[pptp-server] Strange problem with pptp. Please help

bao bao at gibbons.com
Fri Aug 9 17:17:05 CDT 2002

I have pptp and sendmail servers both on one RH 7.3 box. My intent is to
set up a firewall to block all external traffic, while allowing traffic
within the subnet range.

The setup has this configuration:
  subnet range -

pptp server's IP :
pptp client range:

server is set up to allow all traffic within
Its firewall is set up to allow packets to port 1723, and GRE packets
from any machine.

The expected behavior is that a user will dial out to their ISP, which
will give him the IP . This solely will not let him access
the subnet. He has to establish a VPN
connection to the server at, and will be assigned With this new IP, he now has access to the server's
resources, specifically mail access.

With this setup, when the user retrieves or sends out mail using this
server, all the packets will be encapsulated in GRE, sent to the server.
The server will open it and take care of the request.
The situation is, this only works when pptp server and sendmail server
are on different machines. But when they're on the same machine, the TCP
packets destined for the mail server at .162 are not encapsulated and
routed through the VPN tunnel. They are sent directly to the server with
the source IP as, which will be completely blocked by the
firewall on the server side.

My question is which side is responsible for this?
If it's the client side, can I set it up somehow to make it send the
mail packets via the VPN tunnel?
If it's the server's responsibility, how can I fix this?
Or is it something that both sides negotiate and agree on??

Thank you all.

More information about the pptp-server mailing list