[pptp-server] NAT?
robert
berzerke at swbell.net
Tue Mar 27 11:57:16 CST 2001
To get ipchains and pptpd to work together with NAT, you must patch your
kernel (and in do so, you also patch ipchains). Standard ipchains will fail
when used with NAT.
On Tuesday 27 March 2001 09:42, Marc Charbonneau wrote:
> Your NAT doesn't seem to handle the GRE protocol correctly.
>
> What is you NAT ? if it's a Linux-box, you have to apply a patch to your
> kernel for it to handle-it correctly.
>
> HTH
> ----- Original Message -----
> From: <pptplist at mail.doris.cc>
> To: <pptp-server at lists.schulte.org>
> Sent: Tuesday, March 27, 2001 10:10 AM
> Subject: [pptp-server] NAT?
>
> > I am running pptp on a linux box and connecting with a win2000 client
> > over the internet and having problems with NAT.
> >
> > Here is what I have in my options file.
> >
> > lock
> > auth
> > debug
> > proxyarp
> > require-chap
> > +chap
> > +chapms
> > +chapms-v2
> > mppe-40
> > mppe-128
> > mppe-stateless
> > name pptpd
> >
> > When my Windows 2000 Client connects from a static IP address everything
> > works fine. When my Windows 2000 client tries to connect from a NAT'd
> > connection, I get a error 619, specified port is not connected.
> >
> > Here is what I see in my log files.
> >
> > Mar 27 10:02:01 mail pptpd[4027]: CTRL: Client xxx.xxx.xxx.xxx control
>
> connection started
>
> > Mar 27 10:02:01 mail pptpd[4027]: CTRL: Starting call (launching pppd,
>
> opening GRE)
>
> > Mar 27 10:02:01 mail kernel: CSLIP: code copyright 1989 Regents of the
> > University of California
> > Mar 27 10:02:01 mail kernel: PPP: version 2.3.7 (demand dialling)
> > Mar 27 10:02:01 mail kernel: PPP line discipline registered.
> > Mar 27 10:02:01 mail kernel: registered device ppp0
> > Mar 27 10:02:01 mail pppd[4028]: pppd 2.3.11 started by root, uid 0
> > Mar 27 10:02:01 mail pppd[4028]: Using interface ppp0
> > Mar 27 10:02:01 mail pppd[4028]: Connect: ppp0 <--> /dev/pts/3
> > Mar 27 10:02:01 mail pptpd[4027]: GRE: Discarding duplicate packet
> > Mar 27 10:02:31 mail pppd[4028]: LCP: timeout sending Config-Requests
> > Mar 27 10:02:31 mail pppd[4028]: Connection terminated.
> > Mar 27 10:02:31 mail pppd[4028]: Exit.
> > Mar 27 10:02:31 mail pptpd[4027]: GRE: read(fd=5,buffer=804d8c0,len=8196)
> > from PTY failed: status = -1 error = Input/output error
> > Mar 27 10:02:31 mail pptpd[4027]: CTRL: PTY read or GRE write failed
>
> (pty,gre)=(5,6)
>
> > Mar 27 10:02:31 mail pptpd[4027]: CTRL: Client xxx.xxx.xxx.xxx control
>
> connection finished
>
> > I have the following set up in my ipchains table
> >
> > ipchains -A forward -i eth0 -s 192.168.100.0/24 -d 192.168.100.0/24 -j
>
> MASQ
>
> > ipchains -A output -s 192.168.100.0/24 -d 192.168.100.0/24 -j ACCEPT
> > ipchains -A input -s 192.168.100.0/24 -d 192.168.100.0/24 -j ACCEPT
> >
> > I have this set up in pptp.conf
> >
> > localip 192.168.100.210-214
> > remoteip 192.168.100.215-218
> >
> >
> > Everything seems to work when the client has a static IP, just not when
> > NAT'd. Any ideas? I know I am missing something somewhere.
> >
> > Thanks,
> >
> > Dustin Doris
> >
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list