[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pptp client behind firewall

Quoting Greg MATTHEWS <G.Matthews@cs.ucl.ac.uk>:

> Dear listers...
> I'm finding it difficult to find up to date docs on pptp setups.
> I have a linux server setup with pptpd which appears to be working ok (port
> 1723 is definitely open) but i'm having trouble connecting to it from behind
> my firewall - a debian pentium running stable using iptables.
> most of the docs that i found seem to say that no special requirements are 
> needed to nat a private addressed pptp client. i can connect on port 1723 but
> then the server appears to be initiating a ppp connection (presumably ip type
> 47?) back to the client which appears to be blocked by my firewall (maybe).
> does this mean that i need to forward ip type 47 to a specific host on my 
> private net? this would mean only one machine could ever use pptp so this 
> doenst sound right.
AFAIK, this is correct. Only one pptp client at a time can be masq'd to
a pptpd server. I remember hearing about a kernel patch of somekind. You could 
try searching google for a patch. The patch was for a ipmasq'ing firewall, 
where pptp clients where behind it trying to access a externel internet pptpd 
You mention that you have a hardware firewall from NetGear, so I don't know
if its tweakable.
> anyone tell what i'm doing wrong? i'll include a log of what happens in the

Nothing, this was the nature of pptp and ipmasq. 
IPSec or some debianized vpn daemons (vpnd,tinc) may be a different option to 
try. (if you can't get the kernel patch for ipmasq)

good luck,


This mail sent through IMP: http://horde.org/imp/

Reply to: