MS Vpn Server pptp in SuSE 8.0
Good night, to all. I am wanting to implement a Vpn server with PPTP in the SuSE 8,0 - Kernel 2.4.18, and am having some difficulties in finding documents that explain as it must be configuration. A connection between a Client external MS(modem or lan calling the server vpn). I do not know which parameters I must use in the configuration of pptpd.conf, I am really necessary that I configure ppp, so that the Vpn server functions. I am ordering in the body of the email the 2 scenes as I would like that I functioned Server VPN 1º ex: computer(modem - call vpnserver using native vpnclient default)---------/ISP/----------\INTERNET\---------------/SuSE 8.0/(SuSEfirewall2 + pptpd) This first example I would like to connect the computer to the server vpn, for a computer that is connected by modem the InterNet for its ISP, of later calling my connection VPN using a customer vpn that I create in proper windows 98/nt/2000 2º ex: computer(lan - call vpnserver using native vpnclient default)-----\router\-------\ISP\-------\INTERNET\------------/SuSE 8.0/(SuSEfirewall2 + pptpd) This 2º example I would like to connect a computer to the server vpn, for a computer that is connected by lan internal the InterNet for the EBT(EMBRATEL), of later calling my connection VPN using a customer vpn that I create in proper windows 98/nt/2000 * I would like to know which parameters set for these two configurations, and if these configurations can coexist in pptpd.conf, so that I have a diversification of as to connect to this server VPN. * I am using the SuSEfirewall2, I am configuring to accept in my external interface, port 1723 and protocol 47, and am using masquerade for lan internal. Config-File Firewall ======================== FW_DEV_EXT="eth0" -> I need to place pptpd0 or ppp0 here? FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" # e.g. "ippp0" or "$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" # "yes" is a good choice FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="22 1723" # Common: smtp domain FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="47 gre" # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_TCP="21 22 53 " # Common: ssh smtp domain FW_SERVICES_INT_UDP="" # Common: domain syslog FW_SERVICES_INT_IP="" # For VPN/Routing which END at the firewall!! FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "DNS" or "domain ntp" Fabio Sena Brasil - PE
I am wanting to implement a Vpn server with PPTP in the SuSE 8,0 - Kernel 2.4.18, and am having some difficulties in finding documents that explain as it must be configuration.
IPTables 1.2.7a does not support protocol 47 which is required for PPTP. In order to make this work you need to run the p-o-m patch for IPTables And apply the pptp_conntrack, and pptp_nat patches. I've been playing with this For a while and I've also been on iptables-list trying to get this to work. Based on the feedback I'm getting it's not 100% guaranteed to work. All the Patches are still in beta stages and have not been implemented in IPTables. Go to the Netfilter.org website then search for pptp. Good luck.
* studio3arc.com Admin wrote on Sun, Nov 11, 2001 at 16:32 -0800:
IPTables 1.2.7a does not support protocol 47 which is required for PPTP.
What does that mean? I thing, it should be no problem to open protocol 47 with iptables.
In order to make this work you need to run the p-o-m patch for IPTables And apply the pptp_conntrack, and pptp_nat patches.
Well, but this is only needed to extend the packet filter to stateful inspection I guess? Is this correct? BTW, IPSec should be preferred over PPTP I think. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
* studio3arc.com Admin wrote on Sun, Nov 11, 2001 at 16:32 -0800:
IPTables 1.2.7a does not support protocol 47 which is required for PPTP.
What does that mean? I thing, it should be no problem to open protocol 47 with iptables.
Read the netfilter docs.
In order to make this work you need to run the p-o-m patch for IPTables And apply the pptp_conntrack, and pptp_nat patches.
Well, but this is only needed to extend the packet filter to stateful inspection I guess? Is this correct?
No, If you wish to allow pptp to a natted pptp server you need these modules.
BTW, IPSec should be preferred over PPTP I think.
Without a doubt. But if you live in a NT domain ...
participants (3)
-
Fabio Sena
-
Steffen Dettmer
-
studio3arc.com Admin