[pptp-server] pptpd questions/info newbie...
Dean Roman
droman at romansys.com
Fri Oct 5 08:03:38 CDT 2001
Jordan Share wrote:
>
> Are all your clients behind the same NAT? Or is each behind their own?
>
Each client is behind it's own NAT. The scenario is...
Each Windows 2K client is at home or on the road behind a cable modem or
dsl nat'd modem.
I have 20 or so windows clients all at different locations behind there
own NAT.
Each client connects into the same PPTP linux server in our office that
is NOT behind a NAT'd firewall.
> Most NAT solutions that I've encountered recently work fine with a client behind the NAT box. IIRC, the linux-based NAT will even allow you to have multiple PPTP clients behind the same NATted IP address, as long as they all connect to different PPTP servers.
I am unfamiliar with IIRC linux based NAT. From what you are saying
above, I gather that it uses the default windows PPTP VPN client built
into win2k boxes. The server runs under linux...you can use it with the
client behind a NAT/masquerading gateway/firewall...now for the big
question...
Does it support any type of encryption mechanism?
Can you send me a link to somewhere I can find out more info. on the
IIRC VPN?
>
> If you have your clients behind the same NAT box, perhaps it supports IPSec? You can use FreeS/WAN on the linux side to create IPSec-based VPNs.
>
> Jordan
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Dean Roman
> Sent: Friday, October 05, 2001 2:31 AM
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] pptpd questions/info newbie...
>
> Martin Feeney wrote:
> >
> > On Thu, 04 Oct 2001 11:51:56 Dean Roman wrote:
> >
> > > 1) Will PPTP work with the win2k clients behind NAT'd firewalls (like a
> > > cable modem running NAT)?
> >
> > This is your biggest problem - probably not unless you can port forward
> > port 1723 and protocol forward protocol 47(GRE). And it'll only work for
> > one machine behind each NAT firewall.
> >
>
> When I try it, I'll let the group know if it works for me or not.
>
> Any other ideas as to a good VPN solution that solves this problem,
> given that I have all windows boxes on the client side behind NAT, and
> Linux on the server side?
>
> > > 2) Does the basic package found in woody WITHOUT any patches support any
> > > kind of encryption mechanism?
> >
> > Nope, but if you trust me not to do anything nasty, I can send you a .deb
> > with mppe and smb-stripdomain patches.
>
> I would be very gratefull for this as I have been scratching my head
> trying to figure out how to get the ppp patches correctly built in, then
> into a deb package. (the ppp .debs you have, I'm assuming, are for ppp
> 2.4.1 and the newest pptpd)?
>
> >
> > Then you can also install the kernel-patch-mppe package and apply it to
> > your kernel.
>
> The kernel-patch-mppe I have already installed. I didn't see that one
> until Neale Banks gave me the scoop...thanks Neale.
>
> >
> > This should also take care of questions 3,4,6 and 7.
> >
> > > 5) Is the concept the same as that for a regular dialup connection using
> > > ppp?
> >
> > Yes and no. The lcp/ppp protocols are the same (with the addition of mppe
> > for encryption). The transport layer is over ip rather than over a
> > telephone line, however.
> >
> > The client create a tcp connection on port 1723 to the server. They have a
> > little chat and open up an ip socket connection (protocol 47 - GRE) to
> > contain the tunnel and run ppp over it.
> >
> > Other than that simple explanation, there are many, many FAQs and
> > whitepapers you can read - most of them available at, or linked from
> > http://poptop.lineo.com/
> >
> > Martin.
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
>
> Thanks for the info....I will look for the .debs in my mail or a URL for
> them.
>
> ---Dean.
> droman at romansys.com
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
Thanks for the help...
---Dean.
More information about the pptp-server
mailing list