Hi everyone. I am hoping there is some simple thing I have overlooked here that you can help me with. Info on my setup is included. Let me know if there is something important missing.
I am trying to setup a pptpd VPN on my Bering uCLIB firewall. I have it to the stage where I can connect from my internal network on a WindowsXP machine and get to the internet but I can't connect externally from work on a Win2000 machine. If I telnet to my router on port 1723 from work it connects briefly which seems indicate neither my work network or my home ISP is blocking port 1723?? Does that sound right? I have been told that my ISP doesn't block protocol 47 (GRE) but I'm not absolutely sure about my work network, although I can connect from home via pptp VPN to work, which seems to indicate GRE is not blocked. On a separate note, ULOG seems to log connections on port 1723 sometimes and not on others. Any ideas on why that might be so?? I am totally lost on this (which is not specially hard to do) and any assistance/thoughts would be gratefully received! Thanks. Shorewall rules: #PPTPd ACCEPT:ULOG net fw 47 ACCEPT fw net 47 ACCEPT:ULOG net fw tcp 1723 ACCEPT:ULOG fw net tcp 1723 ACCEPT:ULOG loc fw 47 ACCEPT fw loc 47 ACCEPT:ULOG loc fw tcp 1723 ACCEPT:ULOG fw loc tcp 1723 Shorewall Interfaces ######################################################################## ###### #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,routefilter,norfc1918 loc eth1 detect loc ppp+ - dmz eth2 detect Shorewall Tunnels # TYPE ZONE GATEWAY GATEWAY pptpserver net 0.0.0.0/0 Modules # Modules needed for PPTP connection slhc ppp_generic ppp_async ppp_mppe pptpd.conf is pretty much as the sample. I have uncommented the debug option and used: localip 192.168.1.254 remoteip 192.168.1.200 pptpd-options ## turn pppd syslog debugging on debug ## change 'servername' to whatever you specify as your server name in chap-secrets name vpn ## change the domainname to your local domain domain private.network ## these are reasonable defaults for WinXXXX clients ## for the security related settings auth require-mschap require-mschap-v2 require-mppe-128 ## Fill in your addresses ms-dns 10.0.0.1 ms-wins 10.0.0.1 ## Fill in your netmask netmask 255.255.255.0 ## some defaults nodefaultroute proxyarp lock I don't know anything about the wins side of things but I thought that these settings would work as a basic setup? And I haven't changed any of the ppp settings. I have thought about changing them because they refer to modems and dialing etc, although I am on cable. But I haven't seen any good instructions on what to modify them to, and anyway the thing works fine from a local workstation. David Pitts IT Services Manager Reid Library University of Western Australia Telephone: (08) 6488 3492 Fax: (08) 6488 1012 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html