New and Used Car Talk Reviews Hot Cars Comparison Automotive Community

The Largest Car Forum in the Philippines

Results 1 to 6 of 6
  1. Join Date
    Nov 2002
    Posts
    1,326
    #1
    I am trying to setup a VPN at our factory to allow me to work outside of the factory premises (like at home) and still be able to connect to our data for our applications...

    I can now connect to the VPN server (W2k3) and I could ping to all the machines that has the same subnet as that of the VPN server. However, hindi ko pa ma access yung ibang machines that are on a different subnet but still in the factory LAN.

    I'm guessing this is purely a routing issue and I tried adding a static route in my machine's entries, and true enough, I could ping to the other subnet na while connected to the VPN.

    In this case, if ever dadami ang gagamit ng VPN namin, what's the best practice in setting up the routing table? Sa client VPN configuration? Sa VPN server mismo? At present I had to add the static route through a " route -n add xxx.xxx.xxx.xxx/xx xxx.xxx.xxx.xxx " command at the terminal... should I do this everytime? Mabura ba to pag nag shutdown ako ng machine?

    By the way, my machine is a Mac with Leopard, I also run Parallels Desktop and run WinXP as a virtual machine.

    The weird thing, my mac can already access the subnet. In the VM, sa windows command prompt, I can also ping through to the subnet... but when I launch the application (client server application) that connects to the SQLSERVER7 db in the subnet, hindi sya maka connect... I'm still looking through what may be setup wrongly... any ideas?


    Ang weird pa nito,
    Last edited by wowiesy; November 13th, 2009 at 08:43 PM.

  2. Join Date
    Jan 2009
    Posts
    5,576
    #2
    If the VPN server can propagate routes through RIP, do that. Then on your mobile PC/laptop, enable the RIP-Listener service.

  3. Join Date
    Aug 2003
    Posts
    9,720
    #3
    Quote Originally Posted by wowiesy View Post

    In this case, if ever dadami ang gagamit ng VPN namin, what's the best practice in setting up the routing table? Sa client VPN configuration? Sa VPN server mismo?
    i'm not getting a clear picture of your setup, but imho sa server mo na lang ilagay; not all people who will be doing roadwarrior work will be as tech-savvy as you.

    Even if you do manage to automate the process of setting up the static route...you will need to set this up on each and every pc/laptop/netbook. And in the future if there are changes to your network, baka mano mano nyo pang babaguhin kada pc.

    If you set it up on the VPN server, isang beses mo lang siya icoconfigure on one machine.

    afaik some VPN server software can automatically assign static routes to connecting clients.

    At present I had to add the static route through a " route -n add xxx.xxx.xxx.xxx/xx xxx.xxx.xxx.xxx " command at the terminal... should I do this everytime? Mabura ba to pag nag shutdown ako ng machine?

    never really investigated how to add static routes automatically on bootup sa windows/mac...but there should be some sort of startup folder/autoexec.bat/rc.local equivalent where you can place the command in.


    The weird thing, my mac can already access the subnet. In the VM, sa windows command prompt, I can also ping through to the subnet... but when I launch the application (client server application) that connects to the SQLSERVER7 db in the subnet, hindi sya maka connect... I'm still looking through what may be setup wrongly... any ideas?
    Hmmm, not really familiar with PPTP/windows-based VPNs, but if it's IPSec-based, dapat talaga di mo mapiping ung subnet.

    Anyways,how is the networking set up on the VM guest(WinXP) -- NAT, bridged, etc?

    Also...can you access any other services on the SQL server machine you want to access, i.e. web, FTP, VNC, remote desktop? If you can access all other services...my best guest would be firewall issues, or app-specific bug na to...


    my .02...sana di lalong gumulo B)
    Last edited by badkuk; November 14th, 2009 at 04:46 PM.

  4. Join Date
    Nov 2002
    Posts
    1,326
    #4
    Couldn't put in too many hours on this but when I did.. here is what I found out:

    1. Everytime I connect to the W2K3 VPN, the routing table almost always adds a route entry to the 102 subnet through the VPN client. (The subnet where the VPN machine is in is 100, while other subnets within the LAN are 102 and 103, which the VPN client couldn't access).

    2. If I manually delete that particular route entry on the VPN server machine, I get what I want - which is access to the other subnets in the LAN, from the VPN client.

    3. Yun nga lang, the only way I could think of to manually delete the routing entry is on the machine itself either physically logging in on the VPN server and remotely logging in through Remote Desktop. This would defeat the purpose of running a VPN.


    When I read about OpenVPN (open source), it mentioned something about an IP Routing based VPN and an Ethernet Bridged VPN, how each behaved and the different configuration for each... and saying na on Windows, default ang Ethernet Bridged... I was just thinking na is it possible na yun ang reason kung bakit ganun ang behavior ng setup na to? If so, how do I switch the behavior of the W2K3 VPN to be an IP Routing based VPN instead of the Ethernet Bridge based?

    Kung hindi umubra to, I am now thinking of using OpenVPN on an Ubuntu box to serve as my VPN Server....
    Last edited by wowiesy; December 3rd, 2009 at 11:54 AM.

  5. Join Date
    Jan 2003
    Posts
    2,979
    #5
    Bro anong client server application ba ginagamit mo na kailangan mong paandarin using vpn? it might not be a network routing problem kasi. baka yun application ang may issue..
    check nyo yun apps kung ang pag-access ng database is thru ip address or by domain names. i have encountered a similar issue before and yun ang culprit.

  6. Join Date
    Nov 2002
    Posts
    1,326
    #6
    Quote Originally Posted by badsekktor View Post
    Bro anong client server application ba ginagamit mo na kailangan mong paandarin using vpn? it might not be a network routing problem kasi. baka yun application ang may issue..
    check nyo yun apps kung ang pag-access ng database is thru ip address or by domain names. i have encountered a similar issue before and yun ang culprit.
    the application is common client server app hitting on a db (mssql server). the problem is the db server is only at sql server7, which can only bind to 1 network interface. on the db server machine, nung dating nic1 lang ang nakakabit sa LAN... it belongs to the 100 subnet (which kung ginamit ko na agad ang vpn dati, ma access agad ng vpn client yun since same subnet).

    the complexity came out when we implemented an LVM volume (linux) to host the shared files (file server) na naka attach on the same server as the db server. kinailangan na gamitin yung 2nd nic ng server machine to connect to the linux box. this 2nd nic is on the 102 subnet. nung pumasok yung 2nd nic, sql server 7 ay nag bind dito sa 2nd nic at iniwanan yung 1st nic. MS support docs mentioned na binding to multiple NICs feature started only on MSSQL Server 2005.. on the client side, the sql server is being accessed through ODBC in Windows. Configuration ng odbc can be through named pipes or through tcp/ip. the odbc driver i got for mac didn't support named pipes and it only supported tcp/ip. dun naman sa guest OS ng VM ko (winXP) i also tried named pipes (shared lang yung network connection between the host OS Mac and the guest OS XP) but hindi ko napagana so tcp/ip ang naiwan so I had to hit 102 subnet to get to the data.

    I had query analyzers on mac platform na kailangan lang ay ODBC driver (that runs on Mac) o JDBC driver then you can access the db na and do SQL queries... gamit ko rin yun occasionally.... then on my guest OS sa vm (winXP), i use ms access to query through our db for monitoring of sales, etc.. again through ODBC.

    nung dating hindi pa ako humahawak sa sales ng company namin, lagi din lang ako sa planta so I can always get my data when I am at plant. But now na pati sales eh hahawakan ko na rin, dumadalas na hindi ako makapunta sa planta but mas lalo ako dependent on the data... the vpn option is to just get a way to access the db even when I am outside of the factory. Option talaga yung remote desktop but I think may mga limitations din sya (like limited number of simultaneous clients, licensing issues, etc).

    anyway, napagana ko na sa openvpn (server side using an ubuntu box, client side using a mac, pati yung guest OS on my virtual machine sa mac ay na access na rin yung subnet within the LAN) at least may fall back na ako =).. the test i did was connecting to the vpn server from within the lan (at the time of this writing, nasa planta pa rin ako).. but when i get home later.. i'll try to connect to the vpn and see what happens...
    Last edited by wowiesy; December 4th, 2009 at 02:20 AM.

VPN Routing