Firewall Wizards mailing list archives
Re: IPChains and VPN
From: Simeon Johnston <simeonuj () eetc com>
Date: Mon, 11 Sep 2000 16:06:35 -0500
We decided to use IPSec on the firewall instead of PPTP. It is more secure and the clients are free. Thanks for your feedback, I'm pretty sure it would have worked. thanks sim
We have an NT server running PPTP located inside of our firewall. The firewall is a Linux box running ipchains w/ masquerading. In order to allow connections from outside into our PPTP server, I patched the kernel on the firewall machine using John Hardin's VPN Masquerade patches, then added the following to the startup script: # VPN: for an MS VPN server at 10.2.2.14 # note that 'dialup' win98 clients won't work if the outside address isn't # the primary ip for that interface - i.e., use the addr for eth1, not eth1:1 ipmasqadm portfw -a -P tcp -L outside.ip.address 1723 -R 10.2.2.14 1723 ipfwd --masq 10.2.2.14 47 >/dev/null 2>&1 & The 'ipmasqadm portfw' line forwards tcp traffic from the outside that's destined for port 1723 onto the actual server at 10.2.2.14. The 'ipfwd' line forwards any traffic for *protocol* (not port) 47 to the same machine (10.2.2.14). Hope that helps! horkan On Thu, Sep 07, 2000 at 03:41:27PM -0500, Simeon Johnston wrote:On our network is a Alpha running linux with PoPToP running. We are able to connect to it just fine inside the network, but outside the firewall it is not possible. I have consulted many howtos, most of them rather old, that were really useless. They describe setting up the VPN server, then you do a ton of patches, then it should magically work. Useless information. Does anyone know how to do this, or where to find a "good" howto. Any help would be appreciated sim
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- IPChains and VPN Simeon Johnston (Sep 07)
- <Possible follow-ups>
- Re: IPChains and VPN Simeon Johnston (Sep 08)
- Re: IPChains and VPN Simeon Johnston (Sep 12)
- Re: IPChains and VPN Simeon Johnston (Sep 13)