we have 2 astaro (4.015) boxes connected to each other, one connected to the internet, one connected to our LAN :
internet---astaro1---astaro2---LAN
the astaro2 is supposed to act as http proxy and pptp vpn gateway.
I want the astaro1 to let all PPTP traffic through to astaro2. we have a second public ip-address for the gateway. traffic to this address should be sent to the astaro2 (dnat).
I did the following on astaro1 to get this working :
-created a network with the second public ip-address
-alias with second public ip-address on external interface (static nat didn't work at all without this.......why?)
-dnat rule : any source, any service (for testing),destination= second public ip-address =>source and service unchanged, destination changed to astaro2 external interface.
-packet filter: pptp and gre allowed from and to astaro2
when I try to open a pptp connection from the internet to astaro2, I can see an attempt to connect in the astaro1 live log. but the connection never really establishes. the log says something like this :
GRE: read(fd=5,buffer=804dbe0,len=8196) from PTY failed: status = -1 error = Input/output error
Sep 25 10:54:07 (none) pptpd[29427]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Sep 25 10:54:07 (none) pptpd[29427]: CTRL: Closing child ppp with pid 29428
Sep 25 10:54:07 (none) pptpd[29427]: CTRL: Client xxx.xxx.xxx.xxx control connection finished
just to mention : we had this working with another firewall as the external one (insted of the astaro1). so pptp and static nat in general should not be an issue.
can anyone help me there ?
thanks,
chris
This thread was automatically locked due to age.
