121 replies to this topic

[metro2012]

this is the server. once again connected to its lan2

















if once again u need anything else u see there, go ahead and ill put more screenshots

[+BudMan]

I have the manual - I know exactly what you can do with it. Your problem is lack of understanding basic networking. Again I showed you how to make the thing work. You can connect devices to port B or router 1 and access stuff on router 2. port D

Once you forward the port on your internet router.

No just because you bridge does not mean stuff and site 3 would be shared with site 4. And only stuff connected to the 2nd lan port of the devices would be bridged with stuff at your site.

[metro2012]

BudMan, on 02 July 2012 - 12:18, said:

I have the manual - I know exactly what you can do with it. Your problem is lack of understanding basic networking. Again I showed you how to make the thing work. You can connect devices to port B or router 1 and access stuff on router 2. port D

Once you forward the port on your internet router.

No just because you bridge does not mean stuff and site 3 would be shared with site 4. And only stuff connected to the 2nd lan port of the devices would be bridged with stuff at your site.

then maybe bridge mode is the correct way to go. ill try it out in bridge mode instead of routing and see how it goes.

thank u for advice. ill try it out now but i might not be able to give a result until tommorow.

[metro2012]

i tried changing to bridge mode and it compains it is only possible in tap mode (not tun)

[metro2012]

i also reanalyzed ur drawing and i noticed sumthing when it comes to testing this setup out..........


currently we are testing this out with a 3g dongle since we dont have direct access to site 2 (its a couple hundreds of kilometers away and obviously we cant go back/forth).

so my question is, wud this work with a 3g dongle?

[metro2012]

i think tha was one of the reasons why ur drawing even it if it made sense, i couldnt implement it as testing wud be near impossible (unless it works thru a dongle)

[+BudMan]

dongle -- please post link to make and model.

How ae you trying to test this? if need be just connect the wan interfaces of the routers together with a cross over cable.

[metro2012]

well here is some news u may not like (i didnt because i feel like i lost alot of time)

now instead of 2 nb1600, he wants to use just one and a linux box as server (like u mentioned in pages before) because its easier to setup and its like the discontinued model....bf just gets worst.

btw, i acutally printed out ur drawing (the last one); he did not understand it. i just want u to know what im dealign with, budman. the reason we dont change to someone else is because his copany seels alot of parts to ours so....its kind of a "must".

anyways shud i make a new thread or contoinue here?

i got site 2 to speak with the server here (site two has become my house, literally. i took home the client nb1600 and hooked it up perfectly with my home network) but now i cant connect ot the server here at the office (usint its local ip so i dont have to go thru the ientire internet, so to speak) and access it (my site 2, my home)

my home network uses 192.168.1.0 255.255.255.0 basic home network. at my house the lan1 (port c) has been assigned 192.168.1.90 and port d is still 172.16.3.1 (with a machine at 172.16.3.188) i added this in the client certificate:

ifconfig-push 10.7.0.5 10.7.0.6
iroute 192.168.100.0 255.255.255.0 (i am connecting to the vpn server in my office network from my office)
push "route 192.168.100.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.0.0 255.255.0.0"



The tunnel seems to connect and it gives me a tunnel ip but this appears in the client log:

Wed Jul 04 11:29:18 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=23]
Wed Jul 04 11:29:18 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=23]
Wed Jul 04 11:29:18 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=23]
Wed Jul 04 11:29:18 2012 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=23]
Wed Jul 04 11:29:18 2012 Initialization Sequence Completed


running openvpn as admin on windows 7


thanks again

[metro2012]

Got it to work finally there is just a tiny issue:

i client 1 cant connect to vnc but can connect to ftp (which asks me for a password which is nonexistent)
yet client 2 can connect to vnc but cannot connect to ftp (doesnt ask him for anything just timesout)

[+BudMan]

What?? Please draw up what your trying to do.. This makes now sense

"i took home the client nb1600 and hooked it up perfectly with my home network) but now i cant connect ot the server here at the office (usint its local ip so i dont have to go thru the ientire internet, so to speak) and access it (my site 2, my home)"

No **** you can not connect to your office router using some private ip!! "usint its local ip so i dont have to go thru the ientire internet"

If you boss can not understand a basic drawing showing 2 internet routers - do I need to actually show the vpn connection. Its in the legend on the side.

So are you going to put the ubuntu server at the edge of your network and use it as your internet router? If so then what your wanting to do can be done really simple.

edit: Here does this make more sense to your boss?



If you place the vpn endpoint at the edge of your network. it solves a whole lot of issues!! Now your machines on your network want to talk to 10.0.10.2 they just talk to their normal gateway. your internet router will route the traffic down the vpn to the sites vpn router and then it will route to the network having off its second port. Only route you need to push is your main sites network.

[metro2012]

no no, not my boss. the "tech guy" is the person that doesnt understand the drawing. like i mentioned, it now works using a ubuntu box and the nb1600 at different clients. i can perfectly use a vnc sort of thing on it, it replies pings, etc....


the only thing is that ftp works strange: when its on a local networ, it doesnt ask me for user name or password. when connecting thru the vpn though, it asks me for a username and password (windows ce net that is) i have no idea why cud that be.


thank u for all the help and i hope this doesnt give any problems in the future because this is a test server; now we haev to move it to a REAL server

[+BudMan]

And how do you have it setup, you created routes on your machines to the endpoint? Or are you bridging? To be honest I don't think its actually working.

I have not idea what your using for ftp, but yeah you should get prompted no matter what ftp server your using. Never heard of a ftp server that you did not have to auth - are you talking just anonymous access to a ftp? Do you have some network rules on it? Only allow certain IPs?

[metro2012]

BudMan, on 05 July 2012 - 12:53, said:

And how do you have it setup, you created routes on your machines to the endpoint? Or are you bridging? To be honest I don't think its actually working.

i created the routes when it inputed me for the ccd configuration. entered (well copy pasted) it and now it works all routing, no bridging.

BudMan, on 05 July 2012 - 12:53, said:

I have not idea what your using for ftp, but yeah you should get prompted no matter what ftp server your using. Never heard of a ftp server that you did not have to auth - are you talking just anonymous access to a ftp? Do you have some network rules on it? Only allow certain IPs?

the server is the one included in windows ce net. and yes, the access on the local side was always anonymous (and when usint the talk2m system) no network rules or no certain ips. is there like a default user or something that comes with windows ce net?

[+BudMan]

Could you show me the configs you have on both the server and client.

So you created routes on your 192.168.100.x hosts? You created routes on your internet router?

Sorry but there is NO way for a client on your 192.168.100.x network to get to IPs on the other end without a route to them. Routes you create on the linux or the nb1600 router have nothing to do with what your computers on 192.168.100.x network see or how to get there.

So I am curious where you created these routes. If you don't want to post the configs - please PM.

And could you either post or PM me the traceroute to these clients at your home - which is where I assume you have the vpn router setup?

Could you layout your test network for me.

So from this
http://msdn.microsof...y/ms901071.aspx
Windows CE uses the Windows NT® LAN Manager protocol (RPC_C_AUTHN_WINNT), which is also known as NTLM, to authenticate callers. This is the default authentication service for communications on Windows NT.

From here you setup the userlist in the registry
http://msdn.microsof...y/ms901285.aspx

What are you using to try and ftp to it? Your browser? Your browser is noting to send ntlm if site is not trusted? You might have to put the IP in your trusted sites? Most ftp clients do not send NTLM as auth method.

So how exactly are you accessing this ftp server and I might might be able to help.

[metro2012]

BudMan, on 05 July 2012 - 23:34, said:

Could you show me the configs you have on both the server and client.

yes, ill pm u when i get to work (9ish) the server and client config.

BudMan, on 05 July 2012 - 23:34, said:

So from this
http://msdn.microsof...y/ms901071.aspx
Windows CE uses the Windows NT® LAN Manager protocol (RPC_C_AUTHN_WINNT), which is also known as NTLM, to authenticate callers. This is the default authentication service for communications on Windows NT.

From here you setup the userlist in the registry
http://msdn.microsof...y/ms901285.aspx

What are you using to try and ftp to it? Your browser? Your browser is noting to send ntlm if site is not trusted? You might have to put the IP in your trusted sites? Most ftp clients do not send NTLM as auth method.

So how exactly are you accessing this ftp server and I might might be able to help.

i access it via windows explorer

we think the ftp server cud be broken (if thats even possible) because on another (similar machine) via ftp://127.0.0.1, we can access its ftp listing. now, i do that on the machine im trying to access, it keeps loading, meaning it simply does not find it. so for some reason the ftp server isnt correctly.

more problems: at home, i restarted my home network (well my power went out) and it seems that the nb1600 cannot see my public ip anymore. it can see the internet because pinging google works, but it just cant see my public ip. yesterday this happened as well and i restarted the router at my workplace and it worked again. is there a possibility of the routing tables in my router overloading and thus not allowing/understanding more connections? because other than that, it doesnt make too much sense to me....