[pptp-server] Help with config and ipchain rulesets...
Tommy Orndorff
tommy at orndorff.com
Wed Feb 13 16:30:39 CST 2002
I am having some issues with my poptop/pppd connections, and I was hoping
someone could give me a hand checking ipchains rules, etc.
I'm running PoPToP v1.1.2 and pppd version 2.4.0 on kernel version 2.4.16.
Connections to the VPN work fine 100% of the time with encryption enabled.
Here is my ppp options file:
lock
debug
proxyarp
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
auth
require-chap
+chap
ms-wins 192.168.1.1
My pptpd.conf file contains these lines:
option /etc/ppp/options
debug
localip 192.168.1.102-120
remoteip 192.168.1.102-120
listen 192.168.1.101
My ip chains rules contain the following rules (and ipchains only uses these
rules):
echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
ipchains -N ppp-out
ipchains -A output -i eth0 -j ppp-out
ipchains -A ppp-out -p 47 -j ACCEPT
ipchains -N ppp-in
ipchains -A input -i eth0 -j ppp-in
ipchains -A ppp-in -p TCP -y -d 0.0.0.0/0 pptp -j ACCEPT -l
ipchains -A ppp-in -p TCP -d 0.0.0.0/0 pptp -j ACCEPT
ipchains -A ppp-in -p 47 -j ACCEPT
ipchains -A ppp-in -p TCP -y -j DENY
ipchains -A ppp-in -p UDP -j DENY
ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
My gateway IP for the LAN that the VPN resides on is 192.168.1.254. I have
users set with IP's given out of the range. After connecting, no packets are
received back to the client (ie. when browsing any www page there is no
response).
Anyone see anything wrong or have any suggestions? Hopefully I've included
enough information.
Tommy Orndorff
More information about the pptp-server
mailing list