[pptp-server] pptp, gre, adsl firewllas and nat
Justin Kreger
lists at earthling.2y.net
Thu May 24 17:17:10 CDT 2001
It depends. Some intergrated little NAT/Firewall solutions do need
patches, and are not very good. Linux boxes to Masquerade pptp traffic,
generally need a patch (linux 2.2), Linux 2.4, I haven't noticed any true
genuin need yet... I am told atleast one connection should work just
fine. As for Strait NAT in linux, you shouldn't need any patches. Our
server where I work is behind a Linux 2.4 firewall with SNAT and DNAT
configured for that box, and we have absoloutly no problems with multiple
tunnels to it.
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
On 26 May 2001, John Leach wrote:
> On 23 May 2001 09:37:13 +1000, George Vieira wrote:
>
> > Don't you need a kernel patch for NATed machines? forgot the name..
>
> Really? I didn't know about this... have you any more information?
>
> I'll check the website again myself, thanks
>
> >
> >
> > thanks,
> > George Vieira
> >
> >
> > -----Original Message-----
> > From: John Leach [mailto:john at ecsc.co.uk]
> > Sent: Tuesday, May 22, 2001 9:37 AM
> > To: pptp-server mailing list
> > Subject: [pptp-server] pptp, gre, adsl firewllas and nat
> >
> >
> > Hello, I've been playing with pptpd with much success, but am having
> > troubles getting it to work in one particular scenario.
> >
> > I have 2 linux boxes, connect over the internet via a bridged cable
> > internet connection on one end, and a natted adsl connection complements
> > of the friendly British Telecom.
> >
> > I'm using the linux client, and can connect to both boxes via their
> > local LANs fine, all works great.
> >
> > When I try to connect over the internet things go terribly wrong. The
> > port connects and the gre gets set up, ppp starts and seems to get
> > going, but then I get LCP: ConfigRequest timeout errors (in my syslog).
> >
> > I've found a bit of info on this message re: generic ppp problems. and
> > have tried a few suggested solutions, for example playing with my mru
> > and mtu settings, but to no avail.
> >
> > I'm worried this is caused by the NATing of the adsl router. I've
> > tcpdumped traffic at both ends and observed seemingly normal gre and tcp
> > traffic, so I'm pretty sure the router understands gre. Could gre be
> > being affected by the natting, like ipsec does? (even tho ipsec is only
> > affected because the changes in the packets by the NAT breaks the
> > security measures, and gre has no such security measure I know of).
> >
> > Has anyone else had similar problems? I'm going to try this connection
> > to a 3rd box on a real leased line, using the current boxes as a client
> > one at a time to see if I can rule either of them out.
> >
> > I'll submit more details when I get them.
> >
> > John Leach.
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
More information about the pptp-server
mailing list