pptp client behind firewall
Dear listers...
I'm finding it difficult to find up to date docs on pptp setups.
I have a linux server setup with pptpd which appears to be working ok (port
1723 is definitely open) but i'm having trouble connecting to it from behind
my firewall - a debian pentium running stable using iptables.
most of the docs that i found seem to say that no special requirements are
needed to nat a private addressed pptp client. i can connect on port 1723 but
then the server appears to be initiating a ppp connection (presumably ip type
47?) back to the client which appears to be blocked by my firewall (maybe).
does this mean that i need to forward ip type 47 to a specific host on my
private net? this would mean only one machine could ever use pptp so this
doenst sound right.
anyone tell what i'm doing wrong? i'll include a log of what happens in the
logs:
here is the log from the server:
Apr 1 16:47:56 humber pptpd[4372]: CTRL: Client 217.34.76.191 control
connection started
Apr 1 16:47:57 humber pptpd[4372]: CTRL: Starting call (launching pppd,
opening GRE)
Apr 1 16:47:57 humber pptpd[4372]: GRE: read(fd=4,buffer=804d940,len=8196)
from PTY failed: status = -1 error = Input/output error
Apr 1 16:47:57 humber pptpd[4372]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Apr 1 16:47:57 humber pptpd[4372]: CTRL: Client 217.34.76.191 control
connection finished
heres the log from the client:
Apr 1 16:47:58 monique pppd[2315]: pppd 2.4.1 started by root, uid 0
Apr 1 16:47:58 monique pppd[2315]: Using interface ppp0
Apr 1 16:47:58 monique pppd[2315]: Connect: ppp0 <--> /dev/pts/4
Apr 1 16:48:28 monique pppd[2315]: LCP: timeout sending Config-Requests
Apr 1 16:48:28 monique pppd[2315]: Connection terminated.
Apr 1 16:48:29 monique pppd[2315]: Exit.
I'm guessing that the GRE tunnel isnt getting opened. are the docs right? do i
need to patch my firewall kernel? the pptpd server is behind an appliance
firewall (netgear 814) which does nat (its supposed to be compatible with
vpns). if I need a patch for the kernel, where are the most up to date?
TIA
GREG
Reply to: