[pptp-server] PPTP behind a Firewall
Robert Dege
rcd at amherst.com
Tue Apr 17 07:50:55 CDT 2001
Thanks for the reply. Unfortunately, I am not using the PPTP client at
the moment. I am using a Win98 box.
Here's what happens:
1. Win98 box tries to make a PPTP connection.
2. For some odd reason, ip_masq_pptp module does not load by default.
I have to manually insmod it. Once I do that, I start to receive the
ip_masq_gre errors. Yet, lsmod claims that ip_masq_pptp is unused:
Module Size Used by
ip_masq_pptp 6848 0 (unused)
ip_masq_ftp 2656 1
(Do I possibly have to add something to the modules.conf file???)
3. Debugging info shows:
Apr 16 13:22:47 odo kernel: ip_masq_gre(): creating GRE masq for
172.28.254.46 -> 12.19.228.58 CID=0 MCID=643A
Apr 16 13:22:47 odo kernel: ip_demasq_gre(): 12.19.228.58 ->
12.19.228.52 CID=0 no masq table, discarding
This occurs during the inital handshake. Doing a tcpdump on IP 47 shows
that the packets are still being passed to the pptp server & received
back despite the debugging messages.
4. PPTP on the Win98 box finally fails due to timeout.
I can post the PPTP server debugging info if anybody thinks it will help.
Any response is appreciated.
-Rob
>> You should be seeing ip_<masq|demasq>_pptp() messages. Are you using the Linux
>> PPTP client? I found that the commonly available Linux client uses the
>> wrong CallID once a PPTP session is established, and it causes the
>> sort of symptom you're seeing - masquerading doesn't recognize the
>> traffic as PPTP and tries to handle it as plain GRE.
>
>
> I have a patch to pptp-linux that corrects that problem:
>
> ftp://seattlefirewall.dyndns.org/pub/patches/callid.patch
>
> -Tom
More information about the pptp-server
mailing list