Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PPTP server issues
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
fust
n00b
n00b


Joined: 09 Jul 2012
Posts: 7

PostPosted: Wed May 22, 2013 2:14 pm    Post subject: PPTP server issues Reply with quote

Hi all,
i'm trying to set up a PPTP VPN server to view some IP cameras located at my workplace at home.
The VPN is working correctly to some extent, two windows machines, the VPN server and a wireless router are showing correctly but the IP cameras, printer and gateway (DSL router) don't show up and I'm not able to ping them either.
The VPN server is in the gateway's DMZ so I'm guessing it has something to do with the iptables configuration.
This problem is driving me crazy as I feel like I searched the entire internet for a solution but am unable to find one.

Here are the config files:

pptpd.conf:
Code:
option /etc/ppp/options.pptpd
debug
logwtmp
remoteip 192.168.2.250-253

options.pptpd
Code:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.2.254
ms-dns 8.8.8.8
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd

iptables config
Code:
# Generated by iptables-save v1.4.16.3 on Tue Apr  2 17:04:30 2013
*nat
:PREROUTING ACCEPT [1:211]
:INPUT ACCEPT [1:211]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
# -A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Tue Apr  2 17:04:30 2013
# Generated by iptables-save v1.4.16.3 on Tue Apr  2 17:04:30 2013
*mangle
:PREROUTING ACCEPT [30326:3923794]
:INPUT ACCEPT [28923:3670290]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3858448:1812576474]
:POSTROUTING ACCEPT [3859272:1812770109]
COMMIT
# Completed on Tue Apr  2 17:04:30 2013
# Generated by iptables-save v1.4.16.3 on Tue Apr  2 17:04:30 2013
*filter
:INPUT ACCEPT [154:10840]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [148:15752]
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p udp -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -p udp -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
# Completed on Tue Apr  2 17:04:30 2013
Back to top
View user's profile Send private message
fust
n00b
n00b


Joined: 09 Jul 2012
Posts: 7

PostPosted: Mon May 27, 2013 12:10 pm    Post subject: Reply with quote

*bump* no ideas on this? still haven't found a solution myself.
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 621
Location: Yeovil, Somerset, UK

PostPosted: Wed May 29, 2013 11:18 pm    Post subject: Reply with quote

fust wrote:
*bump* no ideas on this? still haven't found a solution myself.


There's a few things missing from your story so far. What is the "gateway" for starters?

Your iptables rules look right to me, GRE and 1723/tcp seem to be allowed through.

So, here's how you debug:

Draw a diagram somewhere and work out the path.
Packet capture on or near the destination - Wireshark or tcpdump or similar.
Work yourway back though the path until it works

Fix the broken bit.

Cheers
Jon
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum