[pptp-server] pptpd questions/info newbie...

Jordan Share iso9 at phantasticant.com
Fri Oct 5 15:25:56 CDT 2001 

Sorry, I should have been more clear.  IIRC == If I Recall Correctly. :)

What I was trying to say is that the "default install" of RedHat 7.1 (I think all that is neccessary is the 2.4 kernel tho) will already automatically work with a PPTP client behind it.

So, in that scenario, you have this layout:

192.168.0.3 -- client box behind nat
|
192.168.0.1 -- linux 2.4 kernel NAT box
|
w.x.y.z  - external ip of the linux NAT box
|
INTERNET
|
a.b.c.d  - IP address of the PPTP server

As long as only one client behind the "linux 2.4 kernel NAT box" is connecting to a.b.c.d, it "just works".

Of course, you do need the MPPE encryption whatnot on the PPTP server.  You have this already if you are using a windows box as the PPTP server, or you can apply the patches and compile your own ppp/pptpd.

Jordan

-----Original Message-----
From: droman2 at granite.he.net [mailto:droman2 at granite.he.net]On Behalf Of
Dean Roman
Sent: Friday, October 05, 2001 6:04 AM
To: Jordan Share
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] pptpd questions/info newbie...


Jordan Share wrote:
> 
> Are all your clients behind the same NAT?  Or is each behind their own?
> 

Each client is behind it's own NAT.  The scenario is...
Each Windows 2K client is at home or on the road behind a cable modem or
dsl nat'd modem.
I have 20 or so windows clients all at different locations behind there
own NAT.
Each client connects into the same PPTP linux server in our office that
is NOT behind a NAT'd firewall.

> Most NAT solutions that I've encountered recently work fine with a client behind the NAT box.  IIRC, the linux-based NAT will even allow you to have multiple PPTP clients behind the same NATted IP address, as long as they all connect to different PPTP servers.

I am unfamiliar with IIRC linux based NAT.  From what you are saying
above, I gather that it uses the default windows PPTP VPN client built
into win2k boxes.  The server runs under linux...you can use it with the
client behind a NAT/masquerading gateway/firewall...now for the big
question...
Does it support any type of encryption mechanism?

Can you send me a link to somewhere I can find out more info. on the
IIRC VPN?

> 
> If you have your clients behind the same NAT box, perhaps it supports IPSec?  You can use FreeS/WAN on the linux side to create IPSec-based VPNs.
> 
> Jordan
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Dean Roman
> Sent: Friday, October 05, 2001 2:31 AM
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] pptpd questions/info newbie...
> 
> Martin Feeney wrote:
> >
> > On Thu, 04 Oct 2001 11:51:56 Dean Roman wrote:
> >
> > > 1) Will PPTP work with the win2k clients behind NAT'd firewalls (like a
> > > cable modem running NAT)?
> >
> > This is your biggest problem - probably not unless you can port forward
> > port 1723 and protocol forward protocol 47(GRE). And it'll only work for
> > one machine behind each NAT firewall.
> >
> 
> When I try it, I'll let the group know if it works for me or not.
> 
> Any other ideas as to a good VPN solution that solves this problem,
> given that I have all windows boxes on the client side behind NAT, and
> Linux on the server side?
> 
> > > 2) Does the basic package found in woody WITHOUT any patches support any
> > > kind of encryption mechanism?
> >
> > Nope, but if you trust me not to do anything nasty, I can send you a .deb
> > with mppe and smb-stripdomain patches.
> 
> I would be very gratefull for this as I have been scratching my head
> trying to figure out how to get the ppp patches correctly built in, then
> into a deb package.  (the ppp .debs you have, I'm assuming, are for ppp
> 2.4.1 and the newest pptpd)?
> 
> >
> > Then you can also install the kernel-patch-mppe package and apply it to
> > your kernel.
> 
> The kernel-patch-mppe I have already installed.  I didn't see that one
> until Neale Banks gave me the scoop...thanks Neale.
> 
> >
> > This should also take care of questions 3,4,6 and 7.
> >
> > > 5) Is the concept the same as that for a regular dialup connection using
> > > ppp?
> >
> > Yes and no. The lcp/ppp protocols are the same (with the addition of mppe
> > for encryption). The transport layer is over ip rather than over a
> > telephone line, however.
> >
> > The client create a tcp connection on port 1723 to the server. They have a
> > little chat and open up an ip socket connection (protocol 47 - GRE) to
> > contain the tunnel and run ppp over it.
> >
> > Other than that simple explanation, there are many, many FAQs and
> > whitepapers you can read - most of them available at, or linked from
> > http://poptop.lineo.com/
> >
> > Martin.
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> 
> Thanks for the info....I will look for the .debs in my mail or a URL for
> them.
> 
> ---Dean.
>    droman at romansys.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --


Thanks for the help...

---Dean.

More information about the pptp-server mailing list