[pptp-server] URGENT-- need help (Linux pptp server/win clien ts through the fir ewall)

Cowles, Steve Steve.Cowles at gte.net
Fri Mar 10 10:54:44 CST 2000 

-----Original Message-----
From: Jandeep Kang [mailto:jandeep at interspeed.com]
Sent: Friday, March 10, 2000 10:19 AM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clients
through the fir ewall)
Importance: High


Hi, 
We have set up the Linux pptp server and have win 98/ NT clients. The server
sits behind a firewall (also linux). I can connect to the Linux PPTP server
using NT/98 from within the network but can't do it through the firewall. We
have the tcp port 1723 redirected through the firewall to the PPTP server
and are forwarding the GRE protocol using Ipfwd to the linux PPTP server. I
can see the Ipfwd in action using the debug mode but I can't establish a
connection. The excerpts from log on the linux box says the following:
pppd[1208] : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic
0xf2ab6569> <pcomp> <accomp>] 
last message repeated 9 times 
pppd[1208] : LCP: timeout sending Config-Requests 
pppd[1208]: Connection terminated. 
pppd[1208]: Exit. 
pptpd[1207] : GRE: read(fd=4, buffer=804d7c0, len=8196) from PTY failed:
status = -1 error = input/output error 
pptpd[1207] : CTRL: PTY read or GRE write failed (pty,gre)=(4,5) 
pptpd[1207] : CTRL: Client x.x.x.x control connection finished 
the client is a win98 SE. 
where is the problem? Is it a problem with PPP implementation on Linux box?
I would really appreciate it if someone who has a similar configuration
could shed some light on it. 
Thanks a lot. 

-----------------------------
Have you applied John Hardin's pptp masq patch to the kernel on your
firewall? This is necessary in addition to ipfwd and port forwarding of port
1723. I use ipmasqadm to port forward 1723.

On my firewall (running 2.2.14), I see the following when a pptp connection
is allowed through my firewall to my internal poptop/pppd server.

Mar  9 07:44:50 firewall kernel: ip_masq_gre(): creating GRE masq for
192.168.9.3 -> xxx.xxx.xxx.xxx CID=0 MCID=1F18

The xxx is the remote system's IP address.

Also, your ipchain rules need to be setup to allow proto 47 and port 1723.

Checkout this site to obtain the patch.

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html


Steve Cowles

More information about the pptp-server mailing list