[pptp-server] Setting up PoPToP behind masq firewall
Nate Perry-Thistle
nate at anthropomorphization.com
Sat Oct 13 10:43:22 CDT 2001
john,
do you allow and forward protocol 47 (GRE) through the firewall? check
out: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO-3.html#ss3.6 for
examples rules for iptables and ipchains.
n.
On Sat, Oct 13, 2001 at 05:43:45PM +0100, John P wrote:
> Hi
>
> I have PoPToP running on a RedHat 7.0 server. The server runs behind a Linux
> firewall which masquerades the internal network out on one IP address. Port
> 1723 is forwarded to the RedHat server as is protocol 53. The server is
> running kernel '2.2.16-22 #17 SMP'
>
> When I connect from my Win98 SE machine, I get the following in the logs:
> Oct 13 17:24:14 pluto pppd[2738]: pppd 2.4.0 started by root, uid 0
> Oct 13 17:24:14 pluto pppd[2738]: Using interface ppp0
> Oct 13 17:24:14 pluto pppd[2738]: Connect: ppp0 <--> /dev/pts/3
> Oct 13 17:24:44 pluto pppd[2738]: LCP: timeout sending Config-Requests
> Oct 13 17:24:44 pluto pppd[2738]: Connection terminated.
> Oct 13 17:24:44 pluto pppd[2738]: Exit.
> Oct 13 17:24:44 pluto pptpd[2737]: GRE: read(fd=4,buffer=804da00,len=8196)
> from PTY failed: status = -1 error = Input/output error
> Oct 13 17:24:44 pluto pptpd[2737]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Oct 13 17:24:44 pluto pptpd[2737]: CTRL: Client 122.146.136.129 control
> connection finished
> [root at pluto ipv4]#
>
> >From reading the docs, it seems to imply that I need to patch the kernel
> with the VPN masquerade patch. However, this isn't something I have
> attempted before, and am a bit reluctant to do over SSH 100 miles from the
> relevant server ;) - can I not install a module, or are there any other
> workarounds? Is it something that is quite simple to do,
>
> I'm not quite sure why I need to install that patch though. Is it so that
> the RedHat server knows to route the packets via the masq router?
>
> --
> John Portwin
> Technical Director,
> mobiletones.com
>
> john at mobiletones.com
> Mobile (07801) 055722
> DDI (01923) 892722
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
More information about the pptp-server
mailing list