[pptp-server] PPTP behind a Firewall
Tom Eastep
teastep at seattlefirewall.dyndns.org
Mon Apr 16 18:04:53 CDT 2001
Thus spoke John McKendry:
> Robert Dege wrote:
> >
> > Perhaps someone can help me here. I am trying (exhaustively) to get my
> > PPTP server behind a firewall. I believe that I almost have it working,
> > but one minor thing stands in my way.
> >
> > I receive this message on the firewall when attempting a PPTP connection:
> >
> > Apr 16 13:22:47 odo kernel: ip_masq_gre(): creating GRE masq for
> > 172.28.254.46 -> 12.19.228.58 CID=0 MCID=643A
> > Apr 16 13:22:47 odo kernel: ip_demasq_gre(): 12.19.228.58 ->
> > 12.19.228.52 CID=0 no masq table, discarding
> >
> > For some reason, the MASQID is getting lost between the masqing &
> > demasq'ing of the GRE packets.
> >
> You should be seeing ip_<masq|demasq>_pptp() messages. Are you using the Linux
> PPTP client? I found that the commonly available Linux client uses the
> wrong CallID once a PPTP session is established, and it causes the
> sort of symptom you're seeing - masquerading doesn't recognize the
> traffic as PPTP and tries to handle it as plain GRE.
I have a patch to pptp-linux that corrects that problem:
ftp://seattlefirewall.dyndns.org/pub/patches/callid.patch
-Tom
--
Tom Eastep \ Alt Email: tom at seattlefirewall.dyndns.org
ICQ #60745924 \ Websites: http://seawall.sourceforge.net
teastep at evergo.net \ http://seattlefirewall.dyndns.org
Shoreline, Washington USA \ http://shorewall.sourceforge.net
\_________________________________________
More information about the pptp-server
mailing list