[pptp-server] Help with configuration!

Nate Carlson natecars at real-time.com
Wed Feb 9 14:37:25 CST 2000 

On Wed, 9 Feb 2000, Chris Williams wrote:

> The way we are setup is like this:
> 
>  -----------    -------------   --------   -------    --------------
>  | large   |    |           |   |      |   |     |    |            |
>  | campus  |----| firewall  |---| 'net |---| ISP |----| win client |
>  | network |    |           |   |      |   |     |    |            |
>  -----------    -------------   --------   -------    --------------
> 
> The PPTP server is actually within the large campus network with the ports
> opened at the firewall to let the PPTP traffic through.
> 
> This allows the client to dial into his ISP then start the VPN session.  I
> thought that this would mean that the windows machine would only route
> tcp/ip packets to/through the poptop server running inside the campus
> network.

If that is the behavior you would like, turn 'Use default gateway' on in
the connection profile on the winblows box.

> If I'm wrong then the client will route packets through the internet OR the
> pptp server, whichever it thinks it needs to, right?  If this is the case,
> what's the point of getting encryption working?  Why wouldn't the client
> trying to access a web site like netscape.com send those packets through the
> pptp server then they would be routed to the netscape server off campus?
> This way, the client will have a secure connection and be (in effect) behind
> a firewall.

Read above. The point of getting encryption working is the typical
business use of pptp -- for example, businesses that have salesmen on the
road and want them to be able to get access to the corporate network
(behind the firewall) without sending this vital information unencrypted
across the internet.

> Another big question:  If I'm wrong and the above is true about the routing,
> how in the heck can I test this setup?  If I go to the engineering web page,
> there are 2 different versions: one for people from off campus and one for
> people on campus.  When we set up the VPN adapter and try to go the
> engineering web page, we get the off campus one.

What do you mean by the engineering web page? I'm confused here; are YOU
the one trying to get the pptp server working, or are you a client trying
to get access to the pptp server?

> Do you understand my problem here?  Maybe you can clear up my incorrect
> assumptions.
> 
> Meanwhile, I'm still waiting on the list mom to either accept or decline my
> message with the logs attached.

You can forward them directly to me if you so desire.

-- 
Nate Carlson <carlson at real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500

More information about the pptp-server mailing list