Michael F. Robbins on Sat, 7 Apr 2001 10:20:19 -0400 |
Hi everyone. Just as an opener: I know how bad PPTP is, especially Microsoft PPTP. But this is for a client, and it's his company policy. I've got a P233 running Red Hat 6.2 as a masquerading box on a cable modem. The hosts behind the box can access webpages and everything just fine; I've done that stuff before. Now, I need to access an external PPTP server from a Windows system behind the Linux box, IP 38.x.x.x. The Linux box's external interface is 24.x.x.x, and the internal interface is 10.10.10.5, to match with the client's pre-existing IP numbering. The particular system that needs to dial out PPTP is 10.10.10.4. And the real problem is that when the Windows system was originally plugged into the cable modem directly, it got to the PPTP just fine. Going by the instructions on ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html, I tried to patch and compile the following kernel versions: 2.2.14, 2.2.16, RedHat's 2.2.16-22, 2.2.17, and 2.2.18. I have had no success. With verbose debugging, this is what I get: 08:51:05: ip_masq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:05: ip_masq_pptp_tcp(): 24.x.x.x -> 38.x.x.x LEN=516 TY=1460 MC=1010402 08:51:05: ip_masq_pptp_tcp(): not a control pkt 08:51:05: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:05: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=516 TY=1460 MC=1010402 08:51:05: ip_demasq_pptp_tcp(): not a control pkt 08:51:05: ip_masq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:05: ip_masq_pptp_tcp(): no TCP data in pkt 08:51:05: ip_masq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:05: ip_masq_pptp_tcp(): 24.x.x.x -> 38.x.x.x LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REQUEST 08:51:05: ip_masq_pptp_tcp(): START_SESSION_REQUEST (TY=1) 08:51:05: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:05: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REPLY 08:51:05: ip_demasq_pptp_tcp(): START_SESSION_REPLY (TY=2) 08:51:08: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:08: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REPLY 08:51:08: ip_demasq_pptp_tcp(): START_SESSION_REPLY (TY=2) 08:51:15: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:15: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REPLY 08:51:15: ip_demasq_pptp_tcp(): START_SESSION_REPLY (TY=2) 08:51:28: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:28: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REPLY 08:51:28: ip_demasq_pptp_tcp(): START_SESSION_REPLY (TY=2) 08:51:54: ip_demasq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:54: ip_demasq_pptp_tcp(): 38.x.x.x -> 10.10.10.4 LEN=156 TY=1 MC=1A2B3C4D CTL=START_SESSION_REPLY 08:51:54: ip_demasq_pptp_tcp(): START_SESSION_REPLY (TY=2) 08:51:54: ip_masq_pptp_tcp(): app_data=c23909c0 CID=0 MCID=0 PCID=0 08:51:54: ip_masq_pptp_tcp(): no TCP data in pkt It sure looks like the traffic goes to the PPTP server, and back to the client at least once. It scares me that it says "no TCP data in pkt" and "not a control pkt"...that doesn't sound good. Also, is it a problem that the Magic Cookie value seems to be changing or something? The MC of 1A2B3C4D is built into the linux PPTP module code, IIRC. Also, I don't see any GRE traffic here from functions like ip_masq_pptp_gre() or something like that. My IPCHAINS config is set up to allow GRE traffic, and MASQ any traffic from the internal network. This is somewhat urgent, as this client can not access his work files anymore. Has anyone done this before? Any help is appreciated. SSH access to the masq box may be a possibility, if any of you can help. Please let me know if you have any questions. Mike Robbins mike@gamerack.com ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|