mg on Fri, 3 Nov 2000 23:15:12 -0500 (EST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] vpn difficulties (PPTP)


Hi all, 

Any of you ever done VPN masquerading? I'm having a heck of a time getting
it to work. Here's the network setup.


PPTP server    		   RH7 linux box      internet
10.1.1.59 <-------------->  doing masq <---------------------> clients
NT4S 			     63.x.x.x	
			    kernel 2.2.16-22

Now, I've followed the VPN-Masquerade howto to the letter as far as I can
tell. I've patched the kernel according to
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html.
I have configured every kernel option according to section 3.4 of the
VPN-Masquerade Howto with only one exception. The howto said to say
"yes" to CONFIG_IP_ALWAYS_DEFRAG. However, none of the redhat kernel
sources nor any of the stock 2.2 kernels i checked out have that
option. IIRC, CONFIG_IP_ALWAYS_DEFRAG is an option from the 2.0.x series
kernels. If I'm wrong about that, please for the love of god tell me. :) 

Moving on I compiled and rebooted with the new kernel. Next, the howto
states at the end of section 3.4 to check /proc/ksyms for
"ip_fw_masq_gre" and "ip_fw_demasq_gre". No dice. They aint there. So I
'cd' on over to /usr/src/linux and do a 'grep -r ip_fw_masq_gre *'. Not a
single hit. I dont understand it. I did exactly what the howto and the
page at the above ftp url stated to do as far as kernel patching goes. 

For the heck of it, I decide to move forward as I really had found those
entries in /proc/ksyms. So i go about forwarding the PPTP traffic with:

ipmasqadm portfw -a -P tcp -L 63.x.x.x 1723 -R 10.1.1.59 1723
ipfwd --syslog --masq 10.1.1.59 47 

Then I proceed to try to get a client on the outside to connect. No
good. Says the server wasnt responding. Doh. So i head back to the linux
box to see what I can see. According to the syslog output from ipfwd, GRE
traffic was forwarded back and forth from the outside client and my
internal PPTP server. I also confirmed that 1723/tcp was flowing freely
between outside client and internal PPTP server. I had already confirmed
that the PPTP server and client configurations were sound so the problem
is the linux box. 

I'm pretty damn sure something's not right with my kernel because I never
saw those /proc/ksyms entries the howto said I should have. I just dont
know what I could have done wrong. This is getting extremely long so
I'll wrap it up. Any insight would be HIGHLY appreciated. Thanks. 


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug