FOLLOW UP: Re: [pptp-server] IPSec *over* PPtP

John Hovell john.hovell at home.com
Tue Sep 5 22:54:51 CDT 2000 

Hello all --

I solved the problem... IPSec over PPP is possible.  This is just wacky, but this
is what to do:

PGPnet only wants to bind to your "Dial Up Adapter" -- not #2 for VPN support as
one might logically think.  Bind it to "Dial Up" and it works like a charm.

This might actually be useful to people who aren't allowed to transmit protocols 50
or 51... since they can tunnel it all over tcp/1723 and still get IPSec data
encryption.

Cheers,
John


John Hovell wrote:

> Justin --
>
> This is because PGPnet sucks so much, that for no discernable reason when I try
> to bind PGPnet to my Ethernet card on one of the machines, I can't get any
> network connectivity.  I have reinstalled the ether card 3 times... and even
> installed the driver files manually by hand.  The card is a 3com PCMCIA 3c574
> Cardbus card.  It works beatifully without PGPnet... The reason I am doing the
> bass-ackwards configuration is because PGPnet will at least bind to the VPN
> dial-up adapter... but that may be just my problem.
>
> Any other ideas?  Thanks for your help...
>
> Cheers,
> John
>
> Justin Kreger wrote:
>
> > Why not setup two linux boxes to do the IPSec?  and just have the windows
> > boxes use pptp so they can browse the remote network if you dint setup your
> > ipsec wan so it passes the Browser List.
> > -LW
> >
> > -----Original Message-----
> > From: John Hovell [mailto:john.hovell at home.com]
> > Sent: Monday, September 04, 2000 1:58 AM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] IPSec *over* PPtP
> >
> > Hello all --
> >
> > I have some Win98 boxes that want to do IPSec over their PPTP
> > connection... just transport mode from one computer to another.  The
> > IPSec SA is currently successful (both phase 1 and 2).. everything seems
> > to be set up fine, until I atually try to send data.  If I try to ping
> > the remote VPN client from the IPSec machine on the local lan I get
> > (from tcpdump):
> >
> > 01:47:56.877612 < 172.16.0.4 > 172.16.0.175: ip-proto-50 76
> > 01:47:56.972086 > 172.16.0.175 > 172.16.0.4: icmp: 172.16.0.175 protocol
> > 50 unreachable
> >
> > If I do the same thing from the remote host I get:
> >
> > 01:53:07.586184 < 172.16.0.175 > 172.16.0.4: icmp: echo request
> >
> > (note the lack of encryption despite the *established* SA...)
> >
> > Do I need to somehow enable protocol 50 (and 51)?? IPchains forward is
> > set up to accept all traffic between these hosts.  There is no
> > masquerading between the two machines.
> >
> > Does anyone know what I am missing?  FYI, I am using PGPnet 6.5.8
> > Personal Privacy (freeware) on both Windows IPSec machines.
> >
> > TiA for any advice or help...
> >
> > Cheers,
> > John
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list