[pptp-server] PPTP client connection trough masqueraded firewall

Justin Kreger lists at earthling.2y.net
Wed May 30 21:17:52 CDT 2001


What os is the firewall.... ? Linux? NT? Solaris/SunOS?

Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net


On Wed, 30 May 2001, Jerry Vonau wrote:

> Kurt:
> 
> From:  http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO
> Section 2.7:
> 
>     The PPTP RFC specifies in section 3.1.3 that there may only be one
>   control channel connection between two systems. This should mean that
>   you can only masquerade one PPTP session at a time with a given remote
>   server, but in practice the MS implementation of PPTP does not enforce
>   this, at least not as of NT 4.0 Service Pack 4. If the PPTP server
>   you're trying to connect to only permits one connection at a time,
>   it's following the protocol rules properly.  Note that this does not
>   affect a masqueraded server, only multiple masqueraded clients
>   attempting to contact the same remote server.
> 
> I guess POPTOP is following the RFC to the letter while MS doesn't......
> Can you install a PPTP client on the FW-1?
> 
> Jerry Vonau
> 
> 
> Kurt Glazemakers wrote:
> 
> > I'm sorry, the image totally screwed up by sending it, maybe this will
> > be more clear
> >
> >         Linux   PPTP server
> >                   |
> >                   |
> >                  ...
> >              Internet
> >                  ...
> >                   |
> >                   |
> >            213.2.45.6
> >             FW-1
> >            192.168.1.254/24
> >                   |
> >           -------------
> >         |            |
> >       PC-A               PC-B
> >   192.168.1.1/24        192.168.1.2/24
> >
> > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B
> > is able to connect. Only both PPTP connections togheter don't work.
> >
> > I could make one connection and route it, but then I need an extra
> > machine, because PC-A and PC-B are laptop pc's. If possible I would like
> > to avoid it.
> >
> > -----Original Message-----
> > From: Justin Kreger [mailto:lists at earthling.2y.net]
> > Sent: woensdag 30 mei 2001 19:25
> > To: Kurt Glazemakers
> > Cc: pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] PPTP client connection trough masqueraded
> > firewall
> >
> > Your diagram is.... umm... not clear..   Dose the internet side of your
> > firewall have a static ip?  Is it acceptable to have one connect to the
> > pptp server, and route between the two networks?
> >
> > Justin Kreger, MCP MCSE CCNA
> > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
> >
> > On Wed, 30 May 2001, Kurt Glazemakers wrote:
> >
> > >
> > > This is the setup I wanted to use:
> > >       Machine A                 Checkpoint  FW-1
> > >    192.168.1.1/24=======|  |-----------|
> > > |-------------------|
> > >                               |==|               |========....
> > > INTERNET  ....======| Linux PPTP server |
> > >       Machine B               |  |               |
> > > |                         |
> > >    192.168.1.2/24=======|  |-----------|
> > > |-------------------|
> > >                       192.168.1.254/24     213.2.45.6
> > >
> > > Machine A and machine B needs to connect to the PPTP server and are
> > > using 2 different accounts.
> > >
> > > My question is: Is it possible to do this, can the PPTP protocol be
> > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what
> > > about the GRE. Because 1 connection works, but a second fails ...
> > >
> > > Thanks,
> > >
> > > Kurt
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 




More information about the pptp-server mailing list