What do you want to do ? Simply use your Debian box as a firewall or use it as a VPN-accessible host ?
In the first case, just follow the directions given by Brendan. It means opening the correct ports in ipchains and forward to your VPN server. In the second case, I have no experience of making a Debian box a VPN-aware server. Just ask Brendan (Sorry for the burden, Brendan ;-). Here is a copy of what he wrote: > Win2k clients come with Microsoft's PPTP VPN client. To set up a PPTP > server on debian you must install Poptop - http://www.poptop.org/ > > Then read up on how to patch pppd and the 2.2 kernel for it: > > http://www.vibrationresearch.com/pptpd/ > > Or the Howto under 2.4 (including iptables rules): > > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt > > Hope this helps. > > Brendan > Good luck ! Gregoire ----- Original Message ----- From: "Mezei Áron" <[EMAIL PROTECTED]> To: "'Gregory Hostettler'" <[EMAIL PROTECTED]> Sent: Sunday, April 07, 2002 3:58 AM Subject: RE: GRE, VPN and suchlike Hi! Can you help me a bit? I've read I think all available HOWTOs and document about masq-ing a PPTP based VPN, but I couldn't get it work. Maybe my PPTP server's config is not ok, but the following is the setup and this happens: WindowsXP | | debian masq'ing between an office network and the internet | | debian with pptpd installed I've created a pptp connection in the XP to the serverver with pptpd. in the server's ppp.log the following appears: Apr 7 03:52:14 algernon pptpd[6254]: CTRL: Client <masq'ing ip> control connection started Apr 7 03:52:14 algernon pptpd[6254]: CTRL: Starting call (launching pppd, opening GRE) Apr 7 03:52:14 algernon pppd[6255]: pppd 2.4.1 started by root, uid 0 Apr 7 03:52:14 algernon pppd[6255]: using channel 25 Apr 7 03:52:14 algernon pppd[6255]: Using interface ppp0 Apr 7 03:52:14 algernon pppd[6255]: Connect: ppp0 <--> /dev/pts/2 Apr 7 03:52:14 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:17 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:20 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:23 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:26 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:29 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:32 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:35 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:38 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:41 algernon pppd[6255]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0x78565de0> <pcomp> <accomp>] Apr 7 03:52:44 algernon pppd[6255]: LCP: timeout sending Config-Requests Apr 7 03:52:44 algernon pppd[6255]: Connection terminated. Apr 7 03:52:44 algernon pppd[6255]: Exit. Apr 7 03:52:44 algernon pptpd[6254]: Error reading from pppd: Input/output error Apr 7 03:52:44 algernon pptpd[6254]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Apr 7 03:52:44 algernon pptpd[6254]: CTRL: Client <masq'ing ip> control connection finished So I don't know what could be the problem. If you can help me and if you have some time for my problem please answer me. Thanks a lot! Aron Mezei -----Eredeti üzenet----- Feladó: Gregory Hostettler [mailto:[EMAIL PROTECTED]] Küldve: 2002. április 5. 15:58 Címzett: Brendan Lewis Másolatot kap: [EMAIL PROTECTED] Tárgy: Re: GRE, VPN and suchlike It was sooooo simple ! Just use [iptables] ipchains to setup the rules and we have a nice passthrough ! THANKS a lot, everything works perfectly now ! Greg > Hi Gregiore, > > Gregoire Hostettler wrote: > > Thank you, Brendan, > > > > This is a good starting point. > > > > But will this package implement GRE (port 47) ? Just because I need > > to install the Linmux box as a firewall. In fact it is already a fw. > > What I need is just to make VPN encapsulated packets to go through > > the firewall to the VPN server which is located in the inside LAN. > > If all you want to do is forward PPTP packets to an internal (public > IP) PPTP VPN server that's easy. Under kernel 2.4: > > # For the initial PPTP authentication > iptables -A INPUT -p TCP -s <your VPN server> --dport 1723 -j ACCEPT > iptables -A INPUT -p TCP -d <your VPN server> --sport 1723 -j ACCEPT > > # Then for forwarding GRE > iptables -A INPUT -p 47 -s <your VPN server> -j ACCEPT iptables -A > INPUT -p 47 -d <your VPN server> -j ACCEPT > > If you want to masquerade PPTP packets to an internal (private IP) > PPTP server then read this howto: > > http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html > > However, this only covers kernels 2.0 and 2.2. I haven't tried doing > this under 2.4 yet. > > > > > And do I need samba ? I want to keep my Debian fw with as few > > daemons as possible, as you can guess ;-) > > > > You only need Samba if you want to provide Windows file and printer > sharing on the firewall itself. PPTP does not require Samba. > > > Anyway THANK YOU for your help ! > > No problems. Hope this helps! > > Brendan > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]