[pptp-server] PPTP and NAT?

Eric H. Raskin eraskin at paslists.com
Tue Jul 18 07:55:40 CDT 2000 

Patrick:

Very interesting.  Their current setup is a T1 connected to a Cisco router
running NAT and packet filtering.  They have a DHCP server giving out internal
IP addresses.  I think I've figured out the configuration.  Do I have it right?

Client End:  Linux box with internal and external NICs.  Routing rules in the
Linux box to forward all traffic coming in on the internal NIC to my PPTP server
over the PPTP/PPP interface and out the external NIC.  Masquerading turned on
with the "PPTP Patch" so that PPTP connections are masqueraded as well (btw,
where is the patch located?).  A routing table entry is made on the Cisco
sending anyone asking for my PPTP server address to the Linux gateway box, which
will route the traffic.

My End:  My Linux box running PPTP server.  PPTP server gives out remote
addresses on a made-up sub-net and local addresses on my network.

Questions:
1)  Did I get it?  If not, please tell me how to configure...
2)  Does this mean I need a separate virtual IP address for my PPTP server on my
Linux box?  I'm worried about clients trying to access my web site -- which does
not require a PPTP link.  I guess there's no reason why all their traffice can't
come over the PPTP link, other than performance...  Any comments?


> -----Original Message-----
> From: Patrick Reid [mailto:P.J.Reid at earthling.net]
> Sent: Tuesday, July 18, 2000 8:34 AM
> To: eraskin at paslists.com.paslists.com; pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] PPTP and NAT?
>
>
> There is another option:
>
> Install the PPTP client on a Linux gateway/firewall; have it
> establish a VPN
> connection with appropriate routing; the customer can then
> just use the
> Linux box as the gateway.
>
> Patrick Reid - mailto:PReid at candesco.com
> Candesco Research Corp.
> Communication Centre: <http://www.mirabilis.com/1052176>
>
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Eric
> H. Raskin
> Sent: July 18, 2000 9:21 AM
> To: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] PPTP and NAT?
>
>
> Stefan:
>
> Can you tell me more about your first option?  I'm using a
> linux firewall
> (2.2.16 Kernel with masquerading/firewalling rules), but I
> don't see how
> patching my firewall will fix the GRE routing problem at the
> remote site.
> The
> packets from the different remote clients will still come in
> with the same
> IP
> address, right?
>
> Your second option works, but doesn't scale very well. When my remote
> customer
> gets up to wanting 10 or 20 clients, I'm in big trouble! :-)
>
> As for the third option, where can I read more about it?
> I've never even
> heard
> of 'PNS'.
>
>   Eric
>
> ---------------------------------------------------------------------
> Eric H. Raskin                                 eraskin at paslists.com
> Professional Advertising Systems Inc.          Voice: 914-741-1100
> 70 Memorial Plaza                              Fax:   914-741-2788
> Pleasantville, NY 10570
>
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
> > Strehle Stefan
> > Sent: Tuesday, July 18, 2000 4:52 AM
> > To: pptp-server at lists.schulte.org
> > Subject: AW: [pptp-server] PPTP and NAT?
> >
> >
> > You have three options:
> > -You install a linux fireall with support of masquerading
> > pptp clients (john
> > harding patch...)
> > -You have two IP adresses for your server, and you have two
> > different pptp
> > instances running on these two interfaces. Therefore the GRE
> > routing problem
> > is fixed, because the two clients do not connect at the
> same IP adress
> > anymore.
> > -You wait until a proper PNS mode implementaion is applied in
> > the pptp code.
> >
> > Stefan
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>

More information about the pptp-server mailing list