This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Masquerade support ?

Hi..

I have been using your firewall in a test-setup for over a month now and I must say that it looks great!

The only problem I have had with it, is that multiple clients can't connect to the same outside VPN server via PPTP. In our office we have to connect to several VPN (PopTop PPTP) servers outside our office (firewall) and it is only possible for one client to be connected at a time.

I found a patch at ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html that adds VPN Masquerade support to the 2.0.x and 2.2.x kernel, but since you use the 2.4 kernel I guess thats no good [:$])

Is there support for this in the 2.4 kernel and did I just mess something up so that it didnt work for me or ?

Again, thank for this great product!

/HenrikP, Denmark

[This message has been edited by HenrikP (edited 22 January 2001).]

This thread was automatically locked due to age.

Parents

0 Markus Hennig over 24 years ago

i afraid i dont understand correct what you want...

did you want route PPTP packets? do you need a PPTP server?

at his time we only support VPN with IPSec - take a look at www.freeswan.org

------------------

Markus Hennig
Astaro Product Development
Cancel
Vote Up 0 Vote Down

Cancel
0 HenrikP over 24 years ago in reply to Markus Hennig

Hi.. just been away for a couple of days, so that is why I didn’t answered before.

Let me explain the setup a little better.

We have a masquraded test network ( 192.168.1.x/24 ) at our office with a Astaro firewall and 2 clients behind the firewall. If client #1 opens a PPTP connection to a outside PoPToP PPTP server it connects fine, but if client #2 also try to open a PPTP connection to the same PoPToP server it can’t connect. I seem to run in to the problem described on the link in my previous post, where the PoPToP server can’t distinguish the two connections. This problem is also described in part 2.7 of the “Linux VPN Masquerade HOWTO” (http://www.impsec.org/linux/masquerade/VPN-howto/VPN-Masquerade-2.html#ss2.7).

Friendly regards

HenrikP, Denmark
Cancel
Vote Up 0 Vote Down

Cancel
0 tom_01 over 24 years ago in reply to HenrikP

quote from ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html#HOWTO

---- cut ----
Depending on the PPTP server in use you may be forced to use a VPN router configuration if more than one masqueraded system wants to connect to a given PPTP server. The PPTP protocol specifies only one control connection from a given client system, and the masquerade gateway is the client as far as the server is concerned. PPTP server implementations that correctly follow the specification will not permit more than one PPTP session to be established from the masquerade gateway. Try it first, though, as some incorrect PPTP implementations (such as that in Windows NT) do permit multiple connections between the same systems.
---- cut -----

maybe that is your problem ?

since your first client connects fine, it means that the Astaro masquerades the PPTP (TCP mixed with GRE) connection fine.

cheers,
tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom_01 over 24 years ago in reply to HenrikP

quote from ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html#HOWTO

---- cut ----
Depending on the PPTP server in use you may be forced to use a VPN router configuration if more than one masqueraded system wants to connect to a given PPTP server. The PPTP protocol specifies only one control connection from a given client system, and the masquerade gateway is the client as far as the server is concerned. PPTP server implementations that correctly follow the specification will not permit more than one PPTP session to be established from the masquerade gateway. Try it first, though, as some incorrect PPTP implementations (such as that in Windows NT) do permit multiple connections between the same systems.
---- cut -----

maybe that is your problem ?

since your first client connects fine, it means that the Astaro masquerades the PPTP (TCP mixed with GRE) connection fine.

cheers,
tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 dxsonline over 24 years ago in reply to tom_01

I was wondering are ther any plans for astaro to support other VPN protocols besides pptp, I know that we are still living in a Microsoft World but are there plans for IPsec
Cancel
Vote Up 0 Vote Down

Cancel
0 tom_01 over 24 years ago in reply to dxsonline

you got it wrong [;)]

we do support IPSEC, and do NOT support PPTP as a server, but astaro can forward PPTP traffic.
Cancel
Vote Up 0 Vote Down

Cancel