[pptp-server] Martian packets and NetBIOS problems

Matt Gavin mattgav at tempo.com.au
Wed Oct 24 17:47:32 CDT 2001 

You need to patch you PoPToP Vpn server to allow 128 Bit encryption. I only
have 40 Bit encryption enabled on my server at the moment have not had time
to look at 128 Bit. You can get the patch and documentation from
http://poptop.lineo.com

You should be able to connect with the Windows 2000 client with 40 Bit
encryption enabled. If you are running Samba on your "Mini network" then
accessing shared folders is another issue, I don't do this myself, but again
there are Docs on allowing SMB through the PoPToP at the PoPToP site as
above.

As for Ipchains, someone posted this earlier in the week:

# IP network address of the PPTP network
PPTPLAN="192.168.0.245/32"
PPTPIF="ppp+"

# IP network address of the internal network
INTLAN="192.168.0.0/24"
INTIF="eth0"

EXTIF="eth1"

UNIVERSE="0.0.0.0/0"

BROADCAST="255.255.255.255"

SECUREHOST=<snip... I only connect to my server from one IP address -
use UNIVERSE instead if you want it wide open>

# PPTP traffic
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST -d
$EXTIP 1723
/sbin/ipchains -A input -p 47 -j ACCEPT

/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST 1723
-d $UNIVERSE
/sbin/ipchains -A output -p 47 -j ACCEPT

# PPTP: need to allow all incoming traffic on PPTPIF
/sbin/ipchains -A input -i $PPTPIF -s $PPTPLAN -d $INTLAN -j ACCEPT

# PPTP: need to allow all outgoing traffic on PPTPIF
/sbin/ipchains -A output -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT

# Enable TCP/IP forwarding between the PPTP network and the Internal LAN
/sbin/ipchains -A forward -i $INTIF -s $PPTPLAN -d $INTLAN -j ACCEPT
/sbin/ipchains -A forward -i $PPTPIF -s $INTLAN -d $PPTPLAN -j ACCEPT

# DHCP traffic
/sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p udp -s $UNIVERSE bootpc
-d $BROADCAST/0 bootps
/sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p tcp -s $UNIVERSE bootpc
-d $BROADCAST/0 bootps

# ICMP traffic (ping)
/sbin/ipchains -A input -j ACCEPT -i $PPTPIF -p icmp -s $UNIVERSE -d
$EXTIP

Matt Gavin
Tempo Services Limited
~~~~~~~~~~~~~~~~~~~~~~

More information about the pptp-server mailing list