Firewall Wizards mailing list archives

Re: PPTP Question

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 16 Apr 1998 12:46:47 -0400 (EDT)


My reasonably educated guess is that PPTP can be sent through a NAT router
successfully. The control packets don't seem to contain any IP addresses,
so I don't expect any problems there. As long as the NAT router can figure
out to which machine the GRE packets should be sent things will work.

The payloads of the GRE packets are PPP frames, and PPP (IPCP) can
negotiate any IP address for use inside the tunnel, the NAT does not need
any cleverness to handle this.

An MIT student project actually succeeded in proxying PPTP through a
Linux-based firewall, see:

http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/

Hope this helps,

Ge'


On Tue, 14 Apr 1998, Joseph S. D. Yao wrote:

According to the VPN book, the PPTP packet consists of the delivery
header, the IP header, a GREv2 header and the payload.  The IP
header of course contains the source and destination IP addresses.
But if I'm using redirection at the firewall or other NAT device (so
the connection is ostensibly made between the PC's address and a
particular port or virtual IP address on the external side of the
firewall), where is the >internal< IP address being broadcast?


More to the point, is there any way to make the IP addresses in the
delivery header and the internal IP header [presumably not the external
IP header, since you said this is the PPTP packet, which is
encapsulated in the IP packet] different?  If not, you can't have NAT.

--
Joe Yao                               jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                                EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.


Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400
Columbus, OH 43220           http://www.Progressive-Systems.com

Current thread:

PPTP Question Tina Bird (Apr 14)
- Re: PPTP Question Joseph S. D. Yao (Apr 14)
  - Re: PPTP Question Tina Bird (Apr 14)
    - Re: PPTP Question Joseph S. D. Yao (Apr 14)
    - Re: PPTP Question Ge' Weijers (Apr 17)
- <Possible follow-ups>
- RE: PPTP Question Russ (Apr 17)
- RE: PPTP Question Webb, Andy (Apr 21)