[pptp-server] Why won't this work?!?
Vern H. Gill
vgill at technologist.com
Tue Nov 14 02:02:32 CST 2000
When my box is NOT connected to the net, I can VPN in from another box on
the LAN just fine. As soon as I connect, the box no longer accepts the
connections. They just time out. The box is BOTH the router/gateway AND the
(hopefully) pptp server. This should work, right? Why doesn't it?
Here's what I've got
Kernel 2.2.16
pppd version 2.3.11
PoPToP v1.1.2
/lib/modules/2.2.16/net/ppp.o
/lib/modules/2.2.16/net/ppp_deflate.o
/lib/modules/2.2.16/net/ppp_mppe.o
Here are my corresponding ipchains/ipmasqadm/ipfwd entries
# All addresses
INTERNAL_IP=192.168.5.1
EXTERNAL_IP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' |
sed -e 's/.*://'`" (It's a dynamic address - shouldn't matter though,
right?)
ALLADDR=0/0
$IPCHAINS -A input -j ACCEPT -p tcp -s $ALLADDR 1723 -d $ALLADDR -v
$IPCHAINS -A output -j ACCEPT -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
$IPCHAINS -A forward -j MASQ -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 1723
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 1723 ->
*
MASQ tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
1723
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
1723
$IPCHAINS -A input -p 47 -j ACCEPT -v
$IPCHAINS -A output -p 47 -j ACCEPT -v
$IPCHAINS -A forward -p 47 -j MASQ -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 47
ACCEPT 47 ------ 0.0.0.0/0 0.0.0.0/0 n/a
MASQ 47 ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT 47 ------ 0.0.0.0/0 0.0.0.0/0 n/a
$IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
ipmasqadm portfw -l
prot localaddr rediraddr lport rport pcnt pref
TCP xxx.xxx.xxx.xxx 192.168.5.1 1723 1723 10 10
$IPFWD --masq --syslog $INTERNAL_IP 47 &
My pptpd.conf;
speed 115200
option /etc/ppp/options.pptp
debug
localip 192.168.5.1
remoteip 192.168.5.20-30
pidfile /var/run/pptpd.pid
My options.pptpd;
proxyarp
ms-dns 192.168.5.1
ms-dns 206.13.29.12
lock
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
require-chap
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 20
lcp-echo-interval 5
ms-wins 192.168.5.1
ms-wins 192.168.5.1
My options;
lock
persist
passive (tried without this too)
My chap-secrets;
DomainName\\username * secret *
If you need more info, PLEASE let me know. I NEED this for when I am
traveling. Please also respond to me directly. Thank you.
More information about the pptp-server
mailing list