subject:"Re\: GRE, VPN and suchlike"

Re: GRE, VPN and suchlike

2002-04-08 Thread Gregoire Hostettler


What do you want to do ?

Simply use your Debian box as a firewall or use it as a VPN-accessible host
?

In the first case, just follow the directions given by Brendan. It means
opening the correct ports in ipchains and forward to your VPN server.
In the second case, I have no experience of making a Debian box a VPN-aware
server. Just ask Brendan (Sorry for the burden, Brendan ;-). Here is a copy
of what he wrote:

> Win2k clients come with Microsoft's PPTP VPN client. To set up a PPTP
> server on debian you must install Poptop - http://www.poptop.org/
>
> Then read up on how to patch pppd and the 2.2 kernel for it:
>
> http://www.vibrationresearch.com/pptpd/
>
> Or the Howto under 2.4 (including iptables rules):
>
> http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt
>
> Hope this helps.
>
> Brendan
>

Good luck !

Gregoire

- Original Message -
From: "Mezei Áron" <[EMAIL PROTECTED]>
To: "'Gregory Hostettler'" <[EMAIL PROTECTED]>
Sent: Sunday, April 07, 2002 3:58 AM
Subject: RE: GRE, VPN and suchlike


Hi!

Can you help me a bit? I've read I think all available HOWTOs and
document about masq-ing a PPTP based VPN, but I couldn't get it work.
Maybe my PPTP server's config is not ok, but the following is the setup
and this happens:


WindowsXP
|
|
debian masq'ing between an office network and the internet
|
|
debian with pptpd installed


I've created a pptp connection in the XP to the serverver with pptpd.

in the server's ppp.log the following appears:

Apr  7 03:52:14 algernon pptpd[6254]: CTRL: Client  control
connection started
Apr  7 03:52:14 algernon pptpd[6254]: CTRL: Starting call (launching
pppd, opening GRE)
Apr  7 03:52:14 algernon pppd[6255]: pppd 2.4.1 started by root, uid 0
Apr  7 03:52:14 algernon pppd[6255]: using channel 25
Apr  7 03:52:14 algernon pppd[6255]: Using interface ppp0
Apr  7 03:52:14 algernon pppd[6255]: Connect: ppp0 <--> /dev/pts/2
Apr  7 03:52:14 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:17 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:20 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:23 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:26 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:29 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:32 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:35 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:38 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:41 algernon pppd[6255]: sent [LCP ConfReq id=0x1 ]
Apr  7 03:52:44 algernon pppd[6255]: LCP: timeout sending
Config-Requests
Apr  7 03:52:44 algernon pppd[6255]: Connection terminated.
Apr  7 03:52:44 algernon pppd[6255]: Exit.
Apr  7 03:52:44 algernon pptpd[6254]: Error reading from pppd:
Input/output error
Apr  7 03:52:44 algernon pptpd[6254]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Apr  7 03:52:44 algernon pptpd[6254]: CTRL: Client  control
connection finished


So I don't know what could be the problem.
If you can help me and if you have some time for my problem please
answer me.

Thanks a lot!

Aron Mezei

-Eredeti üzenet-
Feladó: Gregory Hostettler [mailto:[EMAIL PROTECTED]]
Küldve: 2002. április 5. 15:58
Címzett: Brendan Lewis
Másolatot kap: [EMAIL PROTECTED]
Tárgy: Re: GRE, VPN and suchlike


It was so simple !
Just use [iptables] ipchains to setup the rules and we have a nice
passthrough !

THANKS a lot, everything works perfectly now !

Greg

> Hi Gregiore,
>
> Gregoire Hostettler wrote:
> > Thank you, Brendan,
> >
> > This is a good starting point.
> >
> > But will this package implement GRE (port 47) ? Just because I need
> > to install the Linmux box as a firewall. In fact it is already a fw.

> > What I need is just to make VPN encapsulated packets to go through
> > the firewall to the VPN server which is located in the inside LAN.
>
> If all you want to do is forward PPTP packets to an internal (public
> IP) PPTP VPN server that's easy. Under kernel 2.4:
>
> # For the initial PPTP authentication
> iptables -A INPUT -p TCP -s  --dport 1723 -j ACCEPT
> iptables -A INPUT -p TCP -d  --sport 1723 -j ACCEPT
>
> # Then for forwarding GRE
> iptables -A INPUT -p 47 -s  -j ACCEPT iptables -A
> INPUT -p 47 -d  -j ACCEPT
>
> If you want to masquerade PPTP packets to an internal (private IP)
> PPTP server then read this howto:
>
> http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html
>
> However, this only covers kernels 2.0 and 2.2. I haven't tried doing
> this under 2.4 yet.
>
> >
> > And do I need samba ? I want to keep my Debian fw with as few
> > daemons as possible, as you can guess ;-)
> >
>

Re: GRE, VPN and suchlike

2002-04-05 Thread Gregory Hostettler


It was so simple !
Just use [iptables] ipchains to setup the rules and we have a nice
passthrough !

THANKS a lot, everything works perfectly now !

Greg

> Hi Gregiore,
>
> Gregoire Hostettler wrote:
> > Thank you, Brendan,
> >
> > This is a good starting point.
> >
> > But will this package implement GRE (port 47) ? Just because I need to
> > install the Linmux box as a firewall.
> > In fact it is already a fw. What I need is just to make VPN encapsulated
> > packets to go through the firewall to the VPN server which is located
> > in the inside LAN.
>
> If all you want to do is forward PPTP packets to an internal (public IP)
> PPTP VPN server that's easy. Under kernel 2.4:
>
> # For the initial PPTP authentication
> iptables -A INPUT -p TCP -s  --dport 1723 -j ACCEPT
> iptables -A INPUT -p TCP -d  --sport 1723 -j ACCEPT
>
> # Then for forwarding GRE
> iptables -A INPUT -p 47 -s  -j ACCEPT
> iptables -A INPUT -p 47 -d  -j ACCEPT
>
> If you want to masquerade PPTP packets to an internal (private IP) PPTP
> server then read this howto:
>
> http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html
>
> However, this only covers kernels 2.0 and 2.2. I haven't tried doing
> this under 2.4 yet.
>
> >
> > And do I need samba ? I want to keep my Debian fw with as few daemons as
> > possible, as you can guess ;-)
> >
>
> You only need Samba if you want to provide Windows file and printer
> sharing on the firewall itself. PPTP does not require Samba.
>
> > Anyway THANK YOU for your help !
>
> No problems. Hope this helps!
>
> Brendan
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: GRE, VPN and suchlike

2002-04-05 Thread Brendan Lewis

Hi Gregiore,

Gregoire Hostettler wrote:
> Thank you, Brendan,
> 
> This is a good starting point.
> 
> But will this package implement GRE (port 47) ? Just because I need to
> install the Linmux box as a firewall.
> In fact it is already a fw. What I need is just to make VPN encapsulated
> packets to go through the firewall to the VPN server which is located
> in the inside LAN.

If all you want to do is forward PPTP packets to an internal (public IP) 
PPTP VPN server that's easy. Under kernel 2.4:

# For the initial PPTP authentication
iptables -A INPUT -p TCP -s  --dport 1723 -j ACCEPT
iptables -A INPUT -p TCP -d  --sport 1723 -j ACCEPT

# Then for forwarding GRE
iptables -A INPUT -p 47 -s  -j ACCEPT
iptables -A INPUT -p 47 -d  -j ACCEPT

If you want to masquerade PPTP packets to an internal (private IP) PPTP 
server then read this howto:

http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html

However, this only covers kernels 2.0 and 2.2. I haven't tried doing 
this under 2.4 yet.

> 
> And do I need samba ? I want to keep my Debian fw with as few daemons as
> possible, as you can guess ;-)
>

You only need Samba if you want to provide Windows file and printer 
sharing on the firewall itself. PPTP does not require Samba.

> Anyway THANK YOU for your help !

No problems. Hope this helps!

Brendan

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: GRE, VPN and suchlike

2002-04-04 Thread Brendan Lewis


Gregoire Hostettler wrote:
 > Dear all,
 >
 >
 >
 > I hope I am posting to the right list, if not, I apologize...
 >
 >
 >
 > My problem is to setup a VPN between 4 W2K sites.
 >
 > I am using on regular basis Debian ipchains for firewalling, and so far
 > it works great.
 >
 >
 >
 > But now it is time to setup GRE, tunneling, L2TP etc... And I cannot
 > find a reference to this GRE-port-47 thing in the Debian doc.
 >
 >
 >
 > Has anybody any idea ?

Win2k clients come with Microsoft's PPTP VPN client. To set up a PPTP
server on debian you must install Poptop - http://www.poptop.org/

Then read up on how to patch pppd and the 2.2 kernel for it:

http://www.vibrationresearch.com/pptpd/

Or the Howto under 2.4 (including iptables rules):

http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt

Hope this helps.

Brendan



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: GRE, VPN and suchlike

Re: GRE, VPN and suchlike

Re: GRE, VPN and suchlike

Re: GRE, VPN and suchlike

4 matches

Site Navigation

Mail list logo

Footer information