[pptp-server] IP/MAC Theft
Charlie Brady
charlieb at e-smith.com
Wed Apr 18 14:39:16 CDT 2001
On Wed, 18 Apr 2001, Trevor Benson wrote:
> From your writing though, my Poptop server should be claiming address's of
> machines that are remote to this location, so that it will direct packets
> back out to them. My problem is that the firewalls internal interface is
> respondint to lets say 192.168.1-20 (all LOCAL servers that remote VPN
> clients connect to). This there is a ARP for who is Server1 and VPN responds
> as being that MAC/IP combo. Not the external host trying to access this
> server. Thus not taking over adrress's of my VPN clients with Proxy arps.
> But taking over my internal machines that are the servers the clients wish
> to reach, thus knocking them out for intervals of up to 5 minutes or more
> since the cashing of the ARP entry says on the switch to send all packets
> for Server1 TO Poptop1, not send all packets for VPNClient1 to Poptop1.
> Causing my network to fail in essence when everyone is dropped from their
> server connections. I would assume from your description this is not the
> intended results....
Check your pptp configuration and be doubly sure that you are not
allocating internal addresses to your PPTP clients.
Other than that, I can't offer you any more advice.
Cheers.
--
Charlie Brady charlieb at e-smith.com
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
More information about the pptp-server
mailing list