Thanks for your reply. If it was up to me, they would not be running NT at all :)
The decision to use NT as the VPN server is not mine, - I'm just asked to find a technical solution. If GRE tunneling is possible, that seems like a easy and "safe" way to do it. The other way around is to add another NIC to the NT server and connect it to a "dmz" zone on the firewall, where all traffic except GRE is rejected by the firewall. Jarle > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Rene Mayrhofer > Sent: Thursday, November 25, 1999 4:17 PM > To: Jarle Aase > Cc: [email protected] > Subject: Re: VPN to a host behind the firewall > > > Jarle Aase wrote: > > > > I have a firewall running Linux 2.12 kernel with patch from > kerneli.org, Debian Slink (latest stable) and ipchains 1.3.9 > (compiled from the original source). > > > > The setup is like this: > > > > Internal net, non-legal IP series, masqueraded > > | > > | > > Firewall > > | > > | > > Internet router > > > > A NT server on the internal net should now be used as a VPN > server for Win98 clients > > connecting from Internet. NT use IP protocol 47 (gre) for VPN. > The firewall is not > > responsible for any security issues on this protocol. > Why not use the firewall as a pptp server ? That would be the best way > since VPNs are designed to give access to an internal LAN (possibly with > private IP addresses) from outside the network. > > You can download my pptpd (a PPTP server implementation for Linux) > package for slink from > ftp://ftp.vianova.at/pub/debian-packages/slink-updates/pptpd_0.9.1 3-1_i386.deb You need a patched kernel for this which can be found under ftp://ftp.vianova.at:/pub/debian-packages/potato-packages/kernel-image-2.2.13_2.2.13.mppe_i386.deb and a patched pppd from ftp://ftp.vianova.at:/pub/debian-packages/slink-updates/ppp_2.3.8.mscrypt-1_i386.deb if you want data encryption using mppe. greets, Rene
