Alright, I am new to doing VPN setup, and am trying to get my network set up properly. Since I'm starting to confuse myself, I though I'd see if anyone out there has done this before. I've read a bunch of stuff (HOWTOs) on the net on how to get this set up, which haven't helped me figure it out yet. Let's see if some ascii art helps (hope it doesn't get mangled):
192.168.80.0 ----------------- | |-------1.2.3.4 ---------> Internet client1 firewall (eth0) 192.168.80.2 192.168.80.1 (eth1) I've had mixed success so far configuring things the way I want. Right now I have a cable modem connected to my NAT/Masquerading box with some firewall rules using iptables. This is a linux server, and I have a couple more machines sitting behind it on a private network 192.168.80.0. What I want is to set up the PPTP tunnel on the firewall, and have it route the traffic appropriately so normal internet traffic goes out without going through PPTP and only traffic on the network behind the VPN server gets routed through PPTP. An alternative would be to run PPTP on a PC on my private network rather than the firewall, but still, I'd like the publically accessible internet stuff to bybass the VPN, since there's no point in sending packets out the cable modem to be routed through the internet to my work's network, just to be sent back out to the internet from my work's gateway; it seems wasteful. So here's another diagram of what I'd like to have: PPTP tunnel 192.168.80.0 |-ppp0 ---------------------> Work networks ---------------------- | ------------- | | |----1.2.3.4 ----> Internet | | | client1 firewall (eth0) A B C 192.168.80.2 192.168.80.1 (eth1) My most successful attempt is under Windows on a box my private net, (I'm writing this message through PPTP in Windows), it was a snap to set up. I entered the pptp server address and my username/passwd and it came up fine. I got: Server IP address: 206.162.164.201 Client IP address: 206.163.164.206 I get a default route: 206.163.164.206 Everything works fine except I know all my internet traffic is going through PPTP. When I use the pptp client in Linux, I don't get the same IP addresses set up, I am trying this with eth0 set to 192.168.80.2, and I get 192.168.80.2 as my IP for ppp0. So now I have eth0 and ppp0 with the same address, which doesn't seem right. I don't get any route set up, so nothing goes through PPTP and I don't know how to get to any of the my work's networks. What am I doing wrong here? What do I have to do to get the correct IP? I've also tried to run the linux pptp client on my firewall/nat box, which is really what I want to do. Here, my firewall isn't allowing the pptp connection to be set up. I've allowed TCP, UDP, ICMP traffic in and out from the firewall box to the IP address of the VPN server, which doesn't seem to do the trick What do I have to add here to get the traffic out? Is it a different protocol than TCP or UDP? I know its the firewall because if I flush all the rules and set the policy to accept, it will set up the connection. Same IP address problem as my other linux box. Here, the IP of the firewall's second ethernet (hooked up my private network) is 192.168.80.1. When I set up the tunnel, I get ppp0 set to 192.168.80.1 as well. So there are two main questions: How do I get the right IP address and routing set up in Linux? and How do I allow the PPTP connection to get through the firewall? Sorry to be so long-winded...does anyone have ideas? Thanks, Kahli Burke