[pptp-server] pptp through firewall

Christopher Kalos ckalos at gothambroadband.com
Mon Jul 23 09:30:05 CDT 2001 

	Thanks.  Simple solution to an annoying problem, after all.  I had a
feeling that it was some kind of forwarding issue, but didn't know what to
adjust.

CK

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Cowles, Steve
Sent: Thursday, July 19, 2001 6:11 PM
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] pptp through firewall


>
> Okay, here goes... Sorry about the confusion, I
> misinterpreted "remote end" as "client."
>
> 1) Cut/Paste of /var/log/messages for pptp connection from remote.
> Jul 19 12:11:29 thing pppd[17845]: pppd 2.3.11 started by root, uid 0
> Jul 19 12:11:29 thing pppd[17845]: Using interface ppp0
> Jul 19 12:11:29 thing pppd[17845]: Connect: ppp0 <--> /dev/pts/0
> Jul 19 12:11:32 thing pppd[17845]: CHAP peer authentication
> succeeded for vpnuser
> Jul 19 12:11:36 thing pppd[17845]: found interface eth0 for proxy arp
> Jul 19 12:11:36 thing pppd[17845]: local  IP address 192.168.200.240
> Jul 19 12:11:36 thing pppd[17845]: remote IP address 192.168.200.242
>
> 2) Cut/Paste of "ifconfig ppp0" after connection is brought up.
> ppp0      Link encap:Point-to-Point Protocol
>           inet addr:192.168.200.240  P-t-P:192.168.200.242
>           Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:72 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>
>
> 3) Cut/Paste of "netstat -rn"
> Kernel IP routing table
> Destination     Gateway   Genmask         Flags   MSS
> Window  irtt
> Iface
> 192.168.200.242 0.0.0.0   255.255.255.255 UH      0 0 0 ppp0
> 192.168.200.0   0.0.0.0   255.255.255.0   U       0 0 0 eth0
> 0.0.0.0         192.168.200.1   0.0.0.0   UG      0 0 0 eth0

The above looks good.

Are you sure you have ip_forwarding enabled on the PPTP server???

To verify type: cat /proc/sys/net/ipv4/ip_forward

If ip_forwarding is enabled, the above should print out "1", it not it
should print out "0"

To Enable/test ip_forwarding (temporarily), will not live thru a reboot:
echo "1" >/proc/sys/net/ipv4/ip_forward

Based on your linux disto, you can enable ip_forwarding (permanently) thru
gui's or edit either:
/etc/sysconfig/network
  or
/etc/sysctl.conf

and change the ip_frowarding variable to "1"

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list