[pptp-server] Shouldn't I be able to see WIndows servers in Network Neighborhood?

ACEAlex alex at saers.com
Tue Jan 8 18:36:49 CST 2002


Hi, i think i know what your problem is. You linux "gw computer" had a nat
masqrade setup? Am I right? Whats the firewall rules of that. If you are
using iptables and have copied the script from the masq howto all trafic
from the ppp0 device that you are using are droped. You need to specify some
rules for that.

Here is my solotion that i added to the firewall script
<snip>
IPTABLES=/usr/local/sbin/iptables
EXTIF=eth1
INTIF=eth0
PPPIF=ppp0
$IPTABLES -A FORWARD -i $EXTIF -o $PPPIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $PPPIF -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $PPPIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $PPPIF -o $INTIF -j ACCEPT
</snip>

I dont know if this is the best way of doing it. But it is worth a try. I
dont even know if it solves your problem. By the way. Can you ping the
computer.

I think you are right about the kernel and ppp merge thing. Wounder what
linus tovard thinks of that?

/Alexander

----- Original Message -----
From: "Jeff Wiegley, Ph.D." <jeff at inetb.com>
To: "PoPToP list" <pptp-server at lists.schulte.org>
Sent: Wednesday, January 09, 2002 1:09 AM
Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network
Neighborhood?


> I *finally* got PPTP/VPN working.  Some suggestions...
>
>   1) The kernel people need to add the MPPE stuff into at least
>      the 2.5 kernels. I would also suggest incorporating the
>      FreeSwan items as well. Having a kernel that does not
>      provide for VPN services at this point in time only
>      prevents linux from being accepted in enterprise environments.
>      This is of particular concern because this is the exact market
>      that linux should be dominating.
>
>   2) PPP maintainers should include the openssl and MPPE support items.
>
>   3) PoPToP documentation needs to focus more on troubleshooting
>      procedures and general configuration. All of this per distribution
>      hints/tricks/traps/howtos and FAQs makes this project look
>      incredibly disorganized and unfocused.
>
>      Though I will say that a lot of this is due to the lack of 1) and
>      2).
>
>      Assuming 1) and 2) existed the documentation would only have to
>      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
>
>      A very helpful documentation toppic would be examples of various
>      network topologies, how VPN connections relate to the topologies
>      and what the VPN offers (or what you can expect from a VPN
>      connection) that the topologies cannot provide without the VPN.
>
> It took me all week to get PoPToP to a point where a Windows Me VPN
> dial-up connection could connect to the server and get established.
>
> Now I'm stuck. I guess I figured the VPN connection would provide
> me some functionality that it doesn't seem to.
>
> I have an office of 10 windows workstations, 1 WindowsNT server
> (for file sharing) and 1 linux server with two NICs for providing
> NATted internet connections to all the windows machines through a DSL
> line. (The internet side IP for the linux box is static.) For
> illustration lets say that all of these machines are on the
> SOMEWORKGROUP as far as Microsoft Clients are concerned.
>
> I would think this to be an incredibly ubiquitous topology.
>
> The whole reason I embarked on this project is that I have machines
> at external locations that need access to files on the WindowsNT
> box back at the main office. These remote computers are in other
> offices, on other physical networks and already belong to some
> OTHERWORKGROUP.
>
> I assumed that by establishing PoPToP VPN connection from one of
> these remote servers to the main office linux box I would be able
> to accomplish this.
>
> However it doesn't work and I was hoping somebody has some insight
> as to why.
>
> After Connecting the VPN I only see OTHERWORKGROUPS under network
> neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> connection specifies a ms-wins server but as far as can tell no
> WINS resolution is happening because I can't even manually type
> into network neighborhood an machinename such as
> \\goofy which is the name of the windows NT machine.
>
> further more, I can't even type in the direct ip to network
> neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.
>
> but the VPN is connected and working. ping 192.168.0.2 works fine.
> The linux box is a firewall but forwarding is on and all packets
> between machines on the 192.168.0.6 network are allowed. The
> firewall also logs all dropped packets but nothing is logged from
> the time I connect and test my setups.
>
> I mean if this doesn't work then I'd consider Microsoft VPN
> connections to be a useless waste of time.
>
> Does anybody have any ideas about this? Am I off base about this
> whole topic and VPNs are used for some other, completely different,
> task?
>
> For the purposes of helping to debug this all heres some
> configuration information:
>
> /etc/pptp.copnf
> -------------------------------------
> option /etc/ppp/options.pptp
> debug
> localip 192.168.0.1
> remoteip 192.168.0.3-9
>
> /etc/ppp/options.pptp
> -------------------------------------
> lock
> debug
> dump
> proxyarp
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> # Uncomment to use
> ms-wins 192.168.10.2
>
> The VPN connection item properties are as follows:
>
> General Tab:
>    VPN Server
>        Host name or IP address:     <static DSL IP of linux server>
>    Connect using
>        "Microsoft VPN Adapter" is the only option available.
> Networking Tab:
>    Type of Dial-up Server:
>        PPP: Internet, Windows 2000/NT, Windows ME
>    Advanced Option
>       Enable Software compression is checked
>       Record a log file for this connection is NOT checked
>    Allowed Network Protocols
>       NetBEUI            is NOT checked
>       IPX/SPX compatible is NOT checked
>       TCP/IP             is checked
>            Anvanced TCP/IP settings:
>              Sever assigned IP address             is selected
>              Server assigned name server address   is selected
>              use IP header compression             is checked
>              use default gateway on remote network is checked
> Security Tab:
>    Authentication:
>       Username:               <general username>
>       password:               *******
>       domain:                 SOMEWORKGROUP
>       connect automatically   is not checked
>    Advanced Security Options:
>       log on to network            is checked
>       Require encrypted password   is checked
>       Require data encryption      is checked
> Dialing Tab:
>    This is the default Internet connection is not checked
>    Redial settings:
>       Try to connect to 10 times
>       wait 5 seconds between attempts
>    Disconnect when connection may not be needed is checked
>
> Anybody have some hints?
>
> - Jeff
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --




More information about the pptp-server mailing list