Multiple PPTP clients behind iptables.

Multiple PPTP clients behind iptables.

[Manikandan]

[-- Attachment #1: Type: text/plain, Size: 786 bytes --]

Dear friends,

	As I am getting more confused about VPN masq., request your help on
this.

My local LAN is 10.35.0.0/24 
My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as the
gateway for my LAN to Internet.

I need to allow my LAN clients to access Microsoft windows VPN (Windows 2000
Adv. Server) using PPTP over Internet.
I am not able to make more than one connection to the VPN server as my LAN
outgoing traffic to Internet is getting SNAT to single public IP.


I read few guides and howtos to configure my firewall to allow multiple PPTP
sessions. But still I couldn't get through.

Do I need to patch my kernel? What support do I need to enable this multiple
PPTP traffic.

Request your views and help on this.


Have a nice day

Regards,
Manikandan.








[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 3488 bytes --]

Re: Multiple PPTP clients behind iptables.

[Antony Stone]

On Friday 09 April 2004 4:08 pm, Manikandan wrote:

> I read few guides and howtos to configure my firewall to allow multiple
> PPTP sessions. But still I couldn't get through.
>
> Do I need to patch my kernel? What support do I need to enable this
> multiple PPTP traffic.

http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-pptp-conntrack-nat

Regards,

Antony.

-- 
In Heaven, the police are British, the chefs are Italian, the beer is Belgian, 
the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American, 
the mechanics are French, the lovers are Swiss, the entertainment is Belgian, 
and everything is organised by the Italians.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: Multiple PPTP clients behind iptables.

[Alexis]

yes, you need the pptp patch

ive been in the same situation, and applying the patch made it work just
fine.-

see
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.html#ss5.6

----- Original Message ----- 
From: "Manikandan" <mani@manikandan.org>
To: "Netfilter" <netfilter@lists.netfilter.org>
Sent: Friday, April 09, 2004 12:08 PM
Subject: Multiple PPTP clients behind iptables.


> Dear friends,
>
> As I am getting more confused about VPN masq., request your help on
> this.
>
> My local LAN is 10.35.0.0/24
> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as the
> gateway for my LAN to Internet.
>
> I need to allow my LAN clients to access Microsoft windows VPN (Windows
2000
> Adv. Server) using PPTP over Internet.
> I am not able to make more than one connection to the VPN server as my LAN
> outgoing traffic to Internet is getting SNAT to single public IP.
>
>
> I read few guides and howtos to configure my firewall to allow multiple
PPTP
> sessions. But still I couldn't get through.
>
> Do I need to patch my kernel? What support do I need to enable this
multiple
> PPTP traffic.
>
> Request your views and help on this.
>
>
> Have a nice day
>
> Regards,
> Manikandan.
>
>
>
>
>
>
>
>

Re: Multiple PPTP clients behind iptables.

[Luke Deryckx]

This patch worked very nicely for me as well. Keep in mind you also need to
recompile iptables after you've patched your kernel.

Cheers




On 4/9/04 8:55 AM, "Alexis" <alexis@tpys.com.ar> wrote:

> yes, you need the pptp patch
> 
> ive been in the same situation, and applying the patch made it work just
> fine.-
> 
> see
> http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.htm
> l#ss5.6
> 
> ----- Original Message -----
> From: "Manikandan" <mani@manikandan.org>
> To: "Netfilter" <netfilter@lists.netfilter.org>
> Sent: Friday, April 09, 2004 12:08 PM
> Subject: Multiple PPTP clients behind iptables.
> 
> 
>> Dear friends,
>> 
>> As I am getting more confused about VPN masq., request your help on
>> this.
>> 
>> My local LAN is 10.35.0.0/24
>> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as the
>> gateway for my LAN to Internet.
>> 
>> I need to allow my LAN clients to access Microsoft windows VPN (Windows
> 2000
>> Adv. Server) using PPTP over Internet.
>> I am not able to make more than one connection to the VPN server as my LAN
>> outgoing traffic to Internet is getting SNAT to single public IP.
>> 
>> 
>> I read few guides and howtos to configure my firewall to allow multiple
> PPTP
>> sessions. But still I couldn't get through.
>> 
>> Do I need to patch my kernel? What support do I need to enable this
> multiple
>> PPTP traffic.
>> 
>> Request your views and help on this.
>> 
>> 
>> Have a nice day
>> 
>> Regards,
>> Manikandan.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 

RE: Multiple PPTP clients behind iptables.

[Manikandan]

When I try to apply the patch, using netfilter CVS I am getting an error
like

Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
Testing patch submitted/03_2.4.21.patch...
Failed to patch copy of /usr/src/linux-2.4.20-8/
TEST FAILED: patch NOT applied.

[Press enter to continue]

What could be wrong?

Regards,
Manikandan

 -----Original Message-----
From: 	Luke Deryckx [mailto:luke@westaironline.com]
Sent:	Friday, April 09, 2004 9:38 PM
To:	manikandan@manikandan.org
Cc:	Netfilter list
Subject:	Re: Multiple PPTP clients behind iptables.

This patch worked very nicely for me as well. Keep in mind you also need to
recompile iptables after you've patched your kernel.

Cheers




On 4/9/04 8:55 AM, "Alexis" <alexis@tpys.com.ar> wrote:

> yes, you need the pptp patch
>
> ive been in the same situation, and applying the patch made it work just
> fine.-
>
> see
>
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.h
tm
> l#ss5.6
>
> ----- Original Message -----
> From: "Manikandan" <mani@manikandan.org>
> To: "Netfilter" <netfilter@lists.netfilter.org>
> Sent: Friday, April 09, 2004 12:08 PM
> Subject: Multiple PPTP clients behind iptables.
>
>
>> Dear friends,
>>
>> As I am getting more confused about VPN masq., request your help on
>> this.
>>
>> My local LAN is 10.35.0.0/24
>> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as
the
>> gateway for my LAN to Internet.
>>
>> I need to allow my LAN clients to access Microsoft windows VPN (Windows
> 2000
>> Adv. Server) using PPTP over Internet.
>> I am not able to make more than one connection to the VPN server as my
LAN
>> outgoing traffic to Internet is getting SNAT to single public IP.
>>
>>
>> I read few guides and howtos to configure my firewall to allow multiple
> PPTP
>> sessions. But still I couldn't get through.
>>
>> Do I need to patch my kernel? What support do I need to enable this
> multiple
>> PPTP traffic.
>>
>> Request your views and help on this.
>>
>>
>> Have a nice day
>>
>> Regards,
>> Manikandan.
>>
>>
>>
>>
>>
>>
>>
>>
>

RE: Multiple PPTP clients behind iptables.

[Manikandan]

Somehow I managed to patch my kernel with pptp patch. But everytime when I
load modules like ip_conntrack_pptp, ip_nat_pptp, I am getting an error like
"ip_conntrack_pptp.c: bad csum" in the log file.

Also the pptp connections are not stable. The pptp sessions are getting
disconnected very often say every 2 mins.

Kernel = 2.4.20-30.9 and iptables version 1.2.9 .

Please help.

Regards,
Manikandan.

 -----Original Message-----
From: 	Luke Deryckx [mailto:luke@westaironline.com]
Sent:	Friday, April 09, 2004 9:38 PM
To:	manikandan@manikandan.org
Cc:	Netfilter list
Subject:	Re: Multiple PPTP clients behind iptables.

This patch worked very nicely for me as well. Keep in mind you also need to
recompile iptables after you've patched your kernel.

Cheers




On 4/9/04 8:55 AM, "Alexis" <alexis@tpys.com.ar> wrote:

> yes, you need the pptp patch
>
> ive been in the same situation, and applying the patch made it work just
> fine.-
>
> see
>
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.h
tm
> l#ss5.6
>
> ----- Original Message -----
> From: "Manikandan" <mani@manikandan.org>
> To: "Netfilter" <netfilter@lists.netfilter.org>
> Sent: Friday, April 09, 2004 12:08 PM
> Subject: Multiple PPTP clients behind iptables.
>
>
>> Dear friends,
>>
>> As I am getting more confused about VPN masq., request your help on
>> this.
>>
>> My local LAN is 10.35.0.0/24
>> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as
the
>> gateway for my LAN to Internet.
>>
>> I need to allow my LAN clients to access Microsoft windows VPN (Windows
> 2000
>> Adv. Server) using PPTP over Internet.
>> I am not able to make more than one connection to the VPN server as my
LAN
>> outgoing traffic to Internet is getting SNAT to single public IP.
>>
>>
>> I read few guides and howtos to configure my firewall to allow multiple
> PPTP
>> sessions. But still I couldn't get through.
>>
>> Do I need to patch my kernel? What support do I need to enable this
> multiple
>> PPTP traffic.
>>
>> Request your views and help on this.
>>
>>
>> Have a nice day
>>
>> Regards,
>> Manikandan.
>>
>>
>>
>>
>>
>>
>>
>>
>

Re: Multiple PPTP clients behind iptables.

[Antony Stone]

On Sunday 25 April 2004 2:11 pm, Manikandan wrote:

> Somehow I managed to patch my kernel with pptp patch. But everytime when I
> load modules like ip_conntrack_pptp, ip_nat_pptp, I am getting an error
> like "ip_conntrack_pptp.c: bad csum" in the log file.
>
> Also the pptp connections are not stable. The pptp sessions are getting
> disconnected very often say every 2 mins.

Sounds like you need to do something about that word "somehow".

Make sure you have applied (the right version of) the patch correctly, 
recompiled both the kernel and iptables afterwards, without errors, and try 
connections again after that.

Regards,

Antony.

-- 
Ramdisk is not an installation procedure.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: Multiple PPTP clients behind iptables.

[Dave Barnum]

[-- Attachment #1: Type: text/html, Size: 2378 bytes --]

IPSec masquerading patches (Kernel 2.4)

[Devaraj Das]

Hi,
Is there a patch for the IPSec masquerading for kernel 2.4.x. Basically,
I need to allow multiple clients in a private lan access the (IPSec) VPN
server through the internet.
I hit upon this link
http://www.impsec.org/linux/masquerade/ip_masq_vpn.html
when I did a search. But this does not give a patch for 2.4.x kernels...

Would appreciate your help in this regard.
Thanks,
Devaraj.

FW: Multiple PPTP clients behind iptables.

[Manikandan]

When I try to apply the patch, using netfilter CVS I am getting an error
like

Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
Testing patch submitted/03_2.4.21.patch...
Failed to patch copy of /usr/src/linux-2.4.20-8/
TEST FAILED: patch NOT applied.

[Press enter to continue]
What could be wrong?
Regards,
Manikandan
-----Original Message-----
From:	Luke Deryckx [mailto:luke@westaironline.com]
Sent:	Friday, April 09, 2004 9:38 PM
To:	manikandan@manikandan.org
Cc:	Netfilter list
Subject:	Re: Multiple PPTP clients behind iptables.

This patch worked very nicely for me as well. Keep in mind you also need to
recompile iptables after you've patched your kernel.
Cheers



On 4/9/04 8:55 AM, "Alexis" <alexis@tpys.com.ar> wrote:
> yes, you need the pptp patch
>
> ive been in the same situation, and applying the patch made it work just
> fine.-
>
> see
>
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.h
tm
> l#ss5.6
>
> ----- Original Message -----
> From:	"Manikandan" <mani@manikandan.org>
> To:	"Netfilter" <netfilter@lists.netfilter.org>
> Sent:	Friday, April 09, 2004 12:08 PM
> Subject:	Multiple PPTP clients behind iptables.
>
>
>> Dear friends,
>>
>> As I am getting more confused about VPN masq., request your help on
>> this.
>>
>> My local LAN is 10.35.0.0/24
>> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as
the
>> gateway for my LAN to Internet.
>>
>> I need to allow my LAN clients to access Microsoft windows VPN (Windows
> 2000
>> Adv. Server) using PPTP over Internet.
>> I am not able to make more than one connection to the VPN server as my
LAN
>> outgoing traffic to Internet is getting SNAT to single public IP.
>>
>>
>> I read few guides and howtos to configure my firewall to allow multiple
> PPTP
>> sessions. But still I couldn't get through.
>>
>> Do I need to patch my kernel? What support do I need to enable this
> multiple
>> PPTP traffic.
>>
>> Request your views and help on this.
>>
>>
>> Have a nice day
>>
>> Regards,
>> Manikandan.
>>
>>
>>
>>
>>
>>
>>
>>
>

Re: Multiple PPTP clients behind iptables.

[Luke Deryckx]

It looks like your trying to patch the out of the box Redhat 9 kernel
correct? You'll need to upgrade to a newer kernel to apply this patch. I
have successfully applied it to both 2.4.22 and 2.4.25 kernels.


Luke


On 4/9/04 10:18 PM, "Manikandan" <mani@manikandan.org> wrote:

> When I try to apply the patch, using netfilter CVS I am getting an error
> like
> 
> Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
> Testing patch submitted/03_2.4.21.patch...
> Failed to patch copy of /usr/src/linux-2.4.20-8/
> TEST FAILED: patch NOT applied.
> 
> [Press enter to continue]
> What could be wrong?
> Regards,
> Manikandan
> -----Original Message-----
> From:    Luke Deryckx [mailto:luke@westaironline.com]
> Sent:    Friday, April 09, 2004 9:38 PM
> To:    manikandan@manikandan.org
> Cc:    Netfilter list
> Subject:    Re: Multiple PPTP clients behind iptables.
> 
> This patch worked very nicely for me as well. Keep in mind you also need to
> recompile iptables after you've patched your kernel.
> Cheers
> 
> 
> 
> On 4/9/04 8:55 AM, "Alexis" <alexis@tpys.com.ar> wrote:
>> yes, you need the pptp patch
>> 
>> ive been in the same situation, and applying the patch made it work just
>> fine.-
>> 
>> see
>> 
> http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.h
> tm
>> l#ss5.6
>> 
>> ----- Original Message -----
>> From:    "Manikandan" <mani@manikandan.org>
>> To:    "Netfilter" <netfilter@lists.netfilter.org>
>> Sent:    Friday, April 09, 2004 12:08 PM
>> Subject:    Multiple PPTP clients behind iptables.
>> 
>> 
>>> Dear friends,
>>> 
>>> As I am getting more confused about VPN masq., request your help on
>>> this.
>>> 
>>> My local LAN is 10.35.0.0/24
>>> My Linux box running red hat linux 9.0 with kernel 2.4.20-8. acting as
> the
>>> gateway for my LAN to Internet.
>>> 
>>> I need to allow my LAN clients to access Microsoft windows VPN (Windows
>> 2000
>>> Adv. Server) using PPTP over Internet.
>>> I am not able to make more than one connection to the VPN server as my
> LAN
>>> outgoing traffic to Internet is getting SNAT to single public IP.
>>> 
>>> 
>>> I read few guides and howtos to configure my firewall to allow multiple
>> PPTP
>>> sessions. But still I couldn't get through.
>>> 
>>> Do I need to patch my kernel? What support do I need to enable this
>> multiple
>>> PPTP traffic.
>>> 
>>> Request your views and help on this.
>>> 
>>> 
>>> Have a nice day
>>> 
>>> Regards,
>>> Manikandan.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
> 
> 
>