[Shorewall-users] Debian pptpd
Charles J. Boening
Mon, 1 Jul 2002 07:02:19 -0700
You don't have to use encryption, but it's not a bad idea.
Make sure you have a rule like this:
ACCEPT net $FW 47
ACCEPT net $FW tcp 1723
I think that's right. The first one is to allow protocol 47 ... GRE
tunnel IIRC (probably wrong .. Been a while) and the second one, tcp
port 1723 is for making the actual connection. The GRE protocol is
basically how the data is encapsulated.
I run PoPToP (pptpd) (http://www.poptop.org) on a Mandrak 8.2 system.
The only problem I have with XP clients is after disconnect, they have
to reboot to connect again. Meanwhile, 9x/ME clients can disconnect and
reconnect all day long without rebooting. It could be something with
the XP configuration, I haven't really looked into it yet.
Also, if you're not using encryption, make sure you turn on the "require
encryption" on you XP clients. I believe you have to go into the
"advanced" settings in the security tab for the connection and turn
encryption off or make it optional.
Hope this helps.
[mailto:firstname.lastname@example.org] On Behalf Of j2
Sent: Sunday, June 30, 2002 1:27 PM
Subject: [Shorewall-users] Debian pptpd
Does anyone know if the pptpd package in debian 3.0 is "all that is
needed" to get XP clients (coming in from the net zone) to be abl eto
connect to a pptpd running on a "shorewall box"? As in: would i still
have to patch stuff? The info says it is compatible with MS? It does
just state dialup via ppp tho.. Input anyone?
cookiemonster:/# apt-cache show pptpd
Maintainer: Rene Mayrhofer <email@example.com>
Depends: libc6 (>= 2.2.4-4), libwrap0, ppp, netbase, debconf, perl-base
Description: PoPToP Point to Point Tunneling Server
This implements a Virtual Private Networking Server (VPN) that is
compatible with Microsoft VPN clients. It allows windows users to
connect to an internal firewalled network using their dialup.
Shorewall-users mailing list