[pptp-server] Help with configuration!

Nate Carlson natecars at real-time.com
Wed Feb 9 10:37:35 CST 2000 

On Wed, 9 Feb 2000, Chris Williams wrote:

> I'm waiting on the list-mom to approve my post that has those 2 files in
> it.
> 
> What we are trying to do is set up a VPN so that the client can access the
> LAN machines within the firewall.
> 
> Our impression about how the VPN works is that the client will appear
> (as far as tcp/ip is concerned) as he is on the LAN...  What's the point
> of setting up a VPN without encryption if the traffic from the client goes
> over the net anyway?  I thought that even traffic destined for some site
> not on out LAN would still go through our LAN after the VPN was setup and
> through our internet gateway...
> 
> Please correct me if I'm wrong...

Chris,

I think you may have made some incorrect assumptions about how PPTP/VPN
works. I'll detail how I've used it (which is similar to what you are
planning on, I think):

Here's the "typical" network setup that I've used pptp with:

-----------      -----------------       --------      --------------
| win lan |------| masq firewall |-------| 'net |------| win client |
-----------      -----------------       --------      --------------

Let's assume the following IP Addresses:

Windows Network:	192.168.0.0/24
	Unused IP's:	192.168.0.240-192.168.0.249
Masq Firewall:		192.168.0.254 & 10.0.0.1
"Internet": 		10.0.0.0/16
Windows Client:		10.0.1.1

Here is the PPTPD configuration I would use on the Firewall to make this work:

pptpd.conf:
localip 192.168.0.254
remoteip 192.168.0.240-249

So, the windows client dials in to the firewall, authenticates itself
(with the secrets set up in /etc/ppp/chap-secrets), and is given an ip
address between 192.168.0.240 and 192.168.0.249. You do _not_ give these
clients real internet ip's; you give them IP's in the private network.
Routes on the client machine should be configured to use the VPN interface
to reach the 192.168.0.n network, which is generally done automatically by
the program making the VPN connection (in this case, dial-up networking.)
To get encrypted traffic over this stream, you have to recompile your
kernel ppp modules and your ppp daemon, and configure /etc/ppp/options
differently.

Hope this helps you; I could also be totally wrong about what you are
trying to do. Maybe when your files come through I'll be able to tell
better..

-- 
Nate Carlson <carlson at real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500

More information about the pptp-server mailing list