I've been following this thread with some interest...trying to accomplish much the same as Eric, and have been reading up, down and sideways through leaf-user. I have a Dachstein (floppy) system. I'm trying to have a Win2k PPTP client (internal) connect to a PoPToP server (external). As with Eric, in my case the connection works fine if I pull the router entirely out of the mix. As a side note, the router does have a public external address.
I do have the pptp module loaded, but I wonder if I may be getting stuck on the port forwarding. In network.conf, I have the following: EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc 130.111.135.159/32_47" and EXTERN_PROTO0="47 130.111.135.159/32" ...but when I try to "dial" the connection, the PPTP client quickly responds that the server is not answering. Nothing of note shows up in the messages file. Appreciate any nudges (or requests for more info), Andy -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you loaded the pptp Module? & Have you set up protocol 47 to also port forward to your VPN server? On your Win2k box, go to the properties of the VPN Connection and in the properties setup box on the networking tab, set the "Type of VPN server I am calling" to PPTP. If you don't do this it will try to use L2TP which requires a different port and secure protocols and sometimes a certificate server. I have several Dachstien firewalls in place and can VPN out through any one and back in through any other to a VPN Server in the internal network. Andrew Gray System Administrator / Senior Technician Operations VQA Australasia Phone: (07) 3804 9822 Fax: (07) 3807 8633 Mob: 0418 734 078 ___________________________________________ NOTICE The information contained in this electronic mail message is privileged and confidential, and is intended only for use of the addressee. If you are not the intended recipient, any disclosure, reproduction, distribution or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer Sent: Thu, 27 Jun 2002 10:48 To: Eric Kubischta Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems I think there have been a few discussions about Win2k, there is something within Win2k that creates some problems. I am using a Win2k pro box at home, and haven't had any trouble, but you might want to search the archives... Joey - -----Original Message----- From: Eric Kubischta [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 5:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again. I have set up my network.conf file according to the settings below (using the external IP address of my companies VPN server). But still, when I try to connect with VPN from my Win2K Client machine through the firewall, doesn't work (hangs at "Verifying User Name and Password) When I remove the Linux Router, it works. Any other ideas? Thanks, Eric From: "Joey Officer" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> To: "Eric Kubischta" <[EMAIL PROTECTED]> CC: "LRP Support" <[EMAIL PROTECTED]> Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Wed, 26 Jun 2002 13:31:01 -0500 You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS="66.101.59.22/32_ssh" # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS="66.101.59.22/32_500" # this is the port for IPSec (I believe) EXTERN_PROTO0="50 66.101.59.22/32" # this is part the SSH EXTERN_PROTO1="51 66.101.59.22/32" # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: "snip" To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the "ipfwd" utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. "snip" Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc 0/0_500" EXTERN_TCP_PORT0="50 0/0" EXTERN_TCP_PORT1"51 0/0" made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility.... Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: "Joey Officer" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> To: "Eric Kubischta" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN Through Dachstein and SSH problems Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441&group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric -- _______________________________________________ Download the free Opera browser at http://www.opera.com/ Free OperaMail at http://www.operamail.com/ Powered by Outblaze ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
