[pptp-server] Why won't this work?!?

Vern H. Gill vgill at technologist.com
Tue Nov 14 18:55:27 CST 2000 

Actually, I stated this wrongly. It is not a problem when my box is
connected, it is when I am doing the ipchains stuff. Box is connected but
not masquing/forwarding, lan connection no problem. When
masquing/forwarding, lan and from outside connections no longer work. But,
others do, such as pcAnywhere to an internal box, and pptp connections to an
NT on internal lan. It is something specific to ipchains/poptop.

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Vern H. Gill
Sent: Tuesday, November 14, 2000 12:03 AM
To: 'PPTP List (E-mail)'
Cc: vgill at linus.yi.org; vgill at technologist.com
Subject: [pptp-server] Why won't this work?!?


When my box is NOT connected to the net, I can VPN in from another box on
the LAN just fine. As soon as I connect, the box no longer accepts the
connections. They just time out. The box is BOTH the router/gateway AND the
(hopefully) pptp server. This should work, right? Why doesn't it?
Here's what I've got
Kernel 2.2.16
pppd version 2.3.11
PoPToP v1.1.2
/lib/modules/2.2.16/net/ppp.o
/lib/modules/2.2.16/net/ppp_deflate.o
/lib/modules/2.2.16/net/ppp_mppe.o

Here are my corresponding ipchains/ipmasqadm/ipfwd entries
# All addresses
INTERNAL_IP=192.168.5.1
EXTERNAL_IP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' |
sed -e 's/.*://'`" (It's a dynamic address - shouldn't matter though,
right?)
ALLADDR=0/0
$IPCHAINS -A input -j ACCEPT -p tcp -s $ALLADDR 1723 -d $ALLADDR -v
$IPCHAINS -A output -j ACCEPT -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
$IPCHAINS -A forward -j MASQ -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             1723 ->
*
MASQ       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723

$IPCHAINS -A input -p 47 -j ACCEPT -v
$IPCHAINS -A output -p 47 -j ACCEPT -v
$IPCHAINS -A forward -p 47 -j MASQ -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 47
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       47   ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a

$IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
ipmasqadm portfw -l
prot localaddr          rediraddr          lport    rport  pcnt  pref
TCP  xxx.xxx.xxx.xxx    192.168.5.1        1723     1723    10    10

$IPFWD --masq --syslog $INTERNAL_IP 47 &

My pptpd.conf;
speed 115200
option /etc/ppp/options.pptp
debug
localip 192.168.5.1
remoteip 192.168.5.20-30
pidfile /var/run/pptpd.pid

My options.pptpd;
proxyarp
ms-dns 192.168.5.1
ms-dns 206.13.29.12
lock
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
require-chap
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 20
lcp-echo-interval 5
ms-wins 192.168.5.1
ms-wins 192.168.5.1

My options;
lock
persist
passive (tried without this too)

My chap-secrets;
DomainName\\username          *               secret         *

If you need more info, PLEASE let me know. I NEED this for when I am
traveling. Please also respond to me directly. Thank you.

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list