View previous topic :: View next topic |
Author |
Message |
fust n00b
Joined: 09 Jul 2012 Posts: 7
|
Posted: Wed May 22, 2013 2:14 pm Post subject: PPTP server issues |
|
|
Hi all,
i'm trying to set up a PPTP VPN server to view some IP cameras located at my workplace at home.
The VPN is working correctly to some extent, two windows machines, the VPN server and a wireless router are showing correctly but the IP cameras, printer and gateway (DSL router) don't show up and I'm not able to ping them either.
The VPN server is in the gateway's DMZ so I'm guessing it has something to do with the iptables configuration.
This problem is driving me crazy as I feel like I searched the entire internet for a solution but am unable to find one.
Here are the config files:
pptpd.conf:
Code: | option /etc/ppp/options.pptpd
debug
logwtmp
remoteip 192.168.2.250-253
|
options.pptpd
Code: | name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.2.254
ms-dns 8.8.8.8
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd
|
iptables config
Code: | # Generated by iptables-save v1.4.16.3 on Tue Apr 2 17:04:30 2013
*nat
:PREROUTING ACCEPT [1:211]
:INPUT ACCEPT [1:211]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
# -A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Tue Apr 2 17:04:30 2013
# Generated by iptables-save v1.4.16.3 on Tue Apr 2 17:04:30 2013
*mangle
:PREROUTING ACCEPT [30326:3923794]
:INPUT ACCEPT [28923:3670290]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3858448:1812576474]
:POSTROUTING ACCEPT [3859272:1812770109]
COMMIT
# Completed on Tue Apr 2 17:04:30 2013
# Generated by iptables-save v1.4.16.3 on Tue Apr 2 17:04:30 2013
*filter
:INPUT ACCEPT [154:10840]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [148:15752]
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p udp -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -p udp -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
# Completed on Tue Apr 2 17:04:30 2013
|
|
|
Back to top |
|
|
fust n00b
Joined: 09 Jul 2012 Posts: 7
|
Posted: Mon May 27, 2013 12:10 pm Post subject: |
|
|
*bump* no ideas on this? still haven't found a solution myself. |
|
Back to top |
|
|
gerdesj l33t
Joined: 29 Sep 2005 Posts: 621 Location: Yeovil, Somerset, UK
|
Posted: Wed May 29, 2013 11:18 pm Post subject: |
|
|
fust wrote: | *bump* no ideas on this? still haven't found a solution myself. |
There's a few things missing from your story so far. What is the "gateway" for starters?
Your iptables rules look right to me, GRE and 1723/tcp seem to be allowed through.
So, here's how you debug:
Draw a diagram somewhere and work out the path.
Packet capture on or near the destination - Wireshark or tcpdump or similar.
Work yourway back though the path until it works
Fix the broken bit.
Cheers
Jon |
|
Back to top |
|
|
|