[pptp-server] pptp, gre, adsl firewllas and nat

John Leach john at ecsc.co.uk
Wed May 23 12:24:39 CDT 2001


On 23 May 2001 10:24:48 -0400, Christopher Tresco wrote:
> Are you NATing protocol 47?? That is the gre protocol.

Yes, I've made sure of this on the BT adsl router by adding it to the
forwarded list of protocols.  I can't be too sure of the config of the
cable side, but it is just bridged directly to my box, so things should
be fine.  

I've also observed gre traffic at both ends using tcpdump, so it's
getting thru the routers ok, I'm concerned its being manged in some
manner tho.

> 
> 
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of John Leach
> > Sent: Monday, May 21, 2001 7:37 PM
> > To: pptp-server mailing list
> > Subject: [pptp-server] pptp, gre, adsl firewllas and nat
> > 
> > 
> > Hello, I've been playing with pptpd with much success, but am having
> > troubles getting it to work in one particular scenario.
> > 
> > I have 2 linux boxes, connect over the internet via a bridged cable
> > internet connection on one end, and a natted adsl connection complements
> > of the friendly British Telecom.
> > 
> > I'm using the linux client, and can connect to both boxes via their
> > local LANs fine, all works great.
> > 
> > When I try to connect over the internet things go terribly wrong.  The
> > port connects and the gre gets set up, ppp starts and seems to get
> > going, but then I get LCP: ConfigRequest timeout errors (in my syslog).
> > 
> > I've found a bit of info on this message re: generic ppp problems. and
> > have tried a few suggested solutions, for example playing with my mru
> > and mtu settings, but to no avail.
> > 
> > I'm worried this is caused by the NATing of the adsl router.  I've
> > tcpdumped traffic at both ends and observed seemingly normal gre and tcp
> > traffic, so I'm pretty sure the router understands gre.  Could gre be
> > being affected by the natting, like ipsec does?  (even tho ipsec is only
> > affected because the changes in the packets by the NAT breaks the
> > security measures, and gre has no such security measure I know of).
> > 
> > Has anyone else had similar problems?  I'm going to try this connection
> > to a 3rd box on a real leased line, using the current boxes as a client
> > one at a time to see if I can rule either of them out.
> > 
> > I'll submit more details when I get them.
> > 
> > John Leach.
> > 
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> > 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 




More information about the pptp-server mailing list