[pptp-server] IPSec *over* PPtP

John Hovell john.hovell at home.com
Mon Sep 4 00:58:21 CDT 2000

Hello all --

I have some Win98 boxes that want to do IPSec over their PPTP
connection... just transport mode from one computer to another.  The
IPSec SA is currently successful (both phase 1 and 2).. everything seems
to be set up fine, until I atually try to send data.  If I try to ping
the remote VPN client from the IPSec machine on the local lan I get
(from tcpdump):

01:47:56.877612 < > ip-proto-50 76
01:47:56.972086 > > icmp: protocol
50 unreachable

If I do the same thing from the remote host I get:

01:53:07.586184 < > icmp: echo request

(note the lack of encryption despite the *established* SA...)

Do I need to somehow enable protocol 50 (and 51)?? IPchains forward is
set up to accept all traffic between these hosts.  There is no
masquerading between the two machines.

Does anyone know what I am missing?  FYI, I am using PGPnet 6.5.8
Personal Privacy (freeware) on both Windows IPSec machines.

TiA for any advice or help...


More information about the pptp-server mailing list