Sign in with
Sign up | Sign in
Your question

VPN Masquerading problems

Last response: in Networking
Share
Anonymous
December 29, 2004 11:07:39 AM

Archived from groups: comp.dcom.vpn (More info?)

Here is the setup:

Win2K PPTP Client------RH 8.0--------INTERNET------RH 8.0 PPTP Server

Cuz my RedHat 8.0 uses 2.4 kernel and only one PPTP client in the
network
As stated in
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

I don't need to patch the kernel.
I just need to add the normal masquerading rules.

/sbin/modprobe iptable_nat
/usr/local/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

However, Win2K PPTP Client can't establish VPN connection successfully.
The negotiation stops just after the authentication.
Below is the error message in RH 8.0 PPTP Server:

GRE: read(fd=6,buffer=8055600,len=8260) from network failed: status =
-1 error = Protocol not available
CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed
(gre,pty)=(6,5))
CTRL: Client 219.133.238.250 control connection finished

But if Win2K PPTP Client connects to Internet directly (not thru
firewall),
the VPN connection can be established!! (using the same setting)
Why???
Anonymous
December 29, 2004 9:55:29 PM

Archived from groups: comp.dcom.vpn (More info?)

bolero92@yahoo.com wrote:
> Here is the setup:
>
> Win2K PPTP Client------RH 8.0--------INTERNET------RH 8.0 PPTP Server
>
> Cuz my RedHat 8.0 uses 2.4 kernel and only one PPTP client in the
> network
> As stated in
> http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
>
> I don't need to patch the kernel.
> I just need to add the normal masquerading rules.
>
> /sbin/modprobe iptable_nat
> /usr/local/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> However, Win2K PPTP Client can't establish VPN connection successfully.
> The negotiation stops just after the authentication.
> Below is the error message in RH 8.0 PPTP Server:
>
> GRE: read(fd=6,buffer=8055600,len=8260) from network failed: status =
> -1 error = Protocol not available
> CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed
> (gre,pty)=(6,5))
> CTRL: Client 219.133.238.250 control connection finished
>
> But if Win2K PPTP Client connects to Internet directly (not thru
> firewall),
> the VPN connection can be established!! (using the same setting)
> Why???
>

GRE is a separate protocol from TCP. Your NAT is obviously not
forwarding this protocol to the client inside your network.

Note: GRE does not use "ports" so you cannot forward a port to make this
work. Your NAT device either supports GRE or it doesn't. If it doesn't
then you are screwed. Even cheap $50 routers can usually forward this
protocol.

--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
!