Log in

View Full Version : XP PPTP VPN Server & PocketPC PPTP VPN Client...


Sooner Al
04-23-2003, 11:19 PM
FYI...

I have created a small page that details my configuration for PPTP VPN access to an XP Pro PPTP VPN server from an iPAQ 3835 PocketPC over a 56 Kbps dialup link. This may be of interest to some of you...

PpcVPN (http://www.oecadvantage.net/ajarvi/PpcVPN.html)

I am able to access network shares from any of my three networked XP Pro machines, copy/cut-in-paste/open shared files and use the PocketPC Terminal Services Client (TSC) to run an XP Pro Remote Desktop session through the VPN tunnel. The only thing I can't do currently is to ActiveSync over the VPN link. If someone has an idea on how to accomplish this I would certainly be appreciative. When I do initiate ActiveSync from the PocketPC I do connect but only as a "Guest". Note that I can ActiveSync normally over the USB link to my personal XP Pro box and via a wireless LAN link on my home LAN.

that_kid
04-24-2003, 12:06 AM
Great page Al, I don't know why you get the "Guest" account when you try to activestink over vpn. I have vpn setup as well but I haven't run into the Guest problem. I do have the Guest problem when syncing with my laptop over bluetooth sometimes as well. I guess it's an activestink issue and not an issue with your setup.

dhettel
04-24-2003, 03:53 AM
Al I have a thought. If you use vxUtil to ping your PC by Activesync name not address, and look at the Ip address it returns, does it match the IP address of the Network adapter you are connecting to?

You might try using Pocket Host to setup the name of your PC to the IP address of your VPN adapter.

Just an idea, don't know if that makes sense.

David

Sooner Al
04-24-2003, 05:37 PM
Al I have a thought. If you use vxUtil to ping your PC by Activesync name not address, and look at the Ip address it returns, does it match the IP address of the Network adapter you are connecting to?

You might try using Pocket Host to setup the name of your PC to the IP address of your VPN adapter.

Just an idea, don't know if that makes sense.

David

...but no cigar as they say...

Adding the XP VPN adapter IP, ie. 192.168.1.11, results in the same symptom, ie. Guest versus the normal AlPpc ActiveSync session. If I remove the Ashtabula entry in Pocket Hosts and ping by name it correctly reports back the 192.168.0.1 IP address of the network LAN adapter, ie. the ICS assigned IP address.

I tend to agree with That_Kid that it is some issue with AS. I will keep trying things but right now I am happy just to have made VPN work. I can access shares on all three of my XP boxes and access all three using TSC.

If I get real ambitious I may delete and reestablish the partnership to see if that helps...

I started this as an experiment since I recently bought a dial modem and did learn a bit...Thats always good...

Thanks to both of you...

Later...

davidspalding
04-24-2003, 07:14 PM
Hrm. I'm guessing here, as I don't have an xp box under my care at the moment, but when you vpn in, is the account that you're logging in as the same that the ActiveSync partnership was created with.

... thought so. I figured I'd ask the obvious. I would presume that the user token is correct.

Another idea. Have you tried opening Outlook (using the same profile, or default profiler, that AS is mapped to) before initiating an ActiveSync connection?

Another idea. Wondering if AS is identifying your PPC by its name, or the connection that it's coming as. I recall that VPN has a way of masking the UNC of a connecting machine, so that if I connect to \\MyWorkMachine from home (\\MyHomeMachine) via PPTP, MyWorkMachine sees the connecting computer as something like \\WanPPTPClient1 or something. It's been 2 years since I did this stuff in practice (blush), so MyWetwiredMemory may be inaccurate. ... I'm trying to think of how else you can determine the UNC name of a connecting machine ... net something at a cmd prompt, I think. (Sorry, I'm babysitting and posting from The Wife's Mac Powerbook G3 at the moment.)

Great instructional page, BTW. Clear, concise, illustrated -- my favorite three words in any doc. ;)

Sooner Al
04-24-2003, 09:46 PM
...but again no cigar..

Yes, I am logging in as myself. I limit the VPN access to one account.

I tried your suggestion of opening Outlook on the desktop first, but again that did not make a difference.

I think you mean the net session command? The net session command correctly identified \\ALPPC as the device connecting with user AL accessing shares.

Thanks again...those were good suggestions...

I guess I need to dig around and look at the ActiveSync logs and see if I can see something there that may jog my memory. I do remember, however, the logs really never meant a whole lot to me when I looked at them a long time ago...

Later...

davidspalding
04-24-2003, 10:56 PM
Net session, yeap, that's the one. Darn, strike out.

I was also thinking, and just tried on my machine, logging into Telnet on the box, then opening Telnet SERver Administration and command 1, list users, which shows ... shucks, the IP of the user(s)'(s) originating terminal. Strike out.

I think you're right, it's a problem in friggin' AS, and maybe the logs will show something. Maybe the MS KB will have an article.... But then, we're talking ActiveStink. Hold breath, count to 1100100, license expired.

We need an ActiveStink forum. ,:(

Sooner Al
04-25-2003, 07:49 PM
Partial success...

I finally got an ActiveSync session via the VPN tunnel to connect with my normal AS user... The key, in my case at least, was the location of the VPN server and the AS box. When I first tried this I was using my desktop as my network ICS/ICF/VPN server and it was the same machine I normally AS with via USB or wireless.

So, this morning I reconfigured my home LAN a bit. I now have a dedicated ICS/ICF/VPN server running on an old laptop my brother gave me. My normal XP desktop is now simply a client to that server. Normal ActiveSync via USB and wireless continued to work after the reconfiguration.

The VPN ActiveSync, through the new VPN server and on to my XP desktop, now works to a point. AS no longer sez I am a Guest and correctly tries to use my existing partnership for my 3835 which is AlPpc. Now the AS session times out with an error about checking out of date appointments. This is over a 56K dial link on both ends by the way.

So...progress...of a sort a least...

Actually, this is the same type of problem I have seen some folks report using adhoc wireless connections to multihomed desktops. It seems that once you AS with a machine that has one ethernet NIC installed, if you then try to AS with the same machine over a second NIC (wireless at least) then you get the Guest problem. This would explain my problem since AS saw the VPN adapter as a second network connection and went into the Guest symptom...

Sooner Al
04-25-2003, 08:28 PM
Success...

The time out problem described was traced to the fact that I had network drives on three different machines mapped so they would be connected over the VPN link. Once I disconnected the drive mappings I can now ActiveSync from my iPAQ 3835 PocketPC via a PPTP VPN link over the public internet into my home LAN.

davidspalding
04-26-2003, 03:41 AM
8O See, this is why a dedicated ActiveStink topic would be great. So we could concatenate neat "lessons learned" like yours in one "folder."

Sooner Al
05-28-2003, 04:31 PM
...updated the PpcVpn (http://www.oecadvantage.net/ajarvi/PpcVPN.html) page with additional screen shots and cleaned it up a bit.