[pptp-server] pptp, gre, adsl firewllas and nat

[John Leach]

Hello, I've been playing with pptpd with much success, but am having
troubles getting it to work in one particular scenario.

I have 2 linux boxes, connect over the internet via a bridged cable
internet connection on one end, and a natted adsl connection complements
of the friendly British Telecom.

I'm using the linux client, and can connect to both boxes via their
local LANs fine, all works great.

When I try to connect over the internet things go terribly wrong.  The
port connects and the gre gets set up, ppp starts and seems to get
going, but then I get LCP: ConfigRequest timeout errors (in my syslog).

I've found a bit of info on this message re: generic ppp problems. and
have tried a few suggested solutions, for example playing with my mru
and mtu settings, but to no avail.

I'm worried this is caused by the NATing of the adsl router.  I've
tcpdumped traffic at both ends and observed seemingly normal gre and tcp
traffic, so I'm pretty sure the router understands gre.  Could gre be
being affected by the natting, like ipsec does?  (even tho ipsec is only
affected because the changes in the packets by the NAT breaks the
security measures, and gre has no such security measure I know of).

Has anyone else had similar problems?  I'm going to try this connection
to a 3rd box on a real leased line, using the current boxes as a client
one at a time to see if I can rule either of them out.

I'll submit more details when I get them.

John Leach.