[pptp-server] Setting up PoPToP behind masq firewall

Cowles, Steve Steve at SteveCowles.com
Sat Oct 13 11:54:19 CDT 2001 

> -----Original Message-----
> From: John P [mailto:john at pmbbs.demon.co.uk]
> Sent: Saturday, October 13, 2001 11:44 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Setting up PoPToP behind masq firewall
> 
> 
> Hi
> 
> I have PoPToP running on a RedHat 7.0 server. The server runs 
> behind a Linux firewall which masquerades the internal network
> out on one IP address. Port 1723 is forwarded to the RedHat
> server as is protocol 53.


That should be protocol 47 (GRE), not protocol 53


> The server is running kernel '2.2.16-22 #17 SMP'
> 
> When I connect from my Win98 SE machine, I get the following 
> in the logs:
> Oct 13 17:24:14 pluto pppd[2738]: pppd 2.4.0 started by root, uid 0
> Oct 13 17:24:14 pluto pppd[2738]: Using interface ppp0
> Oct 13 17:24:14 pluto pppd[2738]: Connect: ppp0 <--> /dev/pts/3
> Oct 13 17:24:44 pluto pppd[2738]: LCP: timeout sending Config-Requests
> Oct 13 17:24:44 pluto pppd[2738]: Connection terminated.
> Oct 13 17:24:44 pluto pppd[2738]: Exit.
> Oct 13 17:24:44 pluto pptpd[2737]: GRE: 
> read(fd=4,buffer=804da00,len=8196)
> from PTY failed: status = -1 error = Input/output error
> Oct 13 17:24:44 pluto pptpd[2737]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Oct 13 17:24:44 pluto pptpd[2737]: CTRL: Client 
> 122.146.136.129 control connection finished
> [root at pluto ipv4]#
> 
> From reading the docs, it seems to imply that I need to patch 
> the kernel with the VPN masquerade patch. However, this isn't
> something I have attempted before, and am a bit reluctant to
> do over SSH 100 miles from the relevant server ;) - can I not
> install a module, or are there any other workarounds? Is it
> something that is quite simple to do,

Some of the latter Redhat kernels already contained the VPN MASQ Patches. To
verify - see if you have module ip_masq_pptp.o

> 
> I'm not quite sure why I need to install that patch though. 
> Is it so that the RedHat server knows to route the packets
> via the masq router?
> 

The patch is needed so that the GRE protocol can be properly masqueraded.
i.e. module ip_masq_pptp.o

Steve Cowles

More information about the pptp-server mailing list