[pptp-server] Windows NT VPN Server behind firewall Little bit long message!!!!

Andrea andrea.carignano at martinicom.com
Tue Sep 10 04:22:54 CDT 2002 

Hi,
I have the following problem:

I have a Windows 2000 VPN server behind a firewall (smmothwall 0.99SE); I
would like to connect from home to the office . The EXT nic firewall  ip is
212.xxx.xxx.xxx, the nt server IP is 192.168.0.1, the firewall INT nic
IP is 192.168.0.20.
I would like to extabilish a PPTP connection.

Here is the configuration:

1. port forward TCP 1723 to <VPN server IP>
2. External access to anyone to port 1723
3. External access protocol 47 (GRE) (I'm not sure, how can I verify?)
4. Forward 47 to <VPN server IP>: ipfwd --masq >VPN server IP> 47 &

When I try to connect to VPN SERVER I get as far as 'Authenticating Username
and
password' then get an error indicating that the server is not responding
(Error 619)
after 30 seconds or so.

So I think that port (1723) forwarding works, if I log the packet taht VPN
server receives I dont see any 47....

If I check firewall's kernel logs I have:

------->>>>>> ERROR!!! I THINK->>>>>>>12:37:26 kernel ip_demasq_gre():
AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=43E7
no masq table, discarding
------->>>>>> ERROR!!! I THINK->>>>>>>12:37:26 kernel ip_masq_gre():
creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=4000 MCID=6109
12:40:09 kernel ip_demasq_gre(): AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=83E7
no masq table, discarding
12:40:09 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=8000 MCID=6109
12:42:51 kernel ip_demasq_gre(): AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=C3E7
no masq table, discarding
12:42:51 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=C000 MCID=6109
12:43:53 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=0 MCID=6109
12:46:36 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=4000 MCID=6109
12:49:18 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=8000 MCID=6109

Where:
AAA.AAA.AAA.AAA is dyn external client IP
BBB.BBB.BBB.BBB is dyn IP of smoothie firewall
192.168.0.1 is internal VPN server IP

What is wrong, can anyone help me?

Thank you in advance

Kindly regards

Ing. Andrea Carignano
martini.com S.r.l.
Via Legnano  27
10128 Torino
tel. +39.011.562.16.56
fax. +39.011.561.37.09
www.martinicom.com
e-mail andrea.carignano at martinicom.com

More information about the pptp-server mailing list