----------------------------------------- (Em mail.irisa.com.br) ---------------------------------------------------------
Hi Daniel.... I tried using rinetd to redirect the ports 1723 and 47 from the linux box to the win 2k server with ras working (I tested it). It connects!? But then it says verifying login and password and it gets stuck... Any clues? Even if I try to connect to port 47 on the server it says connect failed... Here is the TCPDUMP.... Are you sure its port 47????? Thanks for your help!!! Eduardo tcpdump: listening on eth0 17:09:47.226234 192.168.0.50.3497 > 192.168.0.1.1723: S 2311556756:2311556756(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) 17:09:47.226306 192.168.0.1.1723 > 192.168.0.50.3497: S 1698163687:1698163687(0) ack 2311556757 win 5840 <mss 1460,nop,nop,sackOK> (DF) 17:09:47.226502 192.168.0.50.3497 > 192.168.0.1.1723: P 1:157(156) ack 1 win 64240 (DF) 17:09:47.226551 192.168.0.1.1723 > 192.168.0.50.3497: . ack 157 win 5840 (DF) 17:09:47.228158 192.168.0.1.1723 > 192.168.0.50.3497: P 1:157(156) ack 157 win 5840 (DF) 17:09:47.228418 192.168.0.50.3497 > 192.168.0.1.1723: P 157:325(168) ack 157 win 64084 (DF) 17:09:47.229958 192.168.0.1.1723 > 192.168.0.50.3497: P 157:189(32) ack 325 win 6432 (DF) 17:09:47.414047 192.168.0.50.3497 > 192.168.0.1.1723: . ack 189 win 64052 (DF) 17:09:47.645975 192.168.0.50.3497 > 192.168.0.1.1723: P 325:349(24) ack 189 win 64052 (DF) 17:09:47.654667 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:09:47.654715 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:09:47.680034 192.168.0.1.1723 > 192.168.0.50.3497: . ack 349 win 6432 (DF) 17:09:49.650222 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:09:49.650276 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:09:52.650095 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:09:52.650149 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:09:52.867259 arp who-has hades tell 192.168.0.50 17:09:56.650060 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:09:56.650116 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:10:00.650089 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:10:00.650148 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:10:03.521314 192.168.0.50.3497 > 192.168.0.1.1723: P 349:373(24) ack 189 win 64052 (DF) 17:10:03.521385 192.168.0.1.1723 > 192.168.0.50.3497: . ack 373 win 6432 (DF) 17:10:03.521662 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:10:03.521692 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:10:06.664002 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:10:06.664057 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0] 17:10:10.664472 192.168.0.50.3497 > 192.168.0.1.1723: P 373:389(16) ack 189 win 64052 (DF) 17:10:10.664536 192.168.0.1.1723 > 192.168.0.50.3497: . ack 389 win 6432 (DF) 17:10:10.665388 192.168.0.1.1723 > 192.168.0.50.3497: P 189:337(148) ack 389 win 6432 (DF) 17:10:10.665556 192.168.0.50.3497 > 192.168.0.1.1723: P 389:405(16) ack 337 win 63904 (DF) 17:10:10.666361 192.168.0.1.1723 > 192.168.0.50.3497: P 337:353(16) ack 405 win 6432 (DF) 17:10:10.666764 192.168.0.50.3497 > 192.168.0.1.1723: F 405:405(0) ack 353 win 63888 (DF) 17:10:10.666890 192.168.0.1.1723 > 192.168.0.50.3497: F 353:353(0) ack 406 win 6432 (DF) 17:10:10.667023 192.168.0.50.3497 > 192.168.0.1.1723: . ack 354 win 63888 (DF) -----Mensagem original----- De: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] Em nome de Daniel Curry Enviada em: segunda-feira, 4 de agosto de 2003 15:50 Para: windows2000@xxxxxxxxxxxxx Assunto: [windows2000] Re: VPN I missed your previous message describing what you are trying to do. If your firewall is Linux based (assumption form squid reference), adding a couple of packages would permit that machine to act as your VPN server as well. There area great many packages to help with this, but the one I like best is free/Swan (spelling?) from freshmeat.net. Check them out. The build and install has gotten much easier over the last couple of years. -----Mensagem original----- De: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] Em nome de Daniel Curry Enviada em: segunda-feira, 4 de agosto de 2003 15:46 Para: windows2000@xxxxxxxxxxxxx Assunto: [windows2000] Re: VPN and Firewall This would largely depend upon which VPN protocol you decided to use. PPTP uses port 1723/tcp to establish communications. PPTP then uses protocol 47 -- GRE, generic routing encapsulation -- to tunnel the data. PPTP should take care of MOST simplified VPN issues. IPSEC is a whole other matter. However, for 'office-to-office' or static VPN connections, I tend to use routers with IPSEC. -----Original Message----- From: Eduardo Freitas [mailto:eduardofreitas@xxxxxxxxxxxxxxxxx] Sent: Monday, August 04, 2003 11:38 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] VPN and Firewall Hi guys, Lets suppose I have a remote access VPN inside my network behind my firewall. What ports would I have to have open forwarding to my VPN server so it works through the firewall? Would that be reasonably safe? Eduardo This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=131 ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm This weeks sponsor - RTOSoft TScale Complaints about applications response time - DO SOMETHING ABOUT IT! TScale 2.0 improves applications response time and increases terminal server capacity. Really get MORE from your existing servers! Free eval: http://www.rtosoft.com/enter.asp?id=131 ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm