Security Basics mailing list archives
RE: PPTP Connection sharing behind NAT
From: "MARTIN Benoni" <benoni.martin () arcelor com>
Date: Mon, 8 Jan 2007 17:09:10 +0100
Hi ! Great to see there is always PPTP tunnels on the Internet ! :). Hope confidentiality is not your priority (http://www.schneier.com/pptp.html). Fot more infos on PPTP, I used to read a book called "Building Linux Virtual Networks ( VPNs)" from O. KOLESNIKOV & B. HATCH, their chapter about building VPNs with PPTP was quite clear. BTW, any reason for discarding IPSec ? -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de J. Theriault Envoyé : dimanche 7 janvier 2007 15:00 À : security-basics () securityfocus com Objet : PPTP Connection sharing behind NAT Hello, I would like to set up a Linux machine to route connections over a PPTP connection to a secondary ISP inside a pre-existing network, so that internal machines generally use the "standard" ISP connection, and others can be configured to use the Linux machine's PPTP connection as a gateway/tunnel for their internet access. I have no previous practical experience with PPTP and most of the Linux PPTP documentation seems quite daunting, so if anyone knows a simple way to do this, I'd appreciate any help or advice before I get started. ----- So far, I'm visualizing it like so: U = Standard Unencrypted connection E = PPTP Encryption connection ------------ ------- ---------- ----------- | Internet |--U--| ISP |--U--| Router |-----U-----| Clients | | | | | | | | | | | | | | | | | | | | | | | | | | E--|--E--|--E--|--E--|----E | | | ------------ ------- ---------- ----------- | | WAN DHCP/LAN 10.0.0.1 (10.0.0.0/8) U E | | | E --------- | | ISP-2 | E ---------- ----------- --------- |-E-| Linux* |-E-| Clients | ---------- ----------- (192.168.0.0/24) * Linux (Ubuntu 6.10): WAN: 10.0.1.0/8 (For PPTP connection both DNS/routing are required) LAN: 192.168.0.0/24 (For the few clients who are to use ISP-2) PPP: PPTP connection to ISP-2 IPTables: - Incoming from WAN/PPP blocked - Outgoing LAN to WAN blocked - Outgoing LAN to PPP passed Routing/DNS forwarding: Set to use ISP-2's gateway and DNS for all ----- So, does anyone know a simple way to do this, such as if m0n0wall (which has support for a PPTP WAN but does not seem to allow me to set DNS or gateway options to be able to resolve and contact the PPTP server in the first place to establish the connection) can be configured to do this, or is there going to be a lot of trial and error? ;) Thank you, Joseph Theriault administrator () maginetworks com --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- PPTP Connection sharing behind NAT J. Theriault (Jan 08)
- RE: PPTP Connection sharing behind NAT MARTIN Benoni (Jan 08)