VPN? What kind? (/me does that stuff for a living, but professional curiosity just don't cut it for the "have to know" I get when I see words like that).
Something having to do with work. *shrugs* Connect to their shiznit, have fun with their shiznit, and gods know what else happens to your computer. Have not worked with VPNs before. So am clueless.
Am running Windows 2000 Professional. To create this, I went into the place in Windows where one adds new connections, and put in information including the website where I wanted to connect, that I would use a certain DNS and obtain an IP address automatically, and, um...
I don't know about a router, but I am not the computer on the network that connects to the ISP. I'm on Tigereye, and she talks to Enki, and Enki is the one who hasta talk with MSN.
Enki (either Sumerian myths fan or Snow Crash fan....) is a Win2k machine "sharing" it's internet connection (acting as a NAT router)?
Hmmmm... so it is IPSec/ESP encapsulation on the PPTP that's getting hosed. As I suspected.
Here's how it works:
your software makes a packet [ip-info [data]].
the VPN put it into a PPTP* frame making [pptp [ip-info [data]]].
ESP (IPSec VPN protocol with encryption) makes: [fresh ip-info [esp [encrypted]] where the "encrypted" is the above [pptp [ip-info [data]]] encrypted.
ESP also has information so it can detect if the "fresh ip-info" is tampered with. Since your PC (Tigereye) has an IP address on your LAN, Enki has to change that information with it's internet-side IP address, therefore tampering with
Here's things to try:
set up the VPN on Enki. This would piss off your work sysadmin if he is paranoid and finds out... but it might get you working for now. I think (but not sure) Win2k "sharing its internet access" will also allow you to "share" vpn access (like it knows the difference).
look for something like "IPSec Passthrough" in the "sharing Internet connection" setup on Enki
look for "NAT Traversal" or "TCP/UDP encapsulation" options on Tigereye and try using them. I'm not sure of the specific language it'll use, but that'd cover the typical wordings used
I'll VNC into my only windows machine and go looking (also Win2kPro), but it's been REALLY stripped (/me hates Windows), so it might not have the stuff it'd need...
This could easily be using UDP port 500 (needed for IKE key negotiations to setup the IPSec/ESP connection). That'd give a funky error for sure.
Try looking for IKE or IPSec or ISAKMP/Oakley (the old name for IKE) and turning it off on the firewall software... that might help Enki setup the VPN.
Ok... if you're the admin, don't yell at yourself for this:
Set up the VPN on Enki and under "sharing" under the properties for the VPN (Network and Dial-Up Connections, right click on the VPN object/icon, properties) turn on sharing it.
Strictly speaking this means that all of your LAN can get into the office now. Should work.
In all my prior posts, where I say PPTP, replace with L2TP.
There are two VPN systems built into Win2k. L2TP/IPSec/IKE (the one I described) and PPTP. PPTP is BROKEN if you're really looking for hardcore security, but it'll survive NAT much better. If you're not worried about the security of the connection beyond casual attackers (and I would make the argument that you really should worry about harder-core attacks to varying degrees, depending on what "work" does/makes/etc), you _could_ use PPTP, but I won't suggest it (becuase I'd end up making myself sick over suggesting something known to be breakable).
PPTP does it this way: [ip-info [data]] as before goes into [PPTP [encrypted]] where "encrytped" is the [ip-info [data]]. It doesn't need ESP (so no ESP no like NAT issue), but it does shitty encryption.
From the error, I take it it's a PPTP VPN (built into Win2k/XP). That specific error is _way_ out into the "Microsoft Proprietary" error number space for that component (in laymanese: MS doesn't want to document what it means so you'll have to pay them for tech support).
That leads me to think about a potential router/firewall (like the Linksys I mentioned) or a personal firewall software being used... hmm.
If nothing else you have me interested in VPN now, just to see if I can make it work. VPNing into work would be nice for when the phone starts ringing at 6am....hours before I get there.
Depending on what you have at the office in terms of a firewall (and how much control you have over that stuff), it shouldn't be too hard to get set up.
If not, there is another option: www.gotomypc.com. NOT NOT NOT for use with sensitive data (since it's not significantly enctrypted and goes through an un-bonded third party (gotomypc.com's servers). It's a pay service, but it might be worth it. If you're interested, word is they're coming out with a "host your own" version of the same service.
Questions, hit me up and ask'em. Just realize that I stopped myself half-way through what I would usually type up in this "discussion" as to not overwhelm with irrelivant data of the underworkings of this stuff. Start me talking at your own risk.
I want to say its a Sonicwall Pro, but I am not 100% positive. The thing predates me being there by a year or 2 now. As for control.....well, there's me, and then there's me. My boss occationaly shows up to help smooth things over when things go seriously wrong or I need a second pair of hands/eyes(is a contract situation, I keep the servers and desktops running and they pay my company for my time) but thats about it.
I will definately be setting up a VPN into my home network if its at all possible though...just for the learning how to do it part.
heh....so be wary of priming the pump? you sound like me.
Any sugestions for reading material to get started?
How freaky....you post that comment about gotomypc.com and then a few hours later I see an ad in my copy of Eudora 5.2 Sponsored about them(and they've never been there before)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
azurelunatic) wrote2003-03-09 05:40 pm
no subject
no subject
no subject
no subject
no subject
Wondering if the LAN at home has anything to do with this.
no subject
- Where do you go to configure it and/or do you know the name of the software (built into Windows, something you installed, etc)?
- What do you have to give it to get it configured?
- Do you have a router/firewall between you and your ISP at home (like a linksys router, etc)?
no subject
I don't know about a router, but I am not the computer on the network that connects to the ISP. I'm on Tigereye, and she talks to Enki, and Enki is the one who hasta talk with MSN.
no subject
Hmmmm... so it is IPSec/ESP encapsulation on the PPTP that's getting hosed. As I suspected.
Here's how it works:
Here's things to try:
I'll VNC into my only windows machine and go looking (also Win2kPro), but it's been REALLY stripped (/me hates Windows), so it might not have the stuff it'd need...
no subject
no subject
no subject
Try looking for IKE or IPSec or ISAKMP/Oakley (the old name for IKE) and turning it off on the firewall software... that might help Enki setup the VPN.
no subject
no subject
Set up the VPN on Enki and under "sharing" under the properties for the VPN (Network and Dial-Up Connections, right click on the VPN object/icon, properties) turn on sharing it.
Strictly speaking this means that all of your LAN can get into the office now.
Should work.
no subject
In all my prior posts, where I say PPTP, replace with L2TP.
There are two VPN systems built into Win2k. L2TP/IPSec/IKE (the one I described) and PPTP. PPTP is BROKEN if you're really looking for hardcore security, but it'll survive NAT much better. If you're not worried about the security of the connection beyond casual attackers (and I would make the argument that you really should worry about harder-core attacks to varying degrees, depending on what "work" does/makes/etc), you _could_ use PPTP, but I won't suggest it (becuase I'd end up making myself sick over suggesting something known to be breakable).
PPTP does it this way: [ip-info [data]] as before goes into [PPTP [encrypted]] where "encrytped" is the [ip-info [data]]. It doesn't need ESP (so no ESP no like NAT issue), but it does shitty encryption.
no subject
That leads me to think about a potential router/firewall (like the Linksys I mentioned) or a personal firewall software being used...
hmm.
no subject
no subject
no subject
Oh, and azurelunatic, sorry if I scared you and/or ran you off...
/me can't help it sometimes.
Just be glad I didn't have a whiteboard to draw on or it'd be worse.
(did it end up working out?)
no subject
no subject
If not, there is another option: www.gotomypc.com. NOT NOT NOT for use with sensitive data (since it's not significantly enctrypted and goes through an un-bonded third party (gotomypc.com's servers). It's a pay service, but it might be worth it. If you're interested, word is they're coming out with a "host your own" version of the same service.
Questions, hit me up and ask'em. Just realize that I stopped myself half-way through what I would usually type up in this "discussion" as to not overwhelm with irrelivant data of the underworkings of this stuff. Start me talking at your own risk.
no subject
no subject
As for control.....well, there's me, and then there's me. My boss occationaly shows up to help smooth things over when things go seriously wrong or I need a second pair of hands/eyes(is a contract situation, I keep the servers and desktops running and they pay my company for my time) but thats about it.
I will definately be setting up a VPN into my home network if its at all possible though...just for the learning how to do it part.
heh....so be wary of priming the pump? you sound like me.
Any sugestions for reading material to get started?
no subject
no subject
The idea of touching Enki, on the other hand...
no subject
Given, the server at the other end will have to support it.
no subject