[pptp-server] Martian packets and NetBIOS problems

Jim Roland jroland at roland.net
Thu Nov 1 10:39:36 CST 2001 

I have never been able to make 40-bit work among other freaky bugs.  Add the
Encryption pack to your Win2k client and enable mppe-128 in your options
file (disable/comment-out mppe-40) and it should work.


----- Original Message -----
From: "Matt Gavin" <mattgav at tempo.com.au>
To: "Leo Torio" <leo at maximsoftware.com>
Cc: "PPTPD User Group (E-mail)" <pptp-server at lists.schulte.org>
Sent: Wednesday, October 24, 2001 4:47 PM
Subject: RE: [pptp-server] Martian packets and NetBIOS problems


> You need to patch you PoPToP Vpn server to allow 128 Bit encryption. I
only
> have 40 Bit encryption enabled on my server at the moment have not had
time
> to look at 128 Bit. You can get the patch and documentation from
> http://poptop.lineo.com
>
> You should be able to connect with the Windows 2000 client with 40 Bit
> encryption enabled. If you are running Samba on your "Mini network" then
> accessing shared folders is another issue, I don't do this myself, but
again
> there are Docs on allowing SMB through the PoPToP at the PoPToP site as
> above.
>
> As for Ipchains, someone posted this earlier in the week:
>
> # IP network address of the PPTP network
> PPTPLAN="192.168.0.245/32"
> PPTPIF="ppp+"
>
> # IP network address of the internal network
> INTLAN="192.168.0.0/24"
> INTIF="eth0"
>
> EXTIF="eth1"
>
> UNIVERSE="0.0.0.0/0"
>
> BROADCAST="255.255.255.255"
>
> SECUREHOST=<snip... I only connect to my server from one IP address -
> use UNIVERSE instead if you want it wide open>
>
> # PPTP traffic
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST -d
> $EXTIP 1723
> /sbin/ipchains -A input -p 47 -j ACCEPT
>
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST 1723
> -d $UNIVERSE
> /sbin/ipchains -A output -p 47 -j ACCEPT
>
> # PPTP: need to allow all incoming traffic on PPTPIF
> /sbin/ipchains -A input -i $PPTPIF -s $PPTPLAN -d $INTLAN -j ACCEPT
>
> # PPTP: need to allow all outgoing traffic on PPTPIF
> /sbin/ipchains -A output -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
>
> # Enable TCP/IP forwarding between the PPTP network and the Internal LAN
> /sbin/ipchains -A forward -i $INTIF -s $PPTPLAN -d $INTLAN -j ACCEPT
> /sbin/ipchains -A forward -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT
>
> # DHCP traffic
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p udp -s $UNIVERSE bootpc
> -d $BROADCAST/0 bootps
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p tcp -s $UNIVERSE bootpc
> -d $BROADCAST/0 bootps
>
> # ICMP traffic (ping)
> /sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p icmp -s $UNIVERSE -d
> $EXTIP
>
> Matt Gavin
> Tempo Services Limited
> ~~~~~~~~~~~~~~~~~~~~~~
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
>

More information about the pptp-server mailing list