pptp uses a modified GRE (over IP) to transmit the actual data. Linux
(out of the box) doesn't deal with masqueraded GREs. Go to freshmeat.net
and search for pptp. On the homepage for the PoPToP package, there is a
patch for the kernel to enable this. While you are there, grab PoPToP and
use it instead of your NT machine :-)
-kf
On Thu, 28 Oct 1999, Tim wrote:
> Hello All,
>
> I've been working on setting up a VPN off and on for the last 2 days w/out
> much success.
>
> scenario:
>
> Win9x client ==================================================
> (dialup to Internet) INTERNET |
> |
> |
> |(ppp0)207.200.220.110
> ---
> | |
> | |Linux Firewall
> | |
> ---
> |
> |(eth0) 198.246.197.10
> |
> |
> ----------------------------------------------------------------
> (private IP network) | 198.246.197.0
> |
> |(eth) 198.246.197.12
> ---
> | |
> | |WinNT VPN/PPTP Server
> | |
> ---
>
> (Sorry for the ascii art)
>
> Here is what I have in regards to the Networking in the kernel:
> (p.s. all the modules listed here are loaded)
> <*> Packet socket
> [*] Kernel/User netlink socket
> [*] Routing messages
> <*> Netlink device emulation
> [*] Network firewalls
> [*] Socket Filtering
> <*> Unix domain sockets
> [*] TCP/IP networking
> [*] IP: multicasting
> [*] IP: firewalling
> [*] IP: firewall packet netlink device
> [*] IP: always defragment (required for masquerading)
> [*] IP: transparent proxy support
> [*] IP: masquerading
> [*] IP: ICMP masquerading
> [*] IP: masquerading special modules support
> <M> IP: ipautofw masq support (EXPERIMENTAL)
> <M> IP: ipportfw masq support (EXPERIMENTAL)
> <M> IP: ip fwmark masq-forwarding support (EXPERIMENTAL)
> <M> IP: tunneling
> <M> IP: GRE tunnels over IP
> [*] IP: broadcast GRE over IP
> [*] IP: aliasing support
> [*] IP: TCP syncookie support (not enabled per default)
> <M> IP: Reverse ARP
> [*] IP: Allow large windows (not recommended if <16Mb of memory)
>
>
> I guess I'm just missing something in some of the docs that I've read. I
> can't seem to find an example of setting up VPN with the newer kernels.
> I'm using kernel 2.2.9. Ipchains, ipfwadm, ipportfw, ipfwd, ipmasqadm and
> all the docs are just confusing me and I know it's not the fault of the
> list subscribers. :)
>
> Can anyone offer me any suggestions on what to do, what to read, where to
> turn.
>
> I'd like to dial up and get connected to the internet (no ISP in
> particular) and once connected start up VPN on the Win9x client machine,
> point it to the Linux Firewall and have it pass (<-->) the necessary
> information to the WinNT machine and back to the Win9x client.
>
> I feel like I'm really close, but then it just falls apart on me. I
> thought I was there and all I had to do was issue one (1) ipportfw for
> port 1723, but it complains about no ipfwadm. I honestly don't know how
> close I was before this, but tcpdump was beginning to look kind of
> promising. :)
>
> I'm assuming that the information coming back from the WinNT server to the
> Win9x client outside the private network is just not making it.
> Everything coming in hits ppp0 then the eth0 network (198.246.197.0) and
> this threw me in the beginning. I'm stumped. :(
>
> Has anyone done this? I'm sure there are plenty out there I just don't
> know where you are. Can anyone offer me command-line examples to get
> this thing up and running. When I finally do get things running I'm
> definately going to write it up and post it for all to see and possibly
> submit something to the LDP if it fills a void.
>
> I'd really appreciate ANY and ALL help...
>
> Best Regards,
> Tim
>
> --
> [EMAIL PROTECTED]
> [EMAIL PROTECTED] (Home)
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
