From: Craig <jo...@us...> - 2003-06-24 00:37:26
|
>> situation: >> poptop server behind a firewall at work, various clients >> behind a linux >> MASQ box trying to connect. >> >> Everything's worked as recently as this morning; I can't >> figure out what >> the problem is now. > > Things necessary for poptop to work: > > 1 - TCP 1723 and Protocol 47 must be allowed to pass-through. > 2 - Poptop has to have ppp & kernel patched with MPPE support > 3 - Poptop needs the proper configuration > 4 - Client needs to be properly setup > > Can you say for sure that all these steps are working? If so, what > have you > done to test them? The server's running poptop-1.1.3-20030409 and pppd-2.4.1, no kernel or pppd patches, port 1723 is forwarded from the border. The client is a Winxp laptop using the built-in MS VPN client, behind a linux nat firewall (kernel 2.4.18, modules iptable_filter ipt_MASQUERADE iptable_nat ip_conntrack ip_tables) with a pppoe dsl connection (ppp0) to my ISP. I got the vpn working again with the following iptables rule on the client side firewall: iptables -t nat -A PREROUTING -i ppp0 -p 47 -j DNAT --to vaio Still trying to figure out what necessitated the rule, as I said it has worked fine to date with no more than the simple iptables -t nat -A POSTROUTING -o ppp0 -s local-net/24 -j MASQUERADE Craig |