[pptp-server] gre tunnels across a linux router
Eric H
eric at we-24-30-125-46.we.mediaone.net
Fri Jul 14 12:31:39 CDT 2000
What IP's are you using for your vpn server, firewall, and external
clients? (Both their real Internet IPs and the ones you're trying to
assign through poptop)... Also,
#=- ipchains -A forward -j MASQ -p 47 -s 192.168.1.0/24 -d 0/0
this rule might be a security loophole, since it looks like you might be
masq'ing your poptop connections, and possibly someone external to your
firewall could masq themselves if they broadcast using 192.168.1.x
(It's usually a good idea to use the '-i' flag to ensure you're masq'ing
only packets coming in from a certain interface, such as the one local to
your network)
On Fri, 14 Jul 2000, Shane Boulter wrote:
#=- Hello all
#=-
#=- I have a poptop vpn server running internall at our office. If you are
#=- connected to the internal network you can establish a vpn connection to the
#=- server without any problems. However our internal office ip's are all in
#=- the private ip range and there is a linux firewall as our gateway. I have
#=- forwarded ip port 1723 to the poptop box and i can see that in the logs it
#=- is trying to establish a connection. However it is failing when trying to
#=- establish a gre tunnel. I have changed my firewall to be wide open and got
#=- it to work from outside the office. Now what I would like to do is just
#=- open up enough on the firewall to allow gre tunnels to be established. The
#=- commands i have run are
#=-
#=- ipchains -A forward -j ACCEPT -p 47 -s 192.168.1.0/24 -d 192.168.1.0/24
#=- ipchains -A forward -j ACCEPT -p 47 -s $externalnet -d 0/0
#=- ipchains -A input -j ACCEPT -p 47 -s 192.168.1.0/24 -d 0/0
#=- ipchains -A output -j ACCEPT -p 47 -s 192.168.1.0/24 -d 0/0
#=-
#=- Unfortunately it still doesn't work. Anyone have any idea's on what else I
#=- need to do to get this to work?
#=-
#=- Thank you
#=- Shane
#=-
#=- _______________________________________________
#=- pptp-server maillist - pptp-server at lists.schulte.org
#=- http://lists.schulte.org/mailman/listinfo/pptp-server
#=- List services provided by www.schulteconsulting.com!
#=-
#=-
Eric Harashevsky (eharashe at mediaone.net)
----------------------------------------------------------------
I've got a mind like a.. a.. what's that thing called?
More information about the pptp-server
mailing list