Alright,
I am new to doing VPN setup, and am trying to get my network set up
properly. Since I'm starting to confuse myself, I though I'd see if
anyone out there has done this before. I've read a bunch of stuff
(HOWTOs) on the net on how to get this set up, which haven't helped me
figure it out yet. Let's see if some ascii art helps (hope it doesn't
get mangled):
192.168.80.0
-----------------
| |-------1.2.3.4 ---------> Internet
client1 firewall (eth0)
192.168.80.2 192.168.80.1
(eth1)
I've had mixed success so far configuring things the way I want.
Right now I have a cable modem connected to my NAT/Masquerading box with
some firewall rules using iptables. This is a linux server, and I have
a couple more machines sitting behind it on a private network
192.168.80.0. What I want is to set up the PPTP tunnel on the firewall,
and have it route the traffic appropriately so normal internet traffic
goes out without going through PPTP and only traffic on the network
behind the VPN server gets routed through PPTP. An alternative would be
to run PPTP on a PC on my private network rather than the firewall, but
still, I'd like the publically accessible internet stuff to bybass the
VPN, since there's no point in sending packets out the cable modem to be
routed through the internet to my work's network, just to be sent back
out to the internet from my work's gateway; it seems wasteful. So
here's another diagram of what I'd like to have:
PPTP tunnel
192.168.80.0 |-ppp0 ---------------------> Work networks
---------------------- |
-------------
| | |----1.2.3.4 ----> Internet | | |
client1 firewall (eth0) A B C
192.168.80.2 192.168.80.1
(eth1)
My most successful attempt is under Windows on a box my private
net, (I'm writing this message through PPTP in Windows), it was a snap
to set up. I entered the pptp server address and my username/passwd and
it came up fine. I got:
Server IP address: 206.162.164.201
Client IP address: 206.163.164.206
I get a default route: 206.163.164.206
Everything works fine except I know all my internet traffic is
going through PPTP.
When I use the pptp client in Linux, I don't get the same IP
addresses set up, I am trying this with eth0 set to 192.168.80.2, and I
get 192.168.80.2 as my IP for ppp0. So now I have eth0 and ppp0 with
the same address, which doesn't seem right. I don't get any route set
up, so nothing goes through PPTP and I don't know how to get to any of
the my work's networks. What am I doing wrong here? What do I have to
do to get the correct IP?
I've also tried to run the linux pptp client on my firewall/nat
box, which is really what I want to do. Here, my firewall isn't
allowing the pptp connection to be set up. I've allowed TCP, UDP, ICMP
traffic in and out from the firewall box to the IP address of the VPN
server, which doesn't seem to do the trick What do I have to add here
to get the traffic out? Is it a different protocol than TCP or UDP? I
know its the firewall because if I flush all the rules and set the
policy to accept, it will set up the connection. Same IP address
problem as my other linux box. Here, the IP of the firewall's second
ethernet (hooked up my private network) is 192.168.80.1. When I set up
the tunnel, I get ppp0 set to 192.168.80.1 as well.
So there are two main questions:
How do I get the right IP address and routing set up in Linux?
and
How do I allow the PPTP connection to get through the firewall?
Sorry to be so long-winded...does anyone have ideas?
Thanks,
Kahli Burke
