[COLUG] Questions about PopTop VPN configuration
Rob Funk
rfunk at funknet.net
Thu Jan 17 15:46:54 EST 2008
Mark L. Wise wrote:
> I have gotten my PopTop PC to Network VPN installed and running (sort
> of....)
>
> Now I have a firestarter firewall problem....
>
> The VPN works when the firewall is OFF. When I bring up the firewall
> then I can no longer ping the remote ends of the PPP link.
This indicates you're blocking too much; what are your firewall rules?
> I am attempting to add rules to the "user-pre" file to deal with this
> kind of traffic, but I am quite unsure of what kinds of packets and
> source and destination interfaces, etc.... Since I have the "real"
> (public) IP addresses on either side of the PPP link AND the private
> (internal) IP address of the PPP link, which interfaces, i.e. eth0 or
> ppp0 do I make rules for? Or both?
I actually just set up a PPTP VPN between two routers....
(Too bad openvpn isn't as ubiquitous yet.)
The eth0 stuff is outside the VPN, which the ppp0 stuff is inside the VPN.
You need to allow certain things outside the VPN for the VPN to get set
up and work, and then within the VPN you allow whatever actual VPN
traffic you want (maybe everything).
More specifically, on eth0 you need to allow TCP port 1723, along with the
GRE protocol.
As for the ppp0 interface, keep in mind that ping uses ICMP echo and
echo-reply packets, so if those won't go through then ping won't work.
--
==============================| "A microscope locked in on one point
Rob Funk <rfunk at funknet.net> |Never sees what kind of room that it's in"
http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind"
More information about the colug432
mailing list