[pptp-server] Using PPTPD & Linux PPTP to setup VPN

[Jim Morris]

Hi All,

I am trying to setup a "Virtual Private Network" across the Internet,
between my home LAN and the office LAN.  Both ends use Linux servers
and IP masquerading to connect to the Internet. I use the DYNIP.COM
service to associate a known DNS name with the office network.

Before anyone suggests alternative methods to setup a VPN, let me say
that I am trying it with PPTPD because it seems to be the only
possibility I've thought of that does not require a known *FIXED* IP
address on both ends of the VPN.

So far, PPTPD works great to let me dialup my local ISP using my Win98
PC, and then use a PPTP adapter to connect to the office LAN.
However, it seems to me that if I use the PPTP program under Linux, I
should be able to connect *ALL* my home PC's (3) to the office LAN, at
the same time that I am doing IP Masquerading to the Internet on both
ends.

So far, I've tried to do this with limited success.  I can ping a
machine the internel network at the office from a PC on my LAN at
home.  However, anything beyond that is pretty flakey. I.e. stuff like
telnet works somewhat, but for the most part, I can establish a
connection, but as soon as I try anything that transfers much data
(like even doing an "ls" in ftp), the connection dies, and ftp or
telnet exit.

I somehow think this is related to my firewall rules for Masquerading
and forwarding.  If I look at the active masquerading connections here
at home, using "ipchains -M -L", it shows the ftp or telnet connection
- whereas I would think that should not be masquerading.  I have setup
routes to the 2 networks manually, if that matters.  My goal is to
write some kind of script that will automate this on both ends
somehow. I.e. the client side connects to the PPTPD server system on
the Internet by running a script that sets up the routes, etc, for
both ends (possibly using rcmd or something to do the server side
route).

Has anyone set anything like this up?  If so, I would be interesting
in seeing how you setup the firewall/masquerading rules using ipchains
or ipfwadm (I have Linux 2.2 at home, but Linux 2.0.36 at work).

If this is impossible, I would like to know that too! ;-)

Thanks!  And I can provide more info if need be.


 --
A nuclear war can ruin your whole day.
 --
 --
/------------------------------------------------\
| Jim Morris  | Business:  jmorris at rtc-group.com |
|             | Personal:  Jim at Morris.net        |
|------------------------------------------------|
|    World Wide Web:  http://Jim.Morris.net      |
|       AOL Instant Messenger:  JFM2001          |
\------------------------------------------------/