Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Problem solved. It turns out that the Symantec VPN Client is a little firewall of its own. It doesn't pay attention to the windows firewall (or in my case, Norton Internet Security running as a firewall on my laptop). Once I entered port 2401 on the "port control" tab of the VPN client, TortoiseCVS was able to talk to CVSNT over the VPN connection. I tested both sspi and pserver, and both worked (using strings previously used while locally connected). Thanks for your thorough explanation. I think I now know what I have to do to make sspi work, and I should be all set. Worth "Bo Berglund" <bo.berglund at telia.com> wrote in message news:apivh15ljoulguu3obbrqpk7f420jskj96 at 4ax.com... > On Wed, 7 Sep 2005 19:22:18 -0400, "Worth Robbins" > <wrobbins at macoun.com> wrote: > > >>I am the IT people, and I know this isn't the case. In fact, I >>specifically >>opened TCP ports 2401 and 2402 on both the XP box running CVSNT and on the >>laptop running TortoiseCVS. I only mentioned the network shares as >>evidence >>that, at least at the node level, to laptop can see the server, enough to >>ping it and enough to mount a share it publishes. > > No need to open anything for port 2402, that port is only used locally > for the lockserver on the CVSNT server. No external use is active. > >> >>There's another possibility I could try. What if I port forwarded 2401 at >>the firewall to the CVSNT box, and had Tortoise pointing at the external >>address of the firewall. Should that work? > > Yes, it will (when the PC is on the outside of course). I have a CVSNT > server for my own development set up on a W2K PC on my home LAN. I am > connected to Internet via ADSL and I have a hardware router/firewall > to manage the network IP addresses via DHCP. On that box I have opened > port 2401 and pointing it through to the CVSNT server. > On my laptop (the one I use when I travel) I have set up the HOSTS > file to contain an entry with the CVSNT server name and the external > IP address. > With :sspi:user at server:/repo syntax this works just fine. > Note that wne you use sspi with the user at server syntax you have to do > a cvs login once in order to validate your credentials. After > successful login the CVSNT *client* on your laptop will save the > needed password in the registry (encrypted) and use it whenever you > operate on the same connection string in the future. > > The Symantec people probably only knew about CVSNT from 3-4 years ago > before the SSPI protocol was introduced. At that time CVSNT used the > :ntserver: protocol, which needs full NETBIOS access with all of the > ports open on which Microsoft sends all kinds of extra info over. For > example poert 139, which no sane admin ever allows on the Internet. >> >>Again I apologize for so many naive/newbie questions, and I really >>appreciate patience helping me get this going. > > No need apologizing... > > > > /Bo > (Bo Berglund, developer in Sweden)