Linux gatewaying for MS PPTP client and server

Linux gatewaying for MS PPTP client and server

Post by dmorgan1REMOVET.. » Tue, 23 Mar 1999 04:00:00



Linux PPTP masquerade question, for Linux masq or MS PPTP/VPN experts.

There's a body of Linux info about how to do this (references below).
I've implemented it. Packets get so far and no further.

I'm trying to get a Linux gateway to pass thru Microsoft PPTP traffic
between a W95 machine on the internet (PPTP client) and an NT machine
in the LAN (PPTP server). It gets from W95 to NT; nothing further
ensues.

THIS WORKS (Scenario A)

My Network
 _
|_| W95 (MS PPTP local LAN client)
    192.168.3.1
 |
 _
|_| NT (MS RAS/PPTP server)
    192.168.3.2

yields a working tunneled connection and reassuring GUI evidence to go
with it.

THIS IS WHAT I WANT TO EXTEND IT TO (Scenario B)

 _
|_| W95 (MS PPTP remote internet client)
    206.170.217.130
 |
 |

My Network
 _  206.170.217.165
|_| Linux gateway    (IP masq   <--W95 machine above,
    192.168.3.1      (ipportfw      rebooted to Linux
 |                          (ipfwd
 |                          (patch to ip masq
 _
|_| NT (MS RAS/PPTP server)
    192.168.3.2

The above 4 adaptations of Linux are to get different kinds of PPTP
traffic in-and-out of the LAN, to-and-from its PPTP server. Normal
PPTP communication begins by W95 sending TCP/port-1723 packets to
the PPTP server/NT machine. THEN A REPLY IS EXPECTED. In Scenario A
there is one, evidenced by the "successful connection" GUI
dialog. Between Scenario A and B the NT machine is UNTOUCHED, but...

Scenario B: the incoming 1723 packets appear within the LAN,
evidenced by the Linux tcpdump utility (tcpdump -i eth0) which
captures:

19:34:32.858294 206.170.217.130.1039 > 192.168.3.2.1723: S
32171336:32171336(0) win 8192 <mss 536,nop,wscale
0,nop,nop,timestamp[|tcp]> (DF) [tos 0x9]

19:34:35.958294 206.170.217.130.1039 > 192.168.3.2.1723: S
32171336:32171336(0) win 8192 <mss 536,nop,wscale
0,nop,nop,timestamp[|tcp]> (DF) [tos 0x9]

That's it. Two incoming packets, no subsequent back-traffic; remote
W95 says "you've been disconnected." The encouraging piece is that
that ipfwd is succeeding to make the Linux server pass
through packets addressed to it, onward to the NT machine instead. But
NT evidences no reply. This seems an NT issue as opposed to a problem
with gateway operation.

*** Why doesn't NT put anything back on the wire after the
1723-packets addressed to it have appeared there??? ***

-------------
Published info on the methodology

vpn-masq kernel patch:
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/VPN-howto/VPN-Masquera...

ipfwd:
http://www.cag.lcs.mit.edu/~cananian/Projects/IPfwd/

ipportfw:
http://www.ox.compsoc.org.uk/~steve/portforwarding.html

-------------

Linux gateway status, per ifconfig, ipfwadm, ipportfw, and ipfwd:

eth0      Link encap:Ethernet  HWaddr 00:80:C8:E2:AF:61
          inet addr:192.168.3.1  Bcast:192.168.3.255
Mask:255.255.255.0
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:206.170.217.165  P-t-P:209.233.193.22
Mask:255.255.255.0
----------
IP firewall forward rules, default policy: accept
type  prot source               destination          ports
acc/m all  192.168.3.0/24       0.0.0.0/0            n/a
----------
Prot Local Addr/Port > Remote Addr/Port                        

TCP 206.170.217.165/1723 > 192.168.3.2/1723                    

----------
  395   1 S    0:00 ipfwd --masq 192.168.3.2 47

 
 
 

1. Linux as PPTP Server for MS PPTP Clients?

We are evaluating Linux to supplement/replace our NT servers. At present
we use Microsoft PPTP to allow remote NT clients to access our office
network via our Internet connection.  My question is: Is there a
combination of NT client software and Linux server software to allow
VPN/PPTP type connections? In my search of Linux HOW-TOs, etc. I have
come across Linux-to-Linux VPN connections and even a Linux client for
MS PPTP ( http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/) but no
Linux PPTP servers for MS clients. Ideally we would like a Linux daemon
that would work with the standard NT client.

Any suggested solutions?

Jim Campbell
Remove NOT from reply e-mail address

2. INN lacks dbz in Slack2.1 ??

3. Getting Linux PPTP-Client working with MS VPN server

4. RAM speed?

5. MS$ NT > Linux Firewall > Internet > MS$ NT PPTP Server

6. Setting up a network printer

7. pptp linux client to pptp nt server

8. setting up sockd

9. why i still can't use pptp client to connect to windows 2000 pptp server

10. slow pptp for linux firewall clients, fast pptp from Linux firewall

11. VPN PPTP PPP Linux box to MS Server HOWTO?

12. Linux client with MS Proxy Server 2.0 on NT Server