Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Please bear with me, I'm not a networking giant, nor am I very experienced with CVS. I worked a little with CVSNT as a developer a year ago, and somebody set it up for me then. Now, I'm IT, development, operations, etc., supporting a couple of developers remote working remotely, and trying to set up CVSNT services. I put the lowest level Symantec Firewall appliance at the edge of my network, and am trying to provide access via VPN tunnels from the developers' laptops. To answer your questions: "Bo Berglund" <bo.berglund at telia.com> wrote in message news:rdpuh1p3937q5lh0ckba13kk0strvh5pek at 4ax.com... > On Wed, 7 Sep 2005 13:05:07 -0400, "Worth Robbins" > <wrobbins at macoun.com> wrote: > >>Let me narrow the focus of my question. I had already decided not to try >>using sspi over VPN, because of advice regarding limited authentication. > > Advice from whom? > In my book SSPI is to be preferred anyday over pserver because of > authentication and security issues... One of the Symantec phone support people said I wouldn't have full domain login authentication over VPN, I would only have whatever cached credentials were on the laptop. I interpreted this to mean I might have trouble using SSPI. > >>I only want to be able to make pserver work. When I am locally connected, >>the >>connection string >> >>:pserver:cvsuser at pc325:/cvsrepo >> >>works fine. >> >>When connected via VPN, this doesn't work, even though I am able to ping >>pc325 and am able to access various network shares. > > Network shares are of no concern here, the only valid thing is the > access to the TCP port 2401 via your firewall. Maybe the VPN people > have put in a policy to not allow port 2401 calls to propagate through > the firewall? > It does not make sense to me, but it could be so anyway. Or otherwise > if you are on XP-Pro SP2 the IT people may have put a policy in place > on your PC that activates Windows firewall whenever you are not > locally connected and it is set to block 2401... I am the IT people, and I know this isn't the case. In fact, I specifically opened TCP ports 2401 and 2402 on both the XP box running CVSNT and on the laptop running TortoiseCVS. I only mentioned the network shares as evidence that, at least at the node level, to laptop can see the server, enough to ping it and enough to mount a share it publishes. > >> >>I have also tried substituting the ip address i.e. >> >>:pserver:cvsuser at 192.168.0.5:/cvsrepo >> >>This also works connected locally but not via VPN. > > The name is resolved into an address by the DNS service. If that is > working so you can ping the server by name then you should not have to > change this at all. It's possible that the name resolution is happening because of WINS rather than DNS. I don't know if that is significant, but it's definitely possible. In any case, since I am also unable to make it work using the IP address, it doesn't seem likely to be a DNS issue. >> >>What else, other than being able to access the server node by name or IP >>address, is there that could be causing a problem? > > A block on port 2401 somewhere. Ok, I'm definitely focusing there. I'm certain it isn't on either the box running CVSNT or on the box running TortoiseCVS, but maybe it's somewhere in the Firewall/VPN. There's another possibility I could try. What if I port forwarded 2401 at the firewall to the CVSNT box, and had Tortoise pointing at the external address of the firewall. Should that work? Again I apologize for so many naive/newbie questions, and I really appreciate patience helping me get this going. Thanks, Worth