Re: PPTP thru SUSEfirewall

On Jul 5, 9:22 pm, KR <kristian.rasmus...@xxxxxxxxxxxxxxxxxxxxx>
wrote:
Leslie.E.Zeigler wrote:
I have not tried to telnet in yet. I am able to get to "verifying user
name and password" but the connection is usually terminated before
that step completes. Again, If I bypass the router and connect
directly to the modem, it authenticates and everything works as it
should.

This is something of a classic. Since you get to "Verifying...", the TCP
port 1723 forwarding works as it should. However, it seems the GRE
packets never reach their destination, since the authentication process
never completes.

Anyhow, the firewall rules are quite simplistic so far.
Port 1723 TCP is set to forward to the VPN server.
Protocol 47 has been opened or enabled.

I have not found much more information regarding what else I need to
do though I have read many online tutorials so far. They all pretty
much cover these few topics.

The firewall has to know what to do with the GRE packets. It needs a
PPTP connetcion tracker and NAT helper, or you'll have to forward all
GRE packets to the VPN server manually. (The latter will work, but will
break PPTP connections originating from the inside.)

Netfilter (the linux firewall) has had a PPTP connection tracker and a
NAT helper for some time. They used to be called ip_conntrack_pptp and
ip_nat_pptp respectively, until somewhere between 2.6.19 and 2.6.20 (i
think), when nf_conntrack_pptp and nf_nat_pptp were introduced.

Try "modprobe ip_nat_pptp" or "modprobe nf_nat_pptp" (the corresponding
conntrack module will be loaded automatically) and see what happens.

KR

Hello and thanks again for the reply.
Unfortunately, this:
"Try "modprobe ip_nat_pptp" or "modprobe nf_nat_pptp" (the
corresponding
conntrack module will be loaded automatically) and see what happens."
is beyond my understanding of this process. How would I perform this
task?

Thanks again,
-Les

.

Relevant Pages

  • Re: PPTP thru SUSEfirewall
    ... However, it seems the GRE packets never reach their destination, since the authentication process never completes. ... It needs a PPTP connetcion tracker and NAT helper, or you'll have to forward all GRE packets to the VPN server manually. ... but will break PPTP connections originating from the inside.) ... Netfilter has had a PPTP connection tracker and a NAT helper for some time. ...
    (comp.os.linux.networking)
  • Re: iptables with multiple vpn connection
    ... But is it possible to using the OpenVPN and still using my iptables in the ... > Jason wrote: ... >> Iptables is working fine with single vpn connection, ... > Are you passing through PPTP connections? ...
    (comp.os.linux.security)
  • Re: CONFIG_IP_ROUTE_FWMARK not working in Debian !
    ... >> I guess you should use the conntrack module. ... >> but I think you're marking only the first packet of the ... What does mangling packets have to do with connection tracking? ... The first principle is that you must not fool yourself ...
    (Debian-User)
  • Re: VPN and XP SP2 woes
    ... We are not yet on IPSec. ... problem may be specific to PPTP connections. ... I'm on VPN far too many hours a day to do without my private email. ... > VPN connection is a PPTP connection, ...
    (microsoft.public.windowsxp.help_and_support)
  • GRE packets are dropped by ICF
    ... I have a VPN connection to an office network. ... I have ICF (Internet Connection Firewall, ... ICF has no settings for GRE packets, ...
    (microsoft.public.windowsxp.security_admin)