Re: PPTP and Firewalls

To: debian-isp@lists.debian.org
Subject: Re: PPTP and Firewalls
From: Tarragon Allen <melange@n12turbo.com>
Date: Fri, 9 May 2003 18:09:51 +1000
Message-id: <[🔎] 200305091809.51447.melange@n12turbo.com>
In-reply-to: <[🔎] 20030509051643.GA637@khaosse.net>
References: <[🔎] 20030509051643.GA637@khaosse.net>

On Fri, 9 May 2003 03:16 pm, Simon Bland wrote:
> I'm having some trouble setting up a PPTP VPN server behind a firewall.
>
> Internet ----- Firewall ---- LAN (Including PPTP server)
>
> At the moment I'm forwarding port 1723 back to the PPTP server. I can
> see the logs of the client connecting to the server, but when the server
> sends it's first LCP ConfReq there is never any reply. I'm guessing
> there is some sort of routing issue involved, but can't seem to get it
> set up.
>
> The firewall and PPTP server are both running 2.4.18 kernels with iptables
> and GRE tunnels set up as modules and mppe patches for the kernel and for
> pppd, both are Debian stable.
>
> I know the VPN configs are fine as I can get it working if the VPN runs
> on the firewall, but I'd really rather not have the VPN running on the
> firewall if I can get around it.
>
> Thanks for any suggestions/help.

Does the PPTP server have a real IP address, or is there some sort of 
NAT/DNAT/SNAT being done by the firewall?

What do you see with a tcpdump on the firewall, and does the server's ConfReq 
actually make it to the client at all?

Can the PPTP server ping the client?

Have you explicitly allowed GRE traffic through the firewall?

t
-- 
GPG : http://n12turbo.com/tarragon/public.key

Reply to:

References:
- PPTP and Firewalls
  - From: Simon Bland <angel@khaosse.net>

Prev by Date: PPTP and Firewalls
Next by Date: SMTP Auth - Ldap server
Previous by thread: PPTP and Firewalls
Next by thread: Re: PPTP and Firewalls
Index(es):
- Date
- Thread