[pptp-server] Success! :) mostly .... and some questions ...
Paul Reed
paul at bsdc.ca
Tue Oct 2 18:02:10 CDT 2001
RedHat 7.1 i386
kernels 2.4.4 and 2.4.9 w/patch:
- linux-2.4.4-openssl-0.9.6a-mppe.patch.gz
ppp-2.4.1 w/patches:
- ppp-2.4.1-MSCHAPv2-fix.patch.gz
- ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
pptpd-1.0.1
pptp-linux-1.0.2
NOTE: - Had problems getting ppp_mppe.o to compile with kernel.
- FIX: in kernel configuration, make sure ppp is tagged as a module '(M)' -- NOT staticly linked '(*)'.
###########################
# my options.pptpd:
name *
lock
mtu 1490
mru 1490
proxyarp
auth
+chap
#+chapms #This one is optional and my be omitted.
+chapms-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
mppe-128
mppe-40
mppe-stateless
###########################
# IPTABLES VPN connect allow (allows vpn connect on all interfaces):
iptables -A INPUT -p tcp --dport 1723 ! --syn -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 --syn -m limit --limit 2/s -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
###########################
# Script to connect from another linux box (my internal network is 192.168.1.0/24, remote network is 192.168.0.0/24):
pptp $VPNSERVERIP name $VPNUSERNAME +chapms +chapms-v2 mppe-128 mppe-stateless -deflate noauth
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.254 ppp1
###########################
# IPTABLES rules to masq to the vpn network.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
###########################
Client VPN Connections tested using mppe-128 from:
- Windows ME
- Windows XP
- RedHat-7.1 using pptp-linux (connect script above)
(RH7.1 tested with static ip and through a pppoe connection)
###########################
Possible Issues .. and wierd things .. :)
- Cannot connect using windows networking from one net to the other using linux 2.4.4 kernel
I.e. 192.168.1.6 --> //192.168.0.253/)
It works in the 2.4.9 kernel for me though .. I think there was a new IP to IP tunnel option or something, maybe that was it...)
can anyone confirm?
- Cannot connect to remote vpn server from behind an IPTALBLES Firewall/Masqueade gateway...
netstat on both boxes reveils a non-priviliged connection from the vpn server to the client that isn't making it in though the NAT/FW gateway.
The gateway itself can connect using pptp-linux, but any box behind it can't.
As a temporary solution, i've just routed through the nat/fw gateway's pptp vpn connection to the vpn server. (see above scripts)
I would rather connect from my windows box that is behind the gw.
Any ideas?
Iptables rules maybe?
###########################
About to test with 2.4.10 (although i forsee no new issues .. :)
Anyways ... thanks for the help list! :)
I'm up and running... :)
Paul Reed
paul at bsdc.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20011002/66418351/attachment.html>
More information about the pptp-server
mailing list