Re: PPTP and Firewalls
On Fri, 9 May 2003 03:16 pm, Simon Bland wrote:
> I'm having some trouble setting up a PPTP VPN server behind a firewall.
> Internet ----- Firewall ---- LAN (Including PPTP server)
> At the moment I'm forwarding port 1723 back to the PPTP server. I can
> see the logs of the client connecting to the server, but when the server
> sends it's first LCP ConfReq there is never any reply. I'm guessing
> there is some sort of routing issue involved, but can't seem to get it
> set up.
> The firewall and PPTP server are both running 2.4.18 kernels with iptables
> and GRE tunnels set up as modules and mppe patches for the kernel and for
> pppd, both are Debian stable.
> I know the VPN configs are fine as I can get it working if the VPN runs
> on the firewall, but I'd really rather not have the VPN running on the
> firewall if I can get around it.
> Thanks for any suggestions/help.
Does the PPTP server have a real IP address, or is there some sort of
NAT/DNAT/SNAT being done by the firewall?
What do you see with a tcpdump on the firewall, and does the server's ConfReq
actually make it to the client at all?
Can the PPTP server ping the client?
Have you explicitly allowed GRE traffic through the firewall?
GPG : http://n12turbo.com/tarragon/public.key