[pptp-server] PPTP client connection trough masqueraded firewall
Justin Kreger
lists at earthling.2y.net
Wed May 30 21:17:52 CDT 2001
What os is the firewall.... ? Linux? NT? Solaris/SunOS?
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
On Wed, 30 May 2001, Jerry Vonau wrote:
> Kurt:
>
> From: http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO
> Section 2.7:
>
> The PPTP RFC specifies in section 3.1.3 that there may only be one
> control channel connection between two systems. This should mean that
> you can only masquerade one PPTP session at a time with a given remote
> server, but in practice the MS implementation of PPTP does not enforce
> this, at least not as of NT 4.0 Service Pack 4. If the PPTP server
> you're trying to connect to only permits one connection at a time,
> it's following the protocol rules properly. Note that this does not
> affect a masqueraded server, only multiple masqueraded clients
> attempting to contact the same remote server.
>
> I guess POPTOP is following the RFC to the letter while MS doesn't......
> Can you install a PPTP client on the FW-1?
>
> Jerry Vonau
>
>
> Kurt Glazemakers wrote:
>
> > I'm sorry, the image totally screwed up by sending it, maybe this will
> > be more clear
> >
> > Linux PPTP server
> > |
> > |
> > ...
> > Internet
> > ...
> > |
> > |
> > 213.2.45.6
> > FW-1
> > 192.168.1.254/24
> > |
> > -------------
> > | |
> > PC-A PC-B
> > 192.168.1.1/24 192.168.1.2/24
> >
> > Yep, the internet address of the firewall is fixed, and yep PC-A or PC-B
> > is able to connect. Only both PPTP connections togheter don't work.
> >
> > I could make one connection and route it, but then I need an extra
> > machine, because PC-A and PC-B are laptop pc's. If possible I would like
> > to avoid it.
> >
> > -----Original Message-----
> > From: Justin Kreger [mailto:lists at earthling.2y.net]
> > Sent: woensdag 30 mei 2001 19:25
> > To: Kurt Glazemakers
> > Cc: pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] PPTP client connection trough masqueraded
> > firewall
> >
> > Your diagram is.... umm... not clear.. Dose the internet side of your
> > firewall have a static ip? Is it acceptable to have one connect to the
> > pptp server, and route between the two networks?
> >
> > Justin Kreger, MCP MCSE CCNA
> > jkreger at earthling.2y.net jwkreger at uncg.edu jkreger at aristotle.wss.net
> >
> > On Wed, 30 May 2001, Kurt Glazemakers wrote:
> >
> > >
> > > This is the setup I wanted to use:
> > > Machine A Checkpoint FW-1
> > > 192.168.1.1/24=======| |-----------|
> > > |-------------------|
> > > |==| |========....
> > > INTERNET ....======| Linux PPTP server |
> > > Machine B | | |
> > > | |
> > > 192.168.1.2/24=======| |-----------|
> > > |-------------------|
> > > 192.168.1.254/24 213.2.45.6
> > >
> > > Machine A and machine B needs to connect to the PPTP server and are
> > > using 2 different accounts.
> > >
> > > My question is: Is it possible to do this, can the PPTP protocol be
> > > masqueraded ? The TCP port 1723 will be offcourse no problem, but what
> > > about the GRE. Because 1 connection works, but a second fails ...
> > >
> > > Thanks,
> > >
> > > Kurt
> > > _______________________________________________
> > > pptp-server maillist - pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> > >
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
More information about the pptp-server
mailing list