PPTP client masquerading

I have setup IP and VPN / PPTP masquerading on a linux gateway.

However, only one client at a time from within the LAN can connect to a
remote PPTP server. Based on Section 2.7 of this URL:

http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO-2.html

.... one should ensure that "PPTP Call ID masquerade" is enabled on the
kernel to allow multiple clients to connect to a remote PPTP server.

However, I could not find this option on a 2.6 kernel ( running FC3 ).
Any ideas ?


Regards,

John

js wrote:

>
> I have setup IP and VPN / PPTP masquerading on a linux gateway.
>
> However, only one client at a time from within the LAN can connect to a
> remote PPTP server. Based on Section 2.7 of this URL:
>
> http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO-2.html
>
> ... one should ensure that "PPTP Call ID masquerade" is enabled on the
> kernel to allow multiple clients to connect to a remote PPTP server.
>
> However, I could not find this option on a 2.6 kernel ( running FC3 ).
> Any ideas ?
>
>
> Regards,
>
> John


Found the option. However, according to this:

http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO-3.html

The kernel option CONFIG_IP_MASQUERADE_PPTP_MULTICLIENT is only for 2.0
kernels, and with 2.2 kernels, it seemed to have been replaced with
CONFIG_IP_MASQUERADE_PPTP:


CONFIG_IP_MASQUERADE_PPTP
- Enables PPTP data channel masquerading, if you are
masquerading a PPTP client or server. This is now
available as a module.
Note that you no longer need to specify Call-ID masquerade.



I could not figure out what the revelant option is for 2.6 kernels.

js wrote:

> js wrote:
>
>>
>> I have setup IP and VPN / PPTP masquerading on a linux gateway.
>>
>> However, only one client at a time from within the LAN can connect to a
>> remote PPTP server. Based on Section 2.7 of this URL:
>>
>> http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO-2.html
>>
>> ... one should ensure that "PPTP Call ID masquerade" is enabled on the
>> kernel to allow multiple clients to connect to a remote PPTP server.
>>
>> However, I could not find this option on a 2.6 kernel ( running FC3 ).
>> Any ideas ?
>>
>>
>> Regards,
>>
>> John
>
>
> Found the option. However, according to this:
>
> http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO-3.html
>
> The kernel option CONFIG_IP_MASQUERADE_PPTP_MULTICLIENT is only for 2.0
> kernels, and with 2.2 kernels, it seemed to have been replaced with
> CONFIG_IP_MASQUERADE_PPTP:
>
>
> CONFIG_IP_MASQUERADE_PPTP
> - Enables PPTP data channel masquerading, if you are
> masquerading a PPTP client or server. This is now
> available as a module.
> Note that you no longer need to specify Call-ID masquerade.
>
>
>
> I could not figure out what the revelant option is for 2.6 kernels.


Okay ... thought this maybe relevant. netfilter had a path-o-matic called
pptp_conntrack_nat in the extra repository, which seems to be what I
needed:

http://www.netfilter.org/projects/pa...-conntrack-nat

Furthermore, this post into the netfilter mailing list indicate that
pptp_conntrack_nat is now in the mainline 2.6.14 kernel:

http://lists.netfilter.org/pipermail...er/063045.html

Will give 2.6.15 a try.

js wrote:

>
> Okay ... thought this maybe relevant. netfilter had a path-o-matic called
> pptp_conntrack_nat in the extra repository, which seems to be what I
> needed:
>
>
http://www.netfilter.org/projects/pa...-conntrack-nat
>
> Furthermore, this post into the netfilter mailing list indicate that
> pptp_conntrack_nat is now in the mainline 2.6.14 kernel:
>
> http://lists.netfilter.org/pipermail...er/063045.html
>
> Will give 2.6.15 a try.


Just a report for anyone who might be interested. Multiple outgoing PPTP
connections from within a LAN via IP / VPN / PPTP masquerading now works
with 2.6.15.

You __will__ have to load the following modules for it to work though:

/sbin/modprobe ip_nat_pptp
/sbin/modprobe ip_conntrack_pptp


John