pptp client behind firewall

To: debian-user@lists.debian.org
Cc: debian-firewall@lists.debian.org
Subject: pptp client behind firewall
From: Greg MATTHEWS <G.Matthews@cs.ucl.ac.uk>
Date: Tue, 01 Apr 2003 17:07:05 +0100
Message-id: <[🔎] 13482.1049213225@cs.ucl.ac.uk>

Dear listers...

I'm finding it difficult to find up to date docs on pptp setups.

I have a linux server setup with pptpd which appears to be working ok (port 
1723 is definitely open) but i'm having trouble connecting to it from behind 
my firewall - a debian pentium running stable using iptables.

most of the docs that i found seem to say that no special requirements are 
needed to nat a private addressed pptp client. i can connect on port 1723 but 
then the server appears to be initiating a ppp connection (presumably ip type 
47?) back to the client which appears to be blocked by my firewall (maybe).

does this mean that i need to forward ip type 47 to a specific host on my 
private net? this would mean only one machine could ever use pptp so this 
doenst sound right.

anyone tell what i'm doing wrong? i'll include a log of what happens in the 
logs:

here is the log from the server:
Apr  1 16:47:56 humber pptpd[4372]: CTRL: Client 217.34.76.191 control 
connection started
Apr  1 16:47:57 humber pptpd[4372]: CTRL: Starting call (launching pppd, 
opening GRE)
Apr  1 16:47:57 humber pptpd[4372]: GRE: read(fd=4,buffer=804d940,len=8196) 
from PTY failed: status = -1 error = Input/output error
Apr  1 16:47:57 humber pptpd[4372]: CTRL: PTY read or GRE write failed 
(pty,gre)=(4,5)
Apr  1 16:47:57 humber pptpd[4372]: CTRL: Client 217.34.76.191 control 
connection finished

heres the log from the client:
Apr  1 16:47:58 monique pppd[2315]: pppd 2.4.1 started by root, uid 0
Apr  1 16:47:58 monique pppd[2315]: Using interface ppp0
Apr  1 16:47:58 monique pppd[2315]: Connect: ppp0 <--> /dev/pts/4
Apr  1 16:48:28 monique pppd[2315]: LCP: timeout sending Config-Requests 
Apr  1 16:48:28 monique pppd[2315]: Connection terminated.
Apr  1 16:48:29 monique pppd[2315]: Exit.

I'm guessing that the GRE tunnel isnt getting opened. are the docs right? do i 
need to patch my firewall kernel? the pptpd server is behind an appliance 
firewall (netgear 814) which does nat (its supposed to be compatible with 
vpns). if I need a patch for the kernel, where are the most up to date?

TIA

GREG

Reply to:

Follow-Ups:
- Re: pptp client behind firewall
  - From: Talon <megglestone@heritage.sd57.bc.ca>
- Re: pptp client behind firewall
  - From: Kevin Buhr <buhr@telus.net>

Prev by Date: unsubscribe
Next by Date: Re: X screen shifts right !!.
Previous by thread: Re: unsubscribe
Next by thread: Re: pptp client behind firewall
Index(es):
- Date
- Thread