[pptp-server] PPTP behind a Firewall

Tom Eastep teastep at seattlefirewall.dyndns.org
Mon Apr 16 18:04:53 CDT 2001


Thus spoke John McKendry:

> Robert Dege wrote:
> >
> > Perhaps someone can help me here.  I am trying (exhaustively) to get my
> > PPTP server behind a firewall.  I believe that I almost have it working,
> > but one minor thing stands in my way.
> >
> > I receive this message on the firewall when attempting a PPTP connection:
> >
> > Apr 16 13:22:47 odo kernel: ip_masq_gre(): creating GRE masq for
> > 172.28.254.46 -> 12.19.228.58 CID=0 MCID=643A
> > Apr 16 13:22:47 odo kernel: ip_demasq_gre(): 12.19.228.58 ->
> > 12.19.228.52 CID=0 no masq table, discarding
> >
> > For some reason, the MASQID is getting lost between the masqing &
> > demasq'ing of the GRE packets.
> >
>  You should be seeing ip_<masq|demasq>_pptp() messages. Are you using the Linux
> PPTP client? I found that the commonly available Linux client uses the
> wrong CallID once a PPTP session is established, and it causes the
> sort of symptom you're seeing - masquerading doesn't recognize the
> traffic as PPTP and tries to handle it as plain GRE.

I have a patch to pptp-linux that corrects that problem:

	ftp://seattlefirewall.dyndns.org/pub/patches/callid.patch

-Tom
-- 
Tom Eastep             \ Alt Email: tom at seattlefirewall.dyndns.org
ICQ #60745924           \ Websites: http://seawall.sourceforge.net
teastep at evergo.net       \          http://seattlefirewall.dyndns.org
Shoreline, Washington USA \         http://shorewall.sourceforge.net
                           \_________________________________________




More information about the pptp-server mailing list