[pptp-server] Re: Newbie Questions

John Huebner jh6p at thewire.ap.org
Wed Oct 27 09:13:56 CDT 1999 

To use Win98VPN through a Linux firewall see:
http://metalab.unc.edu/pub/Linux/docs/howto/VPN-Masquerade-HOWTO


for having the firewall run VPN for the whole LAN :
--------------------------------------------------- 
> I have my home network on the vpn now.
> I used the following software:
> <a
> http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/release/pptp-linux-latest.tar.gz>
>         PPTP-linux-1.0.2.tar.gz </a>
> <a href="http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/"> PPTP
> Docs </a>
> <a
> href="ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au/DES/libdes-3.06.tar.gz">
>         Eric Young's DES library </a>
> <a href="ftp://cs.anu.edu.au/pub/software/ppp/"> PPP 2.3.10 </a>
> <a
> href="http://www.moretonbay.com/vpn/releases/ppp-2.3.10-openssl-norc4-mppe.patch.gz">
>         "Patch" for pppd 2.3.10, although in reality I didn't use it.
> 
> First I compiled libdes with "make x86-elf". BE WARNED this target
> installs the lib as well as building it.
> 
> Then I compiled pppd-2.3.10 with "make CHAPMS=1 USECRYPT=1"
> Finally I compiled pptp-linux-1.0.2 with "make"
> 
> Then I logged into my isp my favorite way:
> /usr/sbin/pppd/ lock modem crtscts /dev/ttyS0 38400 \
>         kdebug 1 noipdefault defaultroute connect "chat -v -f
> /etc/ppp/1stconnect-script"
> 
> I waited for my dynamic IP addresses, then I ran:
> 
> /usr/src/pptp/pptp <vpn gateway addr> debug name jhuebner remotename vpn
> proxyarp noauth
> 
> Again I waited until route reported a new host, then I
> ran:
> 
> route add -net <VPN net> netmask 255.255.255.0 gw <the pptp host>
> 
> At this point, ping worked. I can check my mail and access
> wiretools
> 
> PROBLEMS:
> 
> 1) You cannot "route add -net <my VPN net> netmask 255.255.0.0" because the
> gateway is inside the subnet! :-P (Minh, you saw me attempt this this
> afternoon, and it locked my home LAN in an infinite loop. I had to kill
> the 165.1 net from console.) As a result I need at least two smaller netmasks to send mail. I
> may try playing with netmasks between 255.255.0.0 and 255.255.255.0.
> 
> 3) With pptp running on my firewall, I can no longer make independent
> VPN connections from other boxes on the net, although with clever routing,
> my firewall should be able to set up a separate route for each of them, if I cared.
> 
> 4) This does not address the netgear problem. ISDN NAT routers need dNAT+.
> 

> --
> John Huebner

More information about the pptp-server mailing list