On 1/31/2015 3:36 PM, Andrew DeMaria wrote: > Shorewall group, > > I am having a hard time connecting to a remote PPTP from a LAN computer > and was hoping I could get some hints on what could be going wrong. > > Here is what I know: > > The remote VPN server is an Asus router. At time of writing it was > 71.208.224.179. It is setup for PPTP with 128 bit MPPE encryption. > > I can connect on my android phone if I am on verizon's network, but I > cannot connect if I am on the LAN network. Likewise I cannot connect on > my laptop on the LAN network. > > I have run a tcpdump on the router while trying to connect to the VPN > from the LAN. At a high level it seems that traffic is making it > through for the initial connection setup and there are also some further > PPP packets but it seems that the conversation just goes silent. > > I have tried setting up shorewall in two different manners with the same > results: > - Using AUTOHELPERS=Yes > - Specifying HELPERS=amanda,ftp,irc,netbios-ns,pptp,sane,sip,snmp,tftp > and using the following rule in conntrack: > > ?if __PPTP_HELPER > CT:helper:pptp:PO - - tcp 1723 > ?endif > > Any ideas? >
Not really. The dump shows that the required modules are loaded: nf_conntrack_pptp 16715 3 nf_nat_pptp nf_conntrack_proto_gre 13024 1 nf_conntrack_pptp nf_nat 22338 10 nf_nat_ftp,nf_nat_irc,nf_nat_sip,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat nf_nat_pptp 12562 0 nf_nat_proto_gre 12517 1 nf_nat_pptp PPTP Helper: Available and that the helper is being applied to TCP port 1723 in the raw PREROUTING chain: 11 920 CT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 CT helper pptp But: a) LOGFILE is not properly configured in shorewall.conf, since there are packets being logged but they are not displayed in the dump. Remember that LOGFILE doesn't determine where messages are logged, but rather tells Shorewall where to look for them. b) There are no active PPTP connections at the time the dump was taken. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
