most of the time it is preventing access from outside baddies. I also need later to set up a cluster outside of the offices for fail safe and backup of all three servers, but that is another project altogether that I am still doing research on. I have to be able currently for the owner to log into either of the servers and see an app that is running on them to see if and when he has appointments and to do end of day and week and monthly reports, etc. and then also to check on the cameras, and of course for me to add or delete users and so forth, They all are working as Terminal Servers just fine within each office, so at least I got that right. Is the subnet you are on the same as the remote subnet? (I.E. 192.168.0.0/24 at your computer and the same subnet at the office?). That can cause routing issues with certain VPN software (Other software is smart enough to get around that.) Also with multiple NIC's in the server you might be running into a routing issue. Less likely if you're able to ping, but sometimes the VPN software will respond to pings no matter what (very annoying) Christopher Fisk -- Leela: Oh no, there's no exhaust pipe. Project Satan: That's right. Thanks to Ed Begley Jr.'s electric motor, the most evil propulsion system ever conceived! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
[H] VPN problems
I have one Windows 2003 server running Terminal Services set up in each of three offices that I would like to get into from the outside world, one to be able to do some admin stuff without having to go to each office and another for the owner to be able to look at the cameras hooked up to each store. I have attempted to use VPN to do this and although I can ping the IP address I cannot log into the server. What are some things I need to look for? I have two NICs in the server one for terminal services internal and one for the vpn. The one office I am doing this at first has a static IP address and I have set the router to do vpn pass-through or at least I think I have it right. The router is a D-Link DI 808HV. I'll be honest I think I bit off more than I can chew on this project I can set up internal LANs but not much experience with getting them seen from outside, most of the time it is preventing access from outside baddies. I also need later to set up a cluster outside of the offices for fail safe and backup of all three servers, but that is another project altogether that I am still doing research on. I have to be able currently for the owner to log into either of the servers and see an app that is running on them to see if and when he has appointments and to do end of day and week and monthly reports, etc. and then also to check on the cameras, and of course for me to add or delete users and so forth, They all are working as Terminal Servers just fine within each office, so at least I got that right. Mark MD Computers, Houston, TX