----------------------------------------- (Em mail.irisa.com.br) ---------------------------------------------------------
Hi there guys, Im having a problem setting up a PPTP VPN inside my network so users can use it through the Internet. I tested the VPN locally and it seems to work fine. To get it to work through the linux firewall (ipchains), I used first used rinetd to redirect connections from port 1723 (PPTP) to the same port on the internal server. That got me kind of connecting to the server, but it got stuck after "veryfing username/password". I read a little bit more on the internet and found out that it uses GRE (protocol 47) for the real connection per say (sending the tunneled packets). Then I set: Ipchains -I forward -p 47 -s INTERNAL_NET_IP -d SERVERIP -j MASQ To forward those packets to the real server. As you can see from that line. I testing it internally, so the source is the internal network and the destination is the internal server ip. Hope you guys can help me out... I forgot a detail... I tcpdumped the connection and it seems the firewall is not forwarding GRE packets to the VPN server... Any clues? Thanks, Eduardo Freitas 10:53:13.554355 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 10:53:13.554416 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47 unreachable [tos 0xc0]