[pptp-server] a Cosmetic problem

Cowles, Steve Steve at SteveCowles.com
Thu Dec 6 08:44:33 CST 2001 

> -----Original Message-----
> From: Joe Polcari [mailto:Joe at polcari.com]
> Sent: Wednesday, December 05, 2001 11:20 PM
> To: Cowles, Steve
> Cc: 'pptp-server at lists.schulte.org'
> Subject: Re: [pptp-server] a Cosmetic problem
> 
> 
> Ok, maybe I'm not explaining this clearly.
>
> It looks as though all of you are using your linux firewalls 
> to not only establish a VPN, but then allow your windows
> laptops to make a ppp connection to the firewall and
> magically connect to the VPN. With what you call PopTop?
> I think I am doing something different.
> 
> I am using my linux firewall also to establish the VPN BUT 
> then I connect the VPN to my local network. It looks just
> like a subnet, thanks to NAT.

Ah!! Finally some clarity. Your using PPTP to establish (what I term) a
LAN-to-LAN tunnel from your firewall, not a HOST-to-LAN tunnel (road
warriors).

Personally, I have never configured a PPTP tunnel/Firewall for LAN-to-LAN
operation. I have always used IPSEC for this. Although, I don't see why PPTP
should not work you. Basically, your just using a different protocol for the
VPN. The routing/firewall issues would be identical.

> My firewall then becomes a gateway to the VPN network in
> the same way as it would normally be a gateway to the internet.
> I change routes and local nameserver configuration as well so
> that any system on my home network can connect to any system,
> either on my home network, or the corporate network,
> simultaneously using hostname or IP address.

Based on what you have posted so far, it sounds like you have resolved the
basic firewall/routing issues when dealing with a LAN-to-LAN tunnel.

> 
> This works great except for the http thing, and the fact that 
> I can't browse the corporate network, which I don't care about
> anyway since I can still connect to any system via ssh and via
> a \\host\share on windows and any other way you can think of
> except http to any url other than the root of the web server
> and to the MS Exchange server using Outlook.
> 

Your http access problem is really odd -- as another poster to this list
suggested, I would run ethereal/tcpdump an analyze every packet flying
across the vpn. Something is wrong here (duh!) with either routing or
possibly a firewall rule blocking access. 

Another thought that comes to mind... Are you sure the URL's your trying to
access are not redirects to another web server???

Good Luck
Steve Cowles

More information about the pptp-server mailing list