[EUG-LUG:433] Re: PPTP, VPN, routing, firewalls

Thu, 06 Dec 2001 13:17:15 -0800 

Kahli R. Burke wrote:

>      I am new to doing VPN setup, and am trying to get my network set up 
> properly.  Since I'm starting to confuse myself, I though I'd see if 
> anyone out there has done this before.  I've read a bunch of stuff 
> (HOWTOs) on the net on how to get this set up, which haven't helped me 
> figure it out yet.  Let's see if some ascii art helps (hope it doesn't 
> get mangled):
> 
>        192.168.80.0
>      -----------------
>      |               |-------1.2.3.4 ---------> Internet
>     client1       firewall   (eth0)
>    192.168.80.2  192.168.80.1
>                     (eth1)
> 
>      I've had mixed success so far configuring things the way I want. 
> Right now I have a cable modem connected to my NAT/Masquerading box with 
> some firewall rules using iptables.  This is a linux server, and I have 
> a couple more machines sitting behind it on a private network 
> 192.168.80.0.  What I want is to set up the PPTP tunnel on the firewall, 
> and have it route the traffic appropriately so normal internet traffic 
> goes out without going through PPTP and only traffic on the network 
> behind the VPN server gets routed through PPTP.  An alternative would be 
> to run PPTP on a PC on my private network rather than the firewall, but 
> still, I'd like the publically accessible internet stuff to bybass the 
> VPN, since there's no point in sending packets out the cable modem to be 
> routed through the internet to my work's network, just to be sent back 
> out to the internet from my work's gateway; it seems wasteful.  So 
> here's another diagram of what I'd like to have:

PPTP is not a secure protocol.  Here's a good reference.
        http://www.counterpane.com/pptp.html

>      When I use the pptp client in Linux, I don't get the same IP 
> addresses set up, I am trying this with eth0 set to 192.168.80.2, and I 
> get 192.168.80.2 as my IP for ppp0.  So now I have eth0 and ppp0 with 
> the same address, which doesn't seem right.  I don't get any route set 
> up, so nothing goes through PPTP and I don't know how to get to any of 
> the my work's networks.  What am I doing wrong here?  What do I have to 
> do to get the correct IP?

In the Windows example, you got a client IP of 206.163.164.206,
which I think the server allocated for you.  I think that should
be the address you assign to ppp0.

> Is it a different protocol than TCP or UDP?

Ask a packet sniffer (on another box) what it sees.

-- 
Bob Miller                              K<bob>
kbobsoft software consulting
http://kbobsoft.com                     [EMAIL PROTECTED]

Reply via email to