[pptp-server] Relay for PPTP server?

Wed Jul 21 13:23:03 CDT 1999

> This may sound far-fetched, but what is we rebuilt the pppd so that it included
> support for Socks/Dante (RFC 192[89]), thereby automatically able to connect
> through an industry-standard proxy protocol ?  With the tools that socks
> includes, I had the impression this is almost as trivial as a set of #define
> macros, and a rebuild, something like:
> make CFLAGS ='-Dconnect=rconnect -Dlisten=rlisten'

i don't think a socks proxy would work for what we want. At first i
thought it was a great idea, but here's the trouble:

there are 3 types of connection problems (well, more, but 3 basic types)

1) Firewall/Proxy: pptp is tricky to let through
2) ISP doesn't allow GRE packets
3) Client is unable to use GRE (slirp accounts)

1) socks would work IF client supported it. None do. If the server
supported it, we'd have to make outgoing calls to the client (most don't
support this) 

This problem compounds itself because when behind a proxy. Proxy servers
tell the pptp server that they are the client, and forward the packets.
Poptop would need some way to find out the true ip of the client in order
to make the GRE connection.

2,3) proxy wouldn't help. GRE packets are GRE packets whether they come
from the server or from the proxy server

> 
> > This way, I can allow all traffic between the PPTP server and the relay.
> >
> > So, I need a relay machine which can forward GRE (not so easy) and TCP
> > (easy)
> >
> > Thanks,
> > Dave
> >
> > P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing
> > from someone
> > at MIT
> >
> > -----Original Message-----
> > From: tmk [mailto:tmk at netmagic.net]
> > Sent: Wednesday, July 21, 1999 11:13 AM
> > To: Dave DeChellis; pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] Relay for PPTP server?
> >
> > Try this:
> >
> > assuming you have the firewall on a separate machine from the pptp server:
> >
> > allow/forward port 1723 to the pptp server
> > allow (or masq if the pptp server has a "fake" IP addr) outgoing connections
> > from the pptp server to anywhere
> >
> > that should do it
> > Kevin
> >
> > ----- Original Message -----
> > From: Dave DeChellis <daved at crl.dec.com>
> > To: <pptp-server at lists.schulte.org>
> > Sent: Wednesday, July 21, 1999 6:45 AM
> > Subject: [pptp-server] Relay for PPTP server?
> >
> > > Hello,
> > >
> > > I would like to have external clients connect through our firewall to an
> > > internal PPTP server.  I would also like to have a relay
> > > of some sort on the external network and just have one trusting rule
> > through
> > > the firewall to the PPTP server.
> > >
> > > However, this is tricker since there are multiple protocols to deal with
> > as
> > > opposed to a true TCP/IP establishment.
> > >
> > > Is there such an animal which runs under various flavors of UNIX?  I could
> > > deal with a Linux guy.
> > >
> > > Thanks for any info,
> > > Dave DeChellis
> > > daved at crl.dec.com
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulte.org!
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> 