[pptp-server] Success! :) mostly .... and some questions ...

Paul Reed paul at bsdc.ca
Tue Oct 2 18:02:10 CDT 2001 

RedHat 7.1 i386

kernels 2.4.4 and 2.4.9 w/patch: 
        - linux-2.4.4-openssl-0.9.6a-mppe.patch.gz
ppp-2.4.1 w/patches: 
        - ppp-2.4.1-MSCHAPv2-fix.patch.gz
        - ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
pptpd-1.0.1
pptp-linux-1.0.2

NOTE:  - Had problems getting ppp_mppe.o to compile with kernel.
            - FIX: in kernel configuration, make sure ppp is tagged as a module '(M)' -- NOT staticly linked '(*)'.

###########################
# my options.pptpd:

    name *
    lock
    mtu 1490
    mru 1490
    proxyarp
    auth
    +chap
    #+chapms #This one is optional and my be omitted.
    +chapms-v2
    ipcp-accept-local
    ipcp-accept-remote
    lcp-echo-failure 3
    lcp-echo-interval 5
    deflate 0
    mppe-128
    mppe-40
    mppe-stateless

###########################
# IPTABLES VPN connect allow (allows vpn connect on all interfaces):
    iptables -A INPUT -p tcp --dport 1723 ! --syn -j ACCEPT
    iptables -A INPUT -p tcp --dport 1723 --syn -m limit --limit 2/s -j ACCEPT
    iptables -A INPUT -p 47 -j ACCEPT


###########################
# Script to connect from another linux box (my internal network is 192.168.1.0/24, remote network is 192.168.0.0/24): 
    pptp $VPNSERVERIP name $VPNUSERNAME +chapms +chapms-v2 mppe-128 mppe-stateless -deflate noauth
    route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.254 ppp1

###########################
# IPTABLES rules to masq to the vpn network.
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
    iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT

###########################
Client VPN Connections tested using mppe-128 from:  
    - Windows ME
    - Windows XP 
    - RedHat-7.1 using pptp-linux (connect script above)
       (RH7.1 tested with static ip and through a pppoe connection)

###########################
Possible Issues .. and wierd things .. :)

- Cannot connect using windows networking from one net to the other using linux 2.4.4 kernel 
I.e. 192.168.1.6 --> //192.168.0.253/) 
It works in the 2.4.9 kernel for me though .. I think there was a new IP to IP tunnel option or something, maybe that was it...)
can anyone confirm?

- Cannot connect to remote vpn server from behind an IPTALBLES Firewall/Masqueade gateway... 
netstat on both boxes reveils a non-priviliged connection from the vpn server to the client that isn't making it in though the NAT/FW gateway. 
The gateway itself can connect using pptp-linux, but any box behind it can't. 
As a temporary solution, i've just routed through the nat/fw gateway's pptp vpn connection to the vpn server. (see above scripts)
I would rather connect from my windows box that is behind the gw.
Any ideas?
Iptables rules maybe?


###########################
About to test with 2.4.10 (although i forsee no new issues .. :)


Anyways ... thanks for the help list! :) 
I'm up and running... :)

Paul Reed
paul at bsdc.ca




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20011002/66418351/attachment.html>

More information about the pptp-server mailing list