VPN Masquerading problems

Archived from groups: comp.dcom.vpn (More info?)

bolero92@yahoo.com wrote:
> Here is the setup:
>
> Win2K PPTP Client------RH 8.0--------INTERNET------RH 8.0 PPTP Server
>
> Cuz my RedHat 8.0 uses 2.4 kernel and only one PPTP client in the
> network
> As stated in
> http://www.impsec.org/linux/masque [...] q_vpn.html
>
> I don't need to patch the kernel.
> I just need to add the normal masquerading rules.
>
> /sbin/modprobe iptable_nat
> /usr/local/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> However, Win2K PPTP Client can't establish VPN connection successfully.
> The negotiation stops just after the authentication.
> Below is the error message in RH 8.0 PPTP Server:
>
> GRE: read(fd=6,buffer=8055600,len=8260) from network failed: status =
> -1 error = Protocol not available
> CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed
> (gre,pty)=(6,5))
> CTRL: Client 219.133.238.250 control connection finished
>
> But if Win2K PPTP Client connects to Internet directly (not thru
> firewall),
> the VPN connection can be established!! (using the same setting)
> Why???
>

GRE is a separate protocol from TCP. Your NAT is obviously not
forwarding this protocol to the client inside your network.

Note: GRE does not use "ports" so you cannot forward a port to make this
work. Your NAT device either supports GRE or it doesn't. If it doesn't
then you are screwed. Even cheap $50 routers can usually forward this
protocol.

--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)