[pptp-server] VPN client using NAT
Tom Eastep
teastep at seattlefirewall.dyndns.org
Tue Jul 10 17:49:32 CDT 2001
On Tuesday 10 July 2001 02:34 pm, Tom Eastep wrote:
> On Tuesday 10 July 2001 02:28 pm, Jerome Rock wrote:
> > I have POPTOP running successfully on a red hat 7.0 system. Windows
> > client can VPN into the machine w/o a problem UNLESS the client is behind
> > a firewall. Granted it might be the firewall. I've tried behind a Linux
> > firewall and I allow output for TCP and UDP 1723 and TCP protocol 47
> > (GRE) and it my windows VPN client still tells me the specific port is
> > not connected.
> >
> > What am I doing wrong?
>
> The Linux firewall has to have the VPN masq patches applied to the kernel;
> have you done that?
>
Pardon me for following up my own post but I realized after replying that RH7
has the VPN patches applied. So you only need to "modprobe ip_masq_pptp"
during your firewall startup.
You will of course also need to allow input of non-SYN TCP port 1723 (you
don't need UDP) and input of protocol 47.
-Tom
--
Tom Eastep \ tom at seattlefirewall.dyndns.org
ICQ #60745924 \ http://seattlefirewall.dyndns.org
Shoreline, Washington \__________________________________________
More information about the pptp-server
mailing list