Date: Tue, 22 Jun 1999 15:25:25 +0200 (CEST) From: "Raymond Wiker" <raymond@orion.no> To: freebsd-stable@freebsd.org Subject: Re: Microsux PPTP sessions trough IPFW + NATD Message-ID: <14191.36549.537424.458064@foobar.orion.no> In-Reply-To: <Pine.BSF.4.05.9906221633140.24489-100000@distortion.dk> References: <Pine.BSF.4.05.9906221633140.24489-100000@distortion.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicolai Petri writes:
> Has anyone success with this setup.. The client is on the inside net.
> I've tried with the -pptplocal option on natd. But no success.. Please
> help..
We tried to use Micros**t PPTP to connect two offices over the
internet. It didn't work; from the symptoms it appeared that an
intermediate router filtered out PPTP packets. In the end we gave up
and used PPP over SSH instead... This works well, and I have a lot
more trust in this solution than anything that Micros**t could cook
up.
Details, in case anyone is interested:
We use subnetting, with a local net 192.168.0.64/26. Remote
net is 192.168.0.128/25. The net 192.168.0.0/26 is also available
through the remote end. Note: We do not actually use private IP
addresses (e.g, the 192.168.x.x range), but we could easily do - as
long as the firewall machines run NATD and have "real" IP addresses on
the outside. We also use the same IP address on the PPP tunnel
endpoints and the "inside" network interface on the firewall nodes.
The configuration files are identical on both ends, except for
/etc/ppp/ppp.conf, and even there the differences are minimal (i.e,
endpoint address assignment on the initiating side, and route setup
for both sides).
I hope this is of use to somebody.
From /etc/services:
ppp-out 6668/tcp # Outgoing ppp connections
ppp-in 6669/tcp # Incoming ppp connections
From /etc/inetd.conf:
ppp-in stream tcp nowait root /usr/sbin/ppp ppp -direct vpn-in
/etc/ppp/ppp.conf:
default:
set log Phase Chat LCP IPCP CCP tun command
set device /dev/cuaa1
set speed 115200
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
vpn-common:
set escape 0xff
enable proxy
set timeout 0
set log Phase Chat Connect LCP IPCP CCP tun
# Add routing for two subnets at the other side. Change this
# in /etc/ppp/ppp.conf on other side!
add 192.168.0.0/26 HISADDR
add 192.168.0.128/25 HISADDR
vpn-out:
load vpn-common
set device 127.0.0.1:6668
set dial
# Local address is 192.168.0.65. Reverse order on the other side!
set ifaddr 192.168.0.65 192.168.0.129
vpn-in:
load vpn-common
set ifaddr 0.0.0.0 0.0.0.0
From /etc/rc.local:
( /usr/local/bin/ssh -a -x -R 6668:127.0.0.1:6669 vpn /usr/sbin/ppp -background vpn-out ) &
echo -n ' VPN'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14191.36549.537424.458064>