Help! problem with PPTPD and pptp nat helper
Gary W. Smith
gary at primeexalia.com
Mon Dec 27 23:15:56 CET 2004
I found an oddity while experimenting with ip_nat_pptp. If it's loaded I cannot make an outgoing pptp call from the server. If I unload it will make the call just fine. After the call has been established I can then reload the module and then connect from workstations.
If a workstation is connected to an external VPN it's connection is not broken. Another oddity is that lsmod shows that module loaded, but not being used even when there are multiple active conenctions behind the firewall.
I'm still looking for a better solution to this problem. The temporary work around is to script the outgoing pptp calls with an rmmod and modprobe before and after.
Gary Smith
________________________________
From: netfilter-bounces at lists.netfilter.org on behalf of Radien Radien
Sent: Sun 12/26/2004 4:15 AM
To: netfilter at lists.netfilter.org
Subject: Help! problem with PPTPD and pptp nat helper
But based on netfilter pom-ng documentation its needed for NAT working properly
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-pptp-conntrack-nat
I have great successfull experiment using these 4 p-o-m modules, they
work perfect in my cases multiple session for DNAT and SNAT even both
at the same time. But when the last one is loaded part of pptpd(when
uses pppd) cannot negotiate using LCP, it seems so in logfiles. And if
I unload it, pptpd works fine!!
#This adds CONFIG_IP_NF_PPTP:
#Connection tracking and NAT support for PPTP. Using this, you can track
#PPTP/GRE connections and do SNAT/DNAT. You have to load the following modules
#for connection tracking:
# ip_conntrack_proto_gre
# ip_conntrack_pptp
#for NAT:
# ip_nat_proto_gre
# ip_nat_pptp
#
It seems to be a conflict of using ppp, with ip_nat_pptp module and pptpd.
More information about the netfilter
mailing list