Re: pptp client behind firewall
Quoting Greg MATTHEWS <G.Matthews@cs.ucl.ac.uk>:
> Dear listers...
> I'm finding it difficult to find up to date docs on pptp setups.
> I have a linux server setup with pptpd which appears to be working ok (port
> 1723 is definitely open) but i'm having trouble connecting to it from behind
> my firewall - a debian pentium running stable using iptables.
> most of the docs that i found seem to say that no special requirements are
> needed to nat a private addressed pptp client. i can connect on port 1723 but
> then the server appears to be initiating a ppp connection (presumably ip type
> 47?) back to the client which appears to be blocked by my firewall (maybe).
> does this mean that i need to forward ip type 47 to a specific host on my
> private net? this would mean only one machine could ever use pptp so this
> doenst sound right.
AFAIK, this is correct. Only one pptp client at a time can be masq'd to
a pptpd server. I remember hearing about a kernel patch of somekind. You could
try searching google for a patch. The patch was for a ipmasq'ing firewall,
where pptp clients where behind it trying to access a externel internet pptpd
You mention that you have a hardware firewall from NetGear, so I don't know
if its tweakable.
> anyone tell what i'm doing wrong? i'll include a log of what happens in the
Nothing, this was the nature of pptp and ipmasq.
IPSec or some debianized vpn daemons (vpnd,tinc) may be a different option to
try. (if you can't get the kernel patch for ipmasq)
This mail sent through IMP: http://horde.org/imp/