Re: Rules for PPTP server.

Thu, 10 Feb 2005 07:08:41 -0800 

Darren Reed wrote:

ok, I think I found the "next" problem.
matching on GRE header bits.

backout the patch you've got and download:

http://coombs.anu.edu.au/~avalon/pptp.dif

and try that out for size. 

The output of 'ipmon -a' for that one is rather short:

10/02/2005 16:43:42.191102 @0 NAT:RDR 127.0.0.1,0 <- -> 194.126.106.106,0 
[194.126.106.110,0]
10/02/2005 16:43:42.191191 @12 NAT:RDR 127.0.0.1,1723 <- -> 
194.126.106.106,1723 [194.126.106.110,2880]
10/02/2005 16:43:42.191167 STATE:NEW 194.126.106.110 -> 127.0.0.1 PR gre
10/02/2005 16:43:42.191336 STATE:NEW 194.126.106.110,2880 -> 127.0.0.1,1723 PR 
tcp
10/02/2005 16:43:58.234970 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 
20 (52) IN NAT

However, establishing PPTP connection still fails. The following is from
my standard ipfilter log:

16:43:42.191355 dc0 @0:11 p 194.126.106.110,2880 -> 127.0.0.1,1723 PR tcp len 
20 48 -S K-S IN NAT
16:43:42.244567 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (57) IN 
NAT
16:43:44.228128 2x dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (59) 
IN NAT
16:43:46.237617 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (59) IN 
NAT
16:43:47.236782 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (57) IN 
NAT
16:43:48.247605 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (59) IN 
NAT
16:43:50.257450 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (59) IN 
NAT
16:43:51.238676 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (57) IN 
NAT
16:43:52.267766 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (59) IN 
NAT
16:43:54.278017 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (56) IN 
NAT
16:43:56.391570 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (32) IN 
NAT
16:43:58.406676 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (32) IN 
NAT
16:44:00.406683 dc0 @0:19 b 194.126.106.110 -> 127.0.0.1 PR gre len 20 (32) IN 
NAT

I wonder why a lot of those @0:19 packets are missing from the output of
ipmon -a. Some kind of buffering?

The error message from PPTP client is more promising than before. It used to be 
just
something to the effect of "The remote computer is not available", but now it 
says
"Your computer and remote computer could not agree on PPP control protocols".

--
Toomas Aas --------------------------------------------------------
|arvutiv�rgu peaspetsialist | head specialist on computer networks|
|Tartu Linnakantselei       | Tartu City Office                   |
----------------------------------------------------- +372 736 1274

Reply via email to