[pptp-server] PPTP client connection trough masqueraded firewall

Jerry Vonau jvonau at home.com
Wed May 30 18:03:15 CDT 2001


Kurt:

From:  http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO
Section 2.7:

    The PPTP RFC specifies in section 3.1.3 that there may only be one
  control channel connection between two systems. This should mean that
  you can only masquerade one PPTP session at a time with a given remote
  server, but in practice the MS implementation of PPTP does not enforce
  this, at least not as of NT 4.0 Service Pack 4. If the PPTP server
  you're trying to connect to only permits one connection at a time,
  it's following the protocol rules properly.  Note that this does not
  affect a masqueraded server, only multiple masqueraded clients
  attempting to contact the same remote server.

I guess POPTOP is following the RFC to the letter while MS doesn't......
Can you install a PPTP client on the FW-1?

Jerry Vonau


Kurt Glazemakers wrote:

> I'm sorry, the image totally screwed up by sending it, maybe this will
> be more clear
>
>         Linux   PPTP server
>                   |
>                   |
>                  ...
>              Internet
>                  ...
>                   |
>                   |
>            213.2.45.6
>             FW-1
>            192.168.1.254/24
>                   |
>           -------------
>         |            |
>       PC-A               PC-B
>   192.168.1.1/24        192.168.1.2/24
>
> Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B
> is able to connect. Only both PPTP connections togheter don't work.
>
> I could make one connection and route it, but then I need an extra
> machine, because PC-A and PC-B are laptop pc's. If possible I would like
> to avoid it.
>
> -----Original Message-----
> From: Justin Kreger [mailto:lists at earthling.2y.net]
> Sent: woensdag 30 mei 2001 19:25
> To: Kurt Glazemakers
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] PPTP client connection trough masqueraded
> firewall
>
> Your diagram is.... umm... not clear..   Dose the internet side of your
> firewall have a static ip?  Is it acceptable to have one connect to the
> pptp server, and route between the two networks?
>
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
>
> On Wed, 30 May 2001, Kurt Glazemakers wrote:
>
> >
> > This is the setup I wanted to use:
> >       Machine A                 Checkpoint  FW-1
> >    192.168.1.1/24=======|  |-----------|
> > |-------------------|
> >                               |==|               |========....
> > INTERNET  ....======| Linux PPTP server |
> >       Machine B               |  |               |
> > |                         |
> >    192.168.1.2/24=======|  |-----------|
> > |-------------------|
> >                       192.168.1.254/24     213.2.45.6
> >
> > Machine A and machine B needs to connect to the PPTP server and are
> > using 2 different accounts.
> >
> > My question is: Is it possible to do this, can the PPTP protocol be
> > masqueraded ? The TCP port 1723 will be offcourse no problem, but what
> > about the GRE. Because 1 connection works, but a second fails ...
> >
> > Thanks,
> >
> > Kurt
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list