From owner-freebsd-hackers Tue Jul 28 23:27:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA21473 for freebsd-hackers-outgoing; Tue, 28 Jul 1998 23:27:15 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from pacman.redwoodsoft.com (redwoodsoft.com [207.181.199.182]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA21430 for ; Tue, 28 Jul 1998 23:26:59 -0700 (PDT) (envelope-from dnelson@pacman.redwoodsoft.com) Received: (qmail 4599 invoked by uid 1000); 29 Jul 1998 06:26:08 -0000 Date: Tue, 28 Jul 1998 23:26:08 -0700 (PDT) From: Dru Nelson To: "Pitcairn, Duncan" cc: freebsd-hackers@FreeBSD.ORG Subject: I added Microsoft VPN / PPTP for NATD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I needed to VPN to work from a machine on my network so I added the code to the NATD today. It works great. (The natd and libalias code is very good, so it wasn't hard) Essentially, I added a command line paramater called 'pptpalias' with an argument of the ip address of the machine on the inside that is to be used for the pptp service (client or server). The firewall should then pass PPTP (IP GRE packets) traffic directly to that machine after translation. I read on one of the posts to this list that the linux version acts similarly. Apparently, there isn't a port number to translate (or the microsoft implmentation doesn't implement it correctly). So, this works for a single machine on the inside to any machine on the outside. This should work fine for telecommuters or a single server behind the firewall. I will be contacting someone who maintains the nat stuff to see if they want it. I'm running on 2.2.5-RELEASE. The changes are to the libalias files and the natd.c. I'm not on this list, so please reply to me in email directly... Take it easy, Dru Nelson Redwood City, California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message