[cvsnt] Connecting to CVSNT Server via VPN

Thu Sep 8 09:34:28 BST 2005

Problem solved.

It turns out that the Symantec VPN Client is a little firewall of its own. 
It doesn't pay attention to the windows firewall (or in my case, Norton 
Internet Security running as a firewall on my laptop). Once I entered port 
2401 on the "port control" tab of the VPN client, TortoiseCVS was able to 
talk to CVSNT over the VPN connection. I tested both sspi and pserver, and 
both worked (using strings previously used while locally connected).

Thanks for your thorough explanation. I think I now know what I have to do 
to make sspi work, and I should be all set.

Worth
"Bo Berglund" <bo.berglund at telia.com> wrote in message 
news:apivh15ljoulguu3obbrqpk7f420jskj96 at 4ax.com...
> On Wed, 7 Sep 2005 19:22:18 -0400, "Worth Robbins"
> <wrobbins at macoun.com> wrote:
>
>
>>I am the IT people, and I know this isn't the case. In fact, I 
>>specifically
>>opened TCP ports 2401 and 2402 on both the XP box running CVSNT and on the
>>laptop running TortoiseCVS. I only mentioned the network shares as 
>>evidence
>>that, at least at the node level, to laptop can see the server, enough to
>>ping it and enough to mount a share it publishes.
>
> No need to open anything for port 2402, that port is only used locally
> for the lockserver on the CVSNT server. No external use is active.
>
>>
>>There's another possibility I could try. What if I port forwarded 2401 at
>>the firewall to the CVSNT box, and had Tortoise pointing at the external
>>address of the firewall. Should that work?
>
> Yes, it will (when the PC is on the outside of course). I have a CVSNT
> server for my own development set up on a W2K PC on my home LAN. I am
> connected to Internet via ADSL and I have a hardware router/firewall
> to manage the network IP addresses via DHCP. On that box I have opened
> port 2401 and pointing it through to the CVSNT server.
> On my laptop (the one I use when I travel) I have set up the HOSTS
> file to contain an entry with the CVSNT server name and the external
> IP address.
> With :sspi:user at server:/repo syntax this works just fine.
> Note that wne you use sspi with the user at server syntax you have to do
> a cvs login once in order to validate your credentials. After
> successful login the CVSNT *client* on your laptop will save the
> needed password in the registry (encrypted) and use it whenever you
> operate on the same connection string in the future.
>
> The Symantec people probably only knew about CVSNT from 3-4 years ago
> before the SSPI protocol was introduced. At that time CVSNT used the
> :ntserver: protocol, which needs full NETBIOS access with all of the
> ports open on which Microsoft sends all kinds of extra info over. For
> example poert 139, which no sane admin ever allows on the Internet.
>>
>>Again I apologize for so many naive/newbie questions, and I really
>>appreciate patience helping me get this going.
>
> No need apologizing...
>
>
>
> /Bo
> (Bo Berglund, developer in Sweden) 