[pptp-server] Windows NT VPN Server behind firewall Little bit long message!!!!

Jerry Vonau jvonau at shaw.ca
Tue Sep 10 08:22:18 CDT 2002 

Andrea:

Could you check lsmod for ip_masq_gre?
Unload it if it is there.
That is for masq'ing outbound client connections,
and should not be loaded when your forwarding to
a server. It will mess up the forwarding GRE to the server...
ie: no masq table, discarding

Jerry Vonau

-----Original Message-----
From:	Andrea [SMTP:andrea.carignano at martinicom.com]
Sent:	Tuesday, September 10, 2002 04:23 AM
To:	pptp-server at lists.schulte.org
Subject:	[pptp-server] Windows NT VPN Server behind firewall Little bit long 
message!!!!

Hi,
I have the following problem:

I have a Windows 2000 VPN server behind a firewall (smmothwall 0.99SE); I
would like to connect from home to the office . The EXT nic firewall  ip is
212.xxx.xxx.xxx, the nt server IP is 192.168.0.1, the firewall INT nic
IP is 192.168.0.20.
I would like to extabilish a PPTP connection.

Here is the configuration:

1. port forward TCP 1723 to <VPN server IP>
2. External access to anyone to port 1723
3. External access protocol 47 (GRE) (I'm not sure, how can I verify?)
4. Forward 47 to <VPN server IP>: ipfwd --masq >VPN server IP> 47 &

When I try to connect to VPN SERVER I get as far as 'Authenticating Username
and
password' then get an error indicating that the server is not responding
(Error 619)
after 30 seconds or so.

So I think that port (1723) forwarding works, if I log the packet taht VPN
server receives I dont see any 47....

If I check firewall's kernel logs I have:

------->>>>>> ERROR!!! I THINK->>>>>>>12:37:26 kernel ip_demasq_gre():
AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=43E7
no masq table, discarding
------->>>>>> ERROR!!! I THINK->>>>>>>12:37:26 kernel ip_masq_gre():
creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=4000 MCID=6109
12:40:09 kernel ip_demasq_gre(): AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=83E7
no masq table, discarding
12:40:09 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=8000 MCID=6109
12:42:51 kernel ip_demasq_gre(): AAA.AAA.AAA.AAA -> BBB.BBB.BBB.BBB CID=C3E7
no masq table, discarding
12:42:51 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=C000 MCID=6109
12:43:53 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=0 MCID=6109
12:46:36 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=4000 MCID=6109
12:49:18 kernel ip_masq_gre(): creating GRE masq for
192.168.0.1 ->AAA.AAA.AAA.AAA CID=8000 MCID=6109

Where:
AAA.AAA.AAA.AAA is dyn external client IP
BBB.BBB.BBB.BBB is dyn IP of smoothie firewall
192.168.0.1 is internal VPN server IP

What is wrong, can anyone help me?

Thank you in advance

Kindly regards

Ing. Andrea Carignano
martini.com S.r.l.
Via Legnano  27
10128 Torino
tel. +39.011.562.16.56
fax. +39.011.561.37.09
www.martinicom.com
e-mail andrea.carignano at martinicom.com

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list