[Shorewall-users] Debian pptpd

Charles J. Boening charlie@theboenings.com
Mon, 1 Jul 2002 07:02:19 -0700

You don't have to use encryption, but it's not a bad idea.

Make sure you have a rule like this:

ACCEPT   net   $FW   47
ACCEPT   net   $FW   tcp   1723

I think that's right.  The first one is to allow protocol 47 ... GRE
tunnel IIRC (probably wrong .. Been a while) and the second one, tcp
port 1723 is for making the actual connection.  The GRE protocol is
basically how the data is encapsulated.

I run PoPToP (pptpd) (http://www.poptop.org) on a Mandrak 8.2 system.
The only problem I have with XP clients is after disconnect, they have
to reboot to connect again.  Meanwhile, 9x/ME clients can disconnect and
reconnect all day long without rebooting.  It could be something with
the XP configuration, I haven't really looked into it yet.

Also, if you're not using encryption, make sure you turn on the "require
encryption" on you XP clients.  I believe you have to go into the
"advanced" settings in the security tab for the connection and turn
encryption off or make it optional.

Hope this helps.  

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of j2
Sent: Sunday, June 30, 2002 1:27 PM
Cc: shorewall-users@shorewall.net
Subject: [Shorewall-users] Debian pptpd

Does anyone know if the pptpd package in debian 3.0 is "all that is
needed" to get XP clients (coming in from the net zone) to be abl eto
connect to a pptpd running on a "shorewall box"? As in: would i still
have to patch stuff? The info says it is compatible with MS? It does
just state dialup via ppp tho.. Input anyone?

cookiemonster:/# apt-cache show pptpd
Package: pptpd
Priority: optional
Section: net
Installed-Size: 164
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Architecture: i386
Version: 1.1.2-1.2
Depends: libc6 (>= 2.2.4-4), libwrap0, ppp, netbase, debconf, perl-base
Filename: pool/main/p/pptpd/pptpd_1.1.2-1.2_i386.deb
Size: 54750
MD5sum: 9126ad009354ea429a9c0fd8ca72c8a1
Description: PoPToP Point to Point Tunneling Server
 This implements a Virtual Private Networking Server (VPN) that is
compatible  with Microsoft VPN clients. It allows windows users to
connect to an  internal firewalled network using their dialup.

Shorewall-users mailing list