VPN Setup

[Falcon86]

Hi, I'm trying to create a VPN between DGFV338 and a client with Netgear VPN software.
I have followed the steps of the KB and the VPN connection come up correctly (with a simple PSK); if I try to connect with HTTP or POP3 to 192.168.1.253 (web server) all works fine but there are some problems

* no access to SAMBA server (same server of web and mail)
* usage of SMTP server is blocked like the request comes from outside of the LAN (because the relay is allowed on Postfix only for the clients on LAN)

I thought that a VPN creates a tunnel and all the requests form the VPN's client are processed like requests of LAN's clients...
For example ip-address.com shows the WAN's IP of my home router not the WAN's IP of VPN's router; I thought that the packets flows first to VPN's router and not directly to Internet.
Sorry for my English and thanks for help.

 

[dberg35]

The type of VPN you will need is a site to site. This done but two routers but the LAN IP at each needs to be different.

 

[Falcon86]

Mmm ok, and what can I do with this VPN?

 

[Noway2]

I run OpenVPN and found samba over the VPN to be tricky with it. There seems to be some nuances about how name resolution works and the use of wins lmhosts, etc. The problems may be the same or similar as your experiencing, i.e. samba and how it works over a virtual tunnel.

What I did find was that Windows seems to have an easier time connecting than Linux. Since you mention Samba, I am making the assumption your running Linux. In order to get Linux to connect to the samba shares, I had to specifically tell it to make a connection and mount the share, I had to tell it connect to a windows share from my browser window. I could see the mapped drive, but trying to access it would cause problems.

The other thing I have been finding is that you can run into problems with the routing and firewalls, especially on the Linux end. This is especially true when trying to access a resource that is on the LAN. A common solution is to use IPtables to perform masquerading which I have come to understand means that it translates the public IP addresses in the packets to the local IP addresses so that resources recognize and resolve them.

The third thing it sounds like you could be running into, with IP addresses showing up as public versus private could be a DNS resolution issue and or a routing table issue. VPNs can be set up to either route all traffic through the tunnel or traffic for the other end of the VPN, which can be more efficient. Your routing table should give you a clue as to what direction traffic is trying to go.

 

[Falcon86]

Sorry for mistake: Linux is running on the remote server (web, mail, samba, etc) but on my client I have WinXP.
You have told about DNS resolution and routing issues but if I directly use the IP address to connect at the web server (with a browser) or POP server (with a mail client) all works fine... This means that the routing is correctly, right?

 

[Noway2]

Let me start by trying to summarize the situation so that things are clear:

1 - You are running a linux server that has samba on it. It is also a mail server and web server.
2 - you can connect to the server via a regular browser and email client using the public IP address. This tells us that the server applications are running properly.
3 - You have created a VPN connection and can access the web pages via a local IP address 192.168.1.253 and you can access the POP server (assume courier or dovecot).
4 - Samba Shares are not working
5 - SMTP authentication is not working.

This really sounds like a permissions problem with information being lost when attempting to connect through the VPN. Specifically, I think what is happening is that the domain information through the VPN is either getting dropped or mangled and this is causing authentication issues with your Samba and Postfix servers. Are there any error messages in the logs that arise as a consequence of your attempt to connect? Some specific information regarding the errors would be helpful here.

How do you try to connect to connect to the samba and SMTP servers when you are going through the VPN. How do you have the permissions set up? For postfix do you have it setup as "my networks" with a non public address range or do you use SASL authentication? Do you have something similar on Samba?