[pptp-server] win2k, pptpd 1.2.2, pppd 2.4.0 and Linux 2.4.2

Sat Mar 31 11:31:03 CST 2001

I'm having the exact same problem.  All clients work except Win2K, which
completely sucks since that is all I use.  There must be a work around that
doesn't involve losing the encryption.

My pptpd server is right out infront, not behind any NATing
firewall....although the boxes I am accessing through the tunnel are using
behind a MASQing firewall.  Should matter really, since all the VPN routing
is done in the internal interfaces.

^_^_^_^_^_^_^_^_^_^_^_^

Christopher Tresco
Head Systems Administrator
MIT Dept of Economics
ctresco at mit.edu

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of robert
Sent: Saturday, March 31, 2001 12:11 PM
To: Charlie Brady
Cc: Keith T. Garner; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] win2k, pptpd 1.2.2, pppd 2.4.0 and Linux
2.4.2

?= <Pine.LNX.4.30.0103302205220.3883-100000 at allspice.ottawa.e-smith.com>
MIME-Version: 1.0
Message-Id: <01033111104400.11294 at linux>
Content-Transfer-Encoding: 8bit

On Friday 30 March 2001 21:08, Charlie Brady wrote:
> On Fri, 30 Mar 2001, robert wrote:
> > Has anyone gotten W2K with encryption working on a pptpd setup running
> > 2.2 kernel series and/or pppd 2.3 series?
> >
> > To answer your question, the setup works fine with both windows 98 and
95
> > clients.  I don't have access to w2k or me clients to test.
> >
> > Out of curiosity, is the w2k using NAT?  According to M$: If the Virtual
> > Private Network (VPN) client is behind any network device performing
> > Network Address Translation (NAT), the L2TP session fails because
> > encrypted IPSec Encapsulating Security Payload (ESP) packets become
> > corrupted.
>
> Perhaps they mean that Authentication Header (AH) packets include an IP
> component in the hash, and can't be masqueraded. AH packets are another
> type of IP packet, as are GRE (used by PPTP) and ESP. AH and ESP are part
> of the IPSec architecture, and may be used by IPSec clients. They could
> also be wrapped around GRE packets, I guess.
>
> Are you use that the M$ posting concerned PPTP VPN, and not IPSEC?
>
>   Charlie Brady                         charlieb at e-smith.com
<snip>

Probably yes.  However, since noone seems to know how to fix the problem, I
figured I take a shot or two into the dark.  Sometimes you get lucky ;)  In
any case, since IPSec and PPTP serve pretty much the same purpose, a
solution
to a problem with one *MIGHT* be a solution to the other.

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!