VPN Masquerading problems

Archived from groups: comp.dcom.vpn (More info?)

Here is the setup:

Win2K PPTP Client------RH 8.0--------INTERNET------RH 8.0 PPTP Server

Cuz my RedHat 8.0 uses 2.4 kernel and only one PPTP client in the
network
As stated in
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html

I don't need to patch the kernel.
I just need to add the normal masquerading rules.

/sbin/modprobe iptable_nat
/usr/local/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

However, Win2K PPTP Client can't establish VPN connection successfully.
The negotiation stops just after the authentication.
Below is the error message in RH 8.0 PPTP Server:

GRE: read(fd=6,buffer=8055600,len=8260) from network failed: status =
-1 error = Protocol not available
CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed
(gre,pty)=(6,5))
CTRL: Client 219.133.238.250 control connection finished

But if Win2K PPTP Client connects to Internet directly (not thru
firewall),
the VPN connection can be established!! (using the same setting)
Why???
1 answer Last reply
More about masquerading problems
  1. Archived from groups: comp.dcom.vpn (More info?)

    bolero92@yahoo.com wrote:
    > Here is the setup:
    >
    > Win2K PPTP Client------RH 8.0--------INTERNET------RH 8.0 PPTP Server
    >
    > Cuz my RedHat 8.0 uses 2.4 kernel and only one PPTP client in the
    > network
    > As stated in
    > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
    >
    > I don't need to patch the kernel.
    > I just need to add the normal masquerading rules.
    >
    > /sbin/modprobe iptable_nat
    > /usr/local/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    > echo 1 > /proc/sys/net/ipv4/ip_forward
    >
    > However, Win2K PPTP Client can't establish VPN connection successfully.
    > The negotiation stops just after the authentication.
    > Below is the error message in RH 8.0 PPTP Server:
    >
    > GRE: read(fd=6,buffer=8055600,len=8260) from network failed: status =
    > -1 error = Protocol not available
    > CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed
    > (gre,pty)=(6,5))
    > CTRL: Client 219.133.238.250 control connection finished
    >
    > But if Win2K PPTP Client connects to Internet directly (not thru
    > firewall),
    > the VPN connection can be established!! (using the same setting)
    > Why???
    >

    GRE is a separate protocol from TCP. Your NAT is obviously not
    forwarding this protocol to the client inside your network.

    Note: GRE does not use "ports" so you cannot forward a port to make this
    work. Your NAT device either supports GRE or it doesn't. If it doesn't
    then you are screwed. Even cheap $50 routers can usually forward this
    protocol.

    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Ask a new question

Read More

vpn PPTP Connection Networking