Re: ip tables vpn pptp and ip gre47

mb0339 <mb0339@xxxxxxxxxx> wrote:
hi
i have smoothwall firewall, on my router i have configurated the
forwarding of tcp 1723 on the red of firewall and activated teh
ip gre 47.

on firewall i have configurated the forwarding of tcp 1723 on the internal
ip vpn server

and At the end of /etc/rc.d/rc.firewall.up, add the following:

vpnserver="192.168.1.x"
/sbin/iptables -N pptp
/sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j
ACCEPT
/sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT

The FORWARD chain is a two-way street so I guess shorewall must already
have something like

/sbin/iptables -A FORWARD --src 192.168.1.0/24 -j ACCEPT

/sbin/iptables -I FORWARD -j pptp

/sbin/iptables -t nat -N pptp
/sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to
$vpnserver:1723
/sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
/sbin/iptables -t nat -A PREROUTING -j pptp

The DNAT routing looks okay to me.

but when i try the connection on a windows client i haave this
problem one minutes on the "verification user name and password
"then error 628 help me thanks.

An answer from google for "error 628" said to replace

mppe required

with

mppe required,stateless

and, although I've never used PPTP and so haven't a clue, presumable
you will know what file this is in.

FWIW, I tend to believe the problem is with PPTP and not your routing.

--
Clifford Kite
/* Substitute "damn" every time you're inclined to write "very"; your
editor will delete it and the writing will be just as it should be.
-- Mark Twain */
QED
.