mb0339 <(E-Mail Removed)> wrote:
> hi
> i have smoothwall firewall, on my router i have configurated the
> forwarding of tcp 1723 on the red of firewall and activated teh
> ip gre 47.
> on firewall i have configurated the forwarding of tcp 1723 on the internal
> ip vpn server
> and At the end of /etc/rc.d/rc.firewall.up, add the following:
> vpnserver="192.168.1.x"
> /sbin/iptables -N pptp
> /sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j
> ACCEPT
> /sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
The FORWARD chain is a two-way street so I guess shorewall must already
have something like
/sbin/iptables -A FORWARD --src 192.168.1.0/24 -j ACCEPT
> /sbin/iptables -I FORWARD -j pptp
> /sbin/iptables -t nat -N pptp
> /sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to
> $vpnserver:1723
> /sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
> /sbin/iptables -t nat -A PREROUTING -j pptp
The DNAT routing looks okay to me.
> but when i try the connection on a windows client i haave this
> problem one minutes on the "verification user name and password
> "then error 628 help me thanks.
An answer from google for "error 628" said to replace
mppe required
with
mppe required,stateless
and, although I've never used PPTP and so haven't a clue, presumable
you will know what file this is in.
FWIW, I tend to believe the problem is with PPTP and not your routing.
--
Clifford Kite
/* Substitute "damn" every time you're inclined to write "very"; your
editor will delete it and the writing will be just as it should be.
-- Mark Twain */
QED
|
Similar Threads
Linear Mode
