C2S VPN , BM 3.8 server
Hello, I had posted a question regarding this issue before, but nothing ever really came of it until now, because we have a customer who is needing this issue fixed. We have 1 server that runs NWSB 6.5 sp2. It has all the company files, information ,etc, basically everyone logs into this server. We want to run a C2S VPN server on it. I have the general setup, and install done. However when I log in to the VPN server using C2S, I can't get to any of the volumes or for that matter the BM server itself. In my testing lab this wasn't an issue because I had two or more servers ...

VPN Client 3.8 behind Netgear Router VPN Server C2S behind Linux IPTABLES
I configured my vpn client behind a Netgear router in NAT modus. MY BM 3.8 C2S is running behind Linux IPTABLES in static NAT Modus. If configured my bm policies after the book from john craig (NMAS / PASSWORD/ NDS) If I connect from my VPN Client I get NMAS error "error authentication FFFF996" but nothing in nmasmon (ver 1.21) If I connect the client can read the name of Tree but then occured the error. The same error I get if I configure my vpn client in the same network like linux public interface and attach from there my BM about linux nat interface. Does any...

BM 3.5 to BM 3.8 w/VPN
Bordermanager 3.5 server on Netware 5.1 providing firewall and proxy services for users on internal network. This box is also acting as the Master VPN server with multiple site-to-site VPN links to BM 3.5 slave servers. Primary Goal Replace the existing Bordermanager 3.5 master VPN server hardware with a new server running Bordermanager 3.8 on Netware 6.0. It is possible to have both servers online during migration. Must minimize disruption to firewall, proxy & VPN services. Secondary Goal: No changes (or minimial changes only) to the slave servers running BM 3.5. (T...

NBM 3.8 VPN Client to a Cisco VPN server
Where might I find detailed instruction on setting this up ? thanks ed There is some info here: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090479.htm But I'm not sure it is complete. There was a thread on this here in the past couple of days, so you should search back a bit. Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** ...

New BM 3.9 VPN only server on a NW 6.5 SP7 eDir8.8 SP2 server not working
I just created a new NW 6.5 SP7 server so by default it has eDir 8.8 SP2. I also updated the server with WSOCK6N, NWLIB6k and TCP681j (using the TCPD files). I then installed BM 3.9 using the NBM39_GMC.iso (the VPMaster is version 8.00.08 dated Feb 9, 2007 and VPMON is version 1.02.10 dated October 8. 2003). I set up the server just like my other VPN server (NW 6.5 SP5+ eDir 8.7.3.9) that is working. I assigned different IP addresses and the VPN tunnel to 4.0.0.0 instead of 1.0.0.0 like my current server. I used iManager (version 2.6) to install the default filters. I'm a...

New BM 3.9 VPN only server on a NW 6.5 SP7 eDir8.8 SP2 server not working
I just created a new NW 6.5 SP7 server so by default it has eDir 8.8 SP2. I also updated the server with WSOCK6N, NWLIB6k and TCP681j (using the TCPD files). I then installed BM 3.9 using the NBM39_GMC.iso (the VPMaster is version 8.00.08 dated Feb 9, 2007 and VPMON is version 1.02.10 dated October 8. 2003). I set up the server just like my other VPN server (NW 6.5 SP5+ eDir 8.7.3.9) that is working. I assigned different IP addresses and the VPN tunnel to 4.0.0.0 instead of 1.0.0.0 like my current server. I used iManager (version 2.6) to install the default filters. I'm a...

BM 3.8 sp2 VPN c2s
We have installed a NW 6 SP4 server, with BM 3.8 SP2, and are trying to get VPN C2S working. We do have Craig Johnson's book as a guide, but we are still experiencing the following problems. 1.) We are not able to login into the Netware server, we receive the following Netware login attempt failed, user is not logged in to Netware(this happens after about two minutes of trying) We thought that we had this fixed when we added a host entry into the PC's hosts file. This worked when the PC was connected to the internal side of the network(at least on our one test PC), however still...

BM 3.8 VPN C2S with ActivCard
Hello After upgrading BM3.6 with VPN C2S and ActivCard One to 3.8 I can authenticate VPN without entering token password using backward compability. In the VPN-client 3.8.7 readme -file it states: The ActiveCard token authentication method will work if the ActiveCard token method is configured for the user in eDirectory. The only method i can find is the Universal smart card. Is there a way to make my ActivCard One tokens to work with BM 3.8 VPN? If not, whitch tokens work with 3.8 NMAS/VPN client and BM 3.8? Thank you in advance. Thomas Brod�n ...

Can I import VPN setting from BM 3.7 into BM 3.8
Hi all, we have a Netware 6.5 server with Bordermanager 3.7. (after migration from NW 5.1) This worked fine for a year, but now the server abends several times a day. Bordermanager is only used for Proxy and VPN. I want to replace the server with a new installed NW6.5 with BM 3.8. Can I quickly and easy import my current VPN settings from BM 3.7? Greetz, Erwin hi Erwin, You can't really "import" the VPN from a server to another one, unless you image it (but at the end you would have an identical server, i.e. 3.7). The safest way is to reconfigure the VPN in t...

c2s 3.8 vpn after cert server reinstall
I had a 3.8 c2s vpn that was working until a migration of another NW6.5 server running cert server to new hardware (the lease was up, what could I do?). I've now reinstalled cert server and recreated server certificates for every server in the tree. This is another server BTW, not my BM server, but VPN stopped working the day the migration happened. Now, when I try to load authgw.nlm on the BM server (nw5.1 SP6, BM3.8 SP3), I get NWPKIGetwrappedserverkey returned error code FFFFFB3DAUthGw: failed to acquire the vpn security keys, which can't be good, and then authg...

NW 6.5 and BM 3.8 C2S VPN
Hello, Here is the setup that I currently have, and the problems I'm experiencing. I have one NW 6.5 SP2 file sever, BM 3.8 patched up to BM38FP3B, the SECUDP6A security update for E-Directory, and NMSRV235 NMAS update to E-Directory as per the Current patch list on Craig's web site. Here are some of the things that I have seen on the server "IKE" screen OPEN DIRECTORY SYS:/ETC/IKE/ROOTCERT/ERROR,ERRNO:1 That is the first message that shows up when I start the C2S service after configuring it through iManager.I have downloaded the new VPN client from the su...

VPN 3.6 slave to VPN 3.8 master
I have more or less gone through what I could to set this up. I exported the BM 3.8 master encryption key (minfo.vpn) and imported that to the BM 3.6 slave without any issue. I then created the slave (sinfo.vpn) file. I had setup the vpn tunnel ip's as 192.168.10.1 and when these were both masters, clients could access either one perfectly. We know the VPN's work. I changed 1 to a slave, but I halted what I was doing as I noted that the master and slave networks both are using 192.168.0.x for the private IP's. Questions: 1. Can a 3.6 slave talk to a 3.8 master?...

BM 3.8 C2S VPN
Ok... I've been working with BM VPN's since the beginning of their time, and frankly, I have never had the kind of difficulties that I have had since BM3.8. The Client to Site VPN config seems pretty routine and straightforward, but either I am missing something very obvious and simple, or I need to change careers. Out of 4 C2S VPN installs, I have 1 that is working properly. If I try to duplicate that setup anywhere else, I get mixed results. All are running on NetWare SBS v6.5, and are using various methods of connecting to he Internet (From T1 to DSL to Cable ...

BM 3.8 VPN Server behind NAT router
I've received different impressions from some of the information that I've read about BM 3.8 and NAT. Then I see a post from Cat saying "yes, provided that the CIsco is not doing NAt (for BM3.6). With BM3.8 should work in any case." So, to ask the question clearly of those most likely to know: Can a BM 3.8 server be positioned behind a NAT router, with a single interface, and work correctly with a client PC which is also behind a NAT router (assuming that the private network ranges are different, of course)? I'm considering an upgrade to SBS6.5, which has BM...

VPN 3.8 Client behind Netgear Router and BM 3.8 behind Linux IPTABLES
I ve configured my BM 3.8 Client behind my Netgear DSL Router (NAT). I ve configured my BM 3.8 SP1 Server behind Linux (IPTABLES NAT) not a filter problem. In this configuration I can do all at BM 3.8 server. I ve configured my BM entry policies from Craigs Johnsons book Authentication with NMAS (NDS). Now if I connect to BM server I got following NMAS error (error authentication gateway FFFFF996. The same error if I configure my vpm client in same network like my natted linux interface. I m not sure where I should look at first. I ve heard BM is running a linux na...

S2S connection BM 3.8 and third part VPN server
Hello!, Running BM 3.8 on Netware 5.1 SP7 We need to configure a VPN tunnel from a Border Manager 3.8 to a third party VPN Server. The parameters are provided from the third party Server and they are: we support following options for Phase 1 encryption: DES or 3DES MD5 or SHA1 Diffiew-Hellman group2 NO aggressive mode options for Phase 2: DES or 3DES MD5 or SHA1 NO perfect forward secrecy Is it possible to setup this parameters in the Border Manager Server? because I don�t know how to .... I heard and read about third party Server, is this option to setup this ...

SUSE Linux client to BM 3.8 SP3 VPN server
Hi, Is it possible to connect with a SUSE based client (9.1, 9.2 or Novell Linux Desktop) to a BM 3.8 server? Do I need IPSec configured for that, or is there a Linux port of the BM Client? Does BM 3.8 support L2TP? It SHOULD be possible, but I am not sure there is any current documentation on how to do this (with OpenSwan or FreeSwan). Novell has been working on a Linux VPN client for over a year. I've asked about the status of that project. It has worked for a long time, but never been publicly available due to open source licensing issues. Craig Johnson Nove...

error creating Non BM 3.8 sp5 slave VPN server
Hi NetWare 6.0 sp5 and BM 3.8 sp5. I am trying to add a non BM server to as a VPN slave. I am using Craig Johnsons manual which is pretty nicely detailed. I get through all the screens but at the end when I hit OK it gives this error. The Site To Site service was not modified due to following reasons: - Failed to create Site to Site member:neopiaVPNS2SEDGE.GOSSEN. When I go back in non of my slave settings are there but the default rule and other rules are there. Will I have to get better at proofing. The last line should read that when I go back in the VPN slave is not...

3.8 SP4 C2S VPN
First, here is a list of versions that we are using for some of the products that may be related to this problem: NetWare: 6.5.6 BorderManager: 3.8.4 Novell Client: 4.91.2 VPN Client: 3.8.16 eDirectory: 8.7.3.9 Novell NICI: 2.7.0 NMAS: 3.1.2 [NetWare LIBC / CLIB (NW6LIBJ) --> patch applied] [Filters are unloaded] [Server has a replica of eDirectory] When I attempt to establish a VPN connection, the "Failed receiving server DH public value " error is returned to the client. The following is an expert from the VPN Audit Log in...

C2S VPn on BM 3.8 behind a Efficient 5930 gateway(firewall/router)
Hi, I need to setup a Client-to-Site VPn connection to a NSBS 6.5 server with BM 3.8 running. I have one public IP on the Efficient router/gateway. I have a DMZ private range where the Efficient router and the NSBS 6.5 is in. (192.168.254.0/24) I have a private range where all the workstations are in. (10.1.0.0/24) The server is now available from the outside for mail by NAT-ing port 25 to the 10.1.0.x address of the server. How do I setup this BM server to get a C2S connection? Thanx, Lars Dam L, It appears that in the past few days you have not received a respons...

Craig's Tip #77 (3.8 Site-Site VPN slave server that won't start VPN services)
I have a couple of questions: Does this problem happen in IKE mode, Legacy mode, or both ? If there's a replica of root on another server on the slave's segment, I assume this is enough of a 'fix' to allow the services to start properly? Thanks Adrian James Quote: "Update: Aug 24, 2004: I am hearing that there is a design bug with BorderManager 3.8 Site-to-Site VPN that requires the slave server to contact a replica of the Root partition in order to launch. This means (for now) that you need to put a replica of Root on the VPN slave server. This makes se...

BorderManager 3.8 in a tree w/ BM 3.7 servers?
Am I reading the BM3.8 "Setting Up Login Policies" documentation in the install/admin guide correctly - it's stating that since prior versions of BM use hard-coded policies, that I will need to upgrade all previous versions of BM to 3.8 in order to manage login policies for all BM3.8 services. Does that mean I cannot install BM3.8 in a tree with other BM3.7 servers? > Does that mean I cannot install BM3.8 in a tree with other BM3.7 > servers? no, you can have BM3.8 and BM3.7 in the same tree provided they're in different containers. -- Ca...

update 3.7 to 3.8; vpn c2s no longer working
client gets error "xx.xx.xx.xx is not a valid vpn server or authentication gateway is not loaded on the vpn server. updated server from 6.0 sp3 to 6.5sp1.1; bm 3.7 to 3.8 sp2a. I've tried various clients... Started out following the legacy client config, assuming my current config would be mostly in tact. had to manually load vpmaster on the server, but after that nwadmin would let me access vpn master and client properties and all looked well. authgw was not loaded so loaded that, but no help there. gave up. then followed chapter 19 and 20 in craig's book...

VPN client 3.7 used to connect on BM 3.8
Hi, I need to know if it is possible to have the VPN client 3.7.1 and be able to connect on BorderManager 3.8 and received a local IP address and DNS resolution. Setup is on Nw6.5 sp1b, BM 3.8 sp1, VPN client 3.7.1 Thxs... no, you need the BM3.8 client (and the BM3.8 server) for that. -- Caterina Luppi Novell Support Connection Volunteer Sysop ...