[COLUG] Questions about PopTop VPN configuration

Mark L. Wise mark at alpha2.com
Mon Jan 21 16:57:29 EST 2008 

Thanks to all for your help and/or suggestions....

I have the PopTop software running correctly and PC users can now connect!

The problems were never with the PopTop software... it was running great 
from the beginning.

The problems were all related to firewall rules, first the GRE packets 
needed to be routed properly, then the ppp+ interface traffic needed to 
be allowed to pass the firewall.

If anyone ever wants to install this software in the future, I now have 
the information to make it quite easy....

Mark


Rob Funk wrote:
> Mark L. Wise wrote:
>   
>> I have gotten my PopTop PC to Network VPN installed and running (sort
>> of....)
>>
>> Now I have a firestarter firewall problem....
>>
>> The VPN works when the firewall is OFF.  When I bring up the firewall
>> then I can no longer ping the remote ends of the PPP link.
>>     
>
> This indicates you're blocking too much; what are your firewall rules?
>
>   
>> I am attempting to add rules to the "user-pre" file to deal with this
>> kind of traffic, but I am quite unsure of what kinds of packets and
>> source and destination interfaces, etc....  Since I have the "real"
>> (public) IP addresses on either side of the PPP link AND the private
>> (internal) IP address of the PPP link, which interfaces, i.e. eth0 or
>> ppp0 do I make rules for?  Or both?
>>     
>
> I actually just set up a PPTP VPN between two routers....
> (Too bad openvpn isn't as ubiquitous yet.)
>
> The eth0 stuff is outside the VPN, which the ppp0 stuff is inside the VPN.  
> You need to allow certain things outside the VPN for the VPN to get set 
> up and work, and then within the VPN you allow whatever actual VPN 
> traffic you want (maybe everything).
>
> More specifically, on eth0 you need to allow TCP port 1723, along with the 
> GRE protocol.
>
> As for the ppp0 interface, keep in mind that ping uses ICMP echo and 
> echo-reply packets, so if those won't go through then ping won't work.
>
>
>   

-- 
Mark L. Wise

Alpha II Service, Inc.
1312 Epworth Ave
Reynoldsburg, Ohio 43068-2116
USA

Office: (614) 868-5033
Fax: (614) 868-1060
Email: mark at alpha2.com
WEB: www.alpha2.com

More information about the colug432 mailing list