From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rangi Biddle" Date: Tue, 21 Nov 2006 08:36:49 +0000 Subject: [LARTC] RE: VPN Solution Message-Id: <002201c70d48$3845bf90$0101010a@lamachine> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============1211162779==" List-Id: References: <000601c70d37$a48d3b30$0101010a@lamachine> In-Reply-To: <000601c70d37$a48d3b30$0101010a@lamachine> To: lartc@vger.kernel.org This is a multi-part message in MIME format. --===============1211162779== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0023_01C70DB5.2F3F0790" This is a multi-part message in MIME format. ------=_NextPart_000_0023_01C70DB5.2F3F0790 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit > Hum. Is your DSL modem built in to the router you are using, or could you supplant your router with a / your Linux box? > If you can put your Linux box directly on the internet, then your VPN concentrator will (inherently) be directly on the net too. Unfortunately my router is combined with the DSL modem effectively a single CPE. > I believe the limitation, which may have been patched and with out being aware of it as I don't use PPTP (yet), is in the helper module for > connection tracking for PPTP. I would have to refresh my self on the PPTP protocol and it's interaction with IPTables. I suggest you do some more > reading on the mailing list as well as on NetFilter.org to see if you can find out something else. I have just come across some information that says that the connection tracking support for PPTP connections in particular is now part of the mainstream kernel ( >= 2.6.14 ). I am currently downloading version 2.6.18-3 and will let you know how it goes. PS. I'm using CentOS which probably isn't the best choice for hacking things to pieces - guess that serves me right. I believe debian (Sarge) has support for pptp_conntrack in it already so I might give that a go as well. If you're interested I am more than happy to discuss this matter off the mailing lists, but perhaps may serve a better purpose by being on the lists for future reference for others. ------=_NextPart_000_0023_01C70DB5.2F3F0790 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

> = Hum.  Is your DSL modem built in to the router you are using, or could you = supplant your router with a / your Linux box? 

> = If you can put your Linux box directly on the internet, then your VPN concentrator = will (inherently) be directly on the net too.

 

Unfortunately my router is combined with the DSL = modem effectively a single CPE.

 

> I = believe the limitation, which may have been patched and with out being aware of = it as I don't use PPTP (yet), is in the helper module = for

> = connection tracking for PPTP.  I would have to refresh my self on the PPTP protocol and = it's interaction with IPTables.  I suggest you do some more =

> = reading on the mailing list as well as on NetFilter.org to see if you can find out something else.

 

I have just come across some information that says = that the connection tracking support for PPTP connections in particular is now = part of the mainstream kernel ( >=3D 2.6.14 ).  I am currently = downloading version 2.6.18-3 and will let you know how it goes.

 

PS. I’m using CentOS which probably isn’t = the best choice for hacking things to pieces – guess that serves me = right.  I believe debian (Sarge) has support for pptp_conntrack in it already so I = might give that a go as well.

 

If you’re interested I am more than happy to = discuss this matter off the mailing lists, but perhaps may serve a better = purpose by being on the lists for future reference for = others.

------=_NextPart_000_0023_01C70DB5.2F3F0790-- --===============1211162779== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============1211162779==--