Hi,

This is my first post so apologies if this isn't in the correct place.

Long story short, i'm trying to setup a VPN at my work.

We have a Windows SBS2003 Server, and a BT Broadband line with a BT
Business Hub. I bought a Linksys WRV200 VPN router as I was told this
would work.

I've been told I need to bridge the connection on the BT Business
Router then authenticate it over PPPoE on the Linksys VPN router...

Thing is, whenever i try and bridge the connection on the BT Business
Hub and pass it through to the VPN router I can never get it to
connect.

Can anyone give me any help?




--
Sjwdavies

Sjwdavies gurgled happily,
sounding much like they were saying:

Hi,

This is my first post so apologies if this isn't in the correct place.

Long story short, i'm trying to setup a VPN at my work.

We have a Windows SBS2003 Server, and a BT Broadband line with a BT
Business Hub. I bought a Linksys WRV200 VPN router as I was told this
would work.

I've been told I need to bridge the connection on the BT Business Router
then authenticate it over PPPoE on the Linksys VPN router...

Thing is, whenever i try and bridge the connection on the BT Business
Hub and pass it through to the VPN router I can never get it to connect.

Can anyone give me any help?

I'm not quite sure what you're trying to do.

The BT router is at the office, with the SBS box inside, and the LinkSys
at your house or a secondary site?

Are you trying to establish a VPN between the SBS box or the BT box at
that end, and the Linksys or a client at the other end?

I'm assuming you're trying to link from inside the Linksys to the SBS
behind the BT box.

A quick look at the BT box's specs suggests that it doesn't support VPN
directly, so you'd need to open the right port(s) on that, and allow the
traffic through to the SBS server.

http://www.microsoft.com/smallbusine...port/articles/
sec_sbs2003_network.mspx
gives you a good overview. TCP/1723 is the only port you actually need to
open for VPN.

SBS2003 gives you a "VPN client" installer. You don't need it. You just
need to configure a bog-standard PPTP client - it may be one of the
config options on the Linksys, or something installed on a client machine
at that end - to point to the SBS box.

If it were me, though, and you actually need a VPN, then I'd bin the BT
box completely, replace it with something like that Linksys, and make the
VPN connection from wherever to the Linksys.

Or, even better, figure out what you actually want to connect to the SBS
server for, and find a way to connect those services, rather than open
your work network to whatever nasties might be lurking on your domestic
network. At a guess, OWA & RDP will suffice. Far more secure, far more
reliable.

"Sjwdavies" wrote in message
...

Hi,

This is my first post so apologies if this isn't in the correct place.

Long story short, i'm trying to setup a VPN at my work.

We have a Windows SBS2003 Server, and a BT Broadband line with a BT
Business Hub. I bought a Linksys WRV200 VPN router as I was told this
would work.

I've been told I need to bridge the connection on the BT Business
Router then authenticate it over PPPoE on the Linksys VPN router...

Thing is, whenever i try and bridge the connection on the BT Business
Hub and pass it through to the VPN router I can never get it to
connect.

Can anyone give me any help?




--
Sjwdavies

Hi SJW
not sure about bridging but unless you need to use the wireless/lan ports on
the business hub why not just put the linksys in the DMZ of the BT hub (the
BT router will give the linksys its (or one of its) public ip address when
you do this and forward all internet traffic to the linksys) and use the
linksys as your lan router as well as vpn box (I believe it has lan ports
and wireless.

Please note that there is an issue with some vpn ports and BT openzone so
you may need to disable openzone on your BT router if it enabled. If you
havent looked there yet take a look at the BT business forums on
btb.lithium.com where there are several posts about getting vpn working on
bt business setups. It took me a while to get our linksys rv082 and pptp
vpn (MS server) set up on our routers but is has been working stably now for
about 6 months.
Roger.

"Roger" wrote in message
...


"Sjwdavies" wrote in message
...

Hi,

This is my first post so apologies if this isn't in the correct place.

Long story short, i'm trying to setup a VPN at my work.

We have a Windows SBS2003 Server, and a BT Broadband line with a BT
Business Hub. I bought a Linksys WRV200 VPN router as I was told this
would work.

I've been told I need to bridge the connection on the BT Business
Router then authenticate it over PPPoE on the Linksys VPN router...

Thing is, whenever i try and bridge the connection on the BT Business
Hub and pass it through to the VPN router I can never get it to
connect.

Can anyone give me any help?




--
Sjwdavies

Hi SJW
not sure about bridging but unless you need to use the wireless/lan ports
on the business hub why not just put the linksys in the DMZ of the BT hub
(the BT router will give the linksys its (or one of its) public ip
address when you do this and forward all internet traffic to the linksys)
and use the linksys as your lan router as well as vpn box (I believe it
has lan ports and wireless.

Please note that there is an issue with some vpn ports and BT openzone so
you may need to disable openzone on your BT router if it enabled. If you
havent looked there yet take a look at the BT business forums on
btb.lithium.com where there are several posts about getting vpn working on
bt business setups. It took me a while to get our linksys rv082 and pptp
vpn (MS server) set up on our routers but is has been working stably now
for about 6 months.

In principle you configure the router to allow incoming VPN traffic through
to the server, and run the VPN service on the server. That way a remote
client connects to the server, and gets the facilities that the server is
configured to allow him.

You need some way for the remote client to find out the public IP address of
the router. There are Dynamic DNS services which will allow this, but the
router itself must have the capability to work with such a service. For
extra money BT will give you a static IP. By contrast, professional ISPs
such as Andrews & Arnold, or Zen, always give you a static IP address.

In my experience the best way to achieve a VPN is to use Vigor routers at
each end of the link. Provided both ends have static IP addresses the
routers can be set up for a LAN-to-LAN VPN. The client network connects to
the server's network and there is no need to configure the SBS2003 machine
in any way.

Explicit details are available on the Vigor website.

--
Graham J

Thanks for he reply Graham!

With persistance yesterday, I was able to effectively put the BT router
to sleep (aka Disable Routing), so it passes the unauthenticated
broadband connection on via Ethernet to the VPN Router.

Using PPPoE authentication, the VPN router then establishes the
broadband connection, I open up Internet Explorer and hey presto I can
see google!

My next question is, what software do I need to setup my server to
accept incoming VPN connections?




--
Sjwdavies

"Sjwdavies" wrote in message
...

Thanks for he reply Graham!

With persistance yesterday, I was able to effectively put the BT router
to sleep (aka Disable Routing), so it passes the unauthenticated
broadband connection on via Ethernet to the VPN Router.

Using PPPoE authentication, the VPN router then establishes the
broadband connection, I open up Internet Explorer and hey presto I can
see google!

My next question is, what software do I need to setup my server to
accept incoming VPN connections?

I think it's all built into SBS2003. M$ should have some guidance on their
website.

Much better would be to do as I suggest and use Vigor routers to set up the
VPN - then you don't need to do anything with SBS2003.

-- Graham J

In message , Graham J
writes
In my experience the best way to achieve a VPN is to use Vigor routers at
each end of the link.
I've had issues with them re-instantiating the link after a line problem
but, (checks stats) the current ones have been up for almost six weeks
now. They work fairly well as VPN endpoints for remote users too.
Provided both ends have static IP addresses the
routers can be set up for a LAN-to-LAN VPN. The client network connects to
the server's network and there is no need to configure the SBS2003 machine
in any way.
But if the OP is stuck with the BT router then forwarding the relevant
ports to the SBS box and setting up RAS on it will be fairly easy. Just
read the notes on the MS knowledge base and with a little planning it
will be simple.

Explicit details are available on the Vigor website.


--
Clint Sharp

In message , Sjwdavies
writes

Thanks for he reply Graham!

With persistance yesterday, I was able to effectively put the BT router
to sleep (aka Disable Routing), so it passes the unauthenticated
broadband connection on via Ethernet to the VPN Router.

Using PPPoE authentication, the VPN router then establishes the
broadband connection, I open up Internet Explorer and hey presto I can
see google!

My next question is, what software do I need to setup my server to
accept incoming VPN connections?

You should have no need to configure the server for VPN use as that's
the Linksys VPN router's job.

Your network should be;

Internet
|
| Public IP
|
BT Router
|
| Private subnet
|
Linksys Router
|
| 2ndPrivate subnet
|
Server and internal network (if your server has only one network card)
|
| 3rd Private subnet
|
Internal network if your server has two network cards (preferable).


TBH, you would be better off buying a Draytek ADSL modem/router or the
ADSL Modem/Router version of the Linksys and dumping the BT router (as
Graham suggested) or finding out how to forward the relevant VPN ports
on the BT router and using the server to provide the VPN.

The Linksys is unnecessary and it's a bit of a dog's breakfast the way
you have it at the moment. My worry is that you have exposed your
internal network to the Internet by bridging the BT router.
--
Clint Sharp

I too have a client who wants to connect two site on a seemless network
so they can share data across sites there is no server involvement
currently due to cost.


I have recommended a Lacie NAS storage device simple and Fault tolerant
and inexpensive for centralised storage.

Looking at this last solution if he has a bt router at one side this is
managed by BT the only option you have is to record the ip settings from
the BT router ditch the bt router then seutp the vigor router site 1
first test lan and wan and internet then configure same at site 2 then
setup VPN.

Are these devices easy to configure?

I am a windows engineer predominantly have done the CCNA course but a
bit rusty on networking.


Is this the layout for the VPN setup using the Vigor 2820 Series ADSL
Router Firewall?

Private subnet office 1
|
Vigor 2820 Series ADSL Router
|
| Public IP office 1
|
Internet
|
| Public IP office 2
|
Vigor 2820 Series ADSL Router
|
Private subnet office 2


thanks all seems a no nonsense forum this - which is good.


John
|




--
jaller79

Comments in line:

"jaller79" wrote in message
...

I too have a client who wants to connect two site on a seamless network
so they can share data across sites there is no server involvement
currently due to cost.

I have recommended a Lacie NAS storage device simple and Fault tolerant
and inexpensive for centralised storage.

Not related to the issue of VPN but LaCie have a reputation for
unreliability ..!

Looking at this last solution if he has a bt router at one side this is
managed by BT the only option you have is to record the ip settings from
the BT router ditch the bt router then seutp the vigor router site 1
first test lan and wan and internet then configure same at site 2 then
setup VPN.

This is much easier if the public IP is static. BT will charge you extra
for this, but professional ISPs such as A&A or Zen include a static IP
address in their price. Probably your first step is to change ISP.

Are these devices easy to configure?

There is good guidance on the Draytek website. It is good policy to set up
the routers so that you can manage them both from your own (static) IP
address. If your own internet connection does not have a static IP address
you probably should not be in this game.

One end of the VPN should have a static public IP address, the other can use
a Dynamic DNS service - but everything is much easier and more reliable if
both ends have a static IP address

I am a windows engineer predominantly have done the CCNA course but a
bit rusty on networking.

Is this the layout for the VPN setup using the Vigor 2820 Series ADSL
Router Firewall?

Private subnet office 1
|
Vigor 2820 Series ADSL Router
|
| Public IP office 1
|
Internet
|
| Public IP office 2
|
Vigor 2820 Series ADSL Router
|
Private subnet office 2

Note that it is essential that the subnet in office 1 has a different IP
address from the subnet in office 2. The routers then route between the two
subnets over the VPN.

Assuming ordinary ADSL connections, the limiting speed factor is the upload
speed - probably 448kbits/sec at each site.

Be aware that performance of typical M$ applications between the two sites
will be painfully poor - 448kbits/sec is 200 (or 2000) times slower than the
LAN in each of the offices. Other than for maintenance work where Remote
Desktop Connection or VNC are used the only applications that will give
acceptable performance are web services you operate with a browser. Opening
documents for editing within Word is theoretically possible but not
something you would want users to do - they will only complain! Similarly
opening multi-user accounts programs such as Quickbooks or Sage will give
unnacceptably poor performance.

A leased line between the sites, or an ethernet connection to the internet
at both sites which then carries the VPN, either of these operating at 10
Mbits/sec or better would probably be acceptable for inter-office
performance. Rather than £25 per month for each site these are likely to
cost from £250 to £1000 per month perhaps also with significant setup
charges. (Unless the sites are only a few hundred metres apart.)

I haven't found a good solution for a typical small business where there are
two offices each with about 5 computers, and all users require everyday
access to edit all the files. I would be interested to hear of any success
with either:

1) a document management system with local cacheing, or;

2) a "cloud" system where all the files are held on a hosted service and
edited from a browser or similar client.

Cheers,

--
Graham J