[pptp-server] Strange problem with pptp. Please help
bao at gibbons.com
Fri Aug 9 17:17:05 CDT 2002
I have pptp and sendmail servers both on one RH 7.3 box. My intent is to
set up a firewall to block all external traffic, while allowing traffic
within the subnet range.
The setup has this configuration:
subnet range 188.8.131.52 - 184.108.40.206
pptp server's IP : 220.127.116.11
pptp client range: 18.104.22.168-190
server is set up to allow all traffic within 22.214.171.124/27
Its firewall is set up to allow packets to port 1723, and GRE packets
from any machine.
The expected behavior is that a user will dial out to their ISP, which
will give him the IP 126.96.36.199 . This solely will not let him access
the subnet. He has to establish a VPN
connection to the server at 188.8.131.52, and will be assigned
184.108.40.206. With this new IP, he now has access to the server's
resources, specifically mail access.
With this setup, when the user retrieves or sends out mail using this
server, all the packets will be encapsulated in GRE, sent to the server.
The server will open it and take care of the request.
The situation is, this only works when pptp server and sendmail server
are on different machines. But when they're on the same machine, the TCP
packets destined for the mail server at .162 are not encapsulated and
routed through the VPN tunnel. They are sent directly to the server with
the source IP as 220.127.116.11, which will be completely blocked by the
firewall on the server side.
My question is which side is responsible for this?
If it's the client side, can I set it up somehow to make it send the
mail packets via the VPN tunnel?
If it's the server's responsibility, how can I fix this?
Or is it something that both sides negotiate and agree on??
Thank you all.
More information about the pptp-server