Windows Server

DGClarke · Guest

I set up a VPN connection between home and the office. This works fine.
I can remote desktop and ping machines on the corporate LAN (by IP
address not name oddly). What I want to be able to do is to control a
process (via TCP) on my home machine from an application at work.

When I establish the VPN, I get a 192.168.X.X IP address assigned to
the virtual adapter. From work, I cannot ping this IP address. I can't
even ping it from home. I get no response however I try to talk to it.

I thought that VPN was like a secure piece of wire. It appears as if I
need to do more than I am doing.

Any help gratefully received.

DGClarke · Guest

Better now, but still not working. I had a personal firewall enabled.
Disabled this. Now can ping from local machine and corprate machines.

The application on the server tries to contact the client on a
nominated port and I get a
"java.net.ConnectException: Connection refused: connect" exception.

Netstat -a shows the port as there and LISTENING.

Phillip Windell · Guest

What does "control a process (via TCP) on my home machine from an
application at work" mean? It sounds like one of those things where the
most direct answer is that you can not do such a thing.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

"DGClarke" <david@linksw.co.uk> wrote in message
news:1130410919.191758.71970@g49g2000cwa.googlegroups.com...

DGClarke · Guest

What this means is that I have a process running at home and it is
listening on a certain TCP port for a message. The application at the
office knows the IP address and the port and tries to connect. On the
XP implementation of VPN, I believe that the virtual adapter created
when ther VPN is established rejects connection attempts over the VPN.
I think that this is because it is a unidirectional circuit intended
for client-server use. However I need a server-server i.e. site-site
VPN. This simply connects 2 networks via the Internet. In this case,
the virtual adapter would not reject the connection attempt because
there is not a client-server relationship.

I hope I explained that well enough. I want my VPN to look just like a
secure piece of wire. If it can be set up like this (and I now believe
it can) then my application will be able to connect to the VPN
connected machine.

The point is that XP is really an operating system for client machines.
This is why Microsoft are still selling Windows Server to meet the
needs of the Server side of the connection. I need a Server-Server VPN
and these exist.

Phillip Windell wrote:

Phillip Windell · Guest

"DGClarke" <david@linksw.co.uk> wrote in message
news:1130497098.626303.237320@g47g2000cwa.googlegroups.com...

DGClarke · Guest

Philip,

Thanks for this. It is the conclusion I came to too. XP cannot do
this, so I have 2 obvious options:

1) Run the process to which the connection is attempted on Server 2003
(ISA?), and use this to establish a site-site VPN.

2) Buy a VPN router and connect the XP machine to it. The router can
establish the site-site VPN, and then the XP client is just running on
its own LAN. The tunnelling will be done by the local and remote
routers. XP is not involved in establishing the VPN. It talks only over
a physical adapter and so will accept inbound connections.

What do you think?

Thanks for the ISA links. I'll give these a read.

Wendel Hamilton · Guest

Hi,
You might try starting the routing and remote access service on the XP box
and it should route the requests to your LAN card for you. Remember you have
to be able to ping its address from work so some routing rules may have to be
added to the RRAS server. You could rebind the application to the IP address
of the Ras connection when it comes up or bind it to 127.0.0.1 which should
bind to all adaptors when active.

"DGClarke" wrote:

Phillip Windell · Guest

"DGClarke" <david@linksw.co.uk> wrote in message
news:1130670724.841780.19870@g14g2000cwa.googlegroups.com...

Bill Grant · Guest

There is a way to get it to work with XP as the router at one end
(although it is limited), as long as you have RRAS at the other end.

XP cannot support demand-dial interfaces, which gives you the ability to
add the necessary routing to the "other" site. If the server side has this
ability, you can rely on default routing at the other end if it is a simple
LAN.

So you configure RRAS at the server end as if it was a site to site VPN,
with a demand-dial interface linked to a subnet route back to the home LAN.
You then connect from the XP, using the demand-dial interface name as the
username. The XP connects to the dd interface and the server sets up the
route for the home network subnet through the VPN link (just as it does when
a RRAS router connects).

If you enable IP routing on the XP, you can connect to any machine on
the home LAN which has a route to the "work" site via the XP router (because
the XP has a default route across the VPN connection). So if the XP is the
default gateway for the LAN, it just works. If it isn't, you need extra
routing on each host (or on the gateway router) to get traffic for the
"work" private LAN to the XP.

Phillip Windell wrote:

DGClarke · Guest

Bill

Thanks for this. It sounds really interesting. I wonder if I can do it
though. The VPN at the server end is established by Zywall 10 VPN
router hardware. So there is no RRAS to be seen. However, there may be
some equivalent machanism available on the router.

Bill Grant · Guest

Yes, there may well be a similar mechanism on the Zywall, but I have no
knowledge at all on that! Sorry.

DGClarke wrote:

	Windows Server Forum Index -> Networking	All times are GMT
Page 1 of 1