How can Iget multiple outgoing VPN (pptp) connections with iptablesand snat?

Gary W. Smith gary at primeexalia.com
Thu Apr 7 16:08:06 CEST 2005


Download patch-o-matic-ng (one the daily snapshot from last night would
be best as Harold has just made changes to the code), patch the kernel
and then recompile your kernel and iptables.

If you want PPTP you might also want to patch your kernel with mppe and
possibly bsd_comp as well.

You might also want to include what kernel you are running this on.  I
have had problems with a couple RH versions.  The latest works with RHEL
4

Gary Smith

> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-
> bounces at lists.netfilter.org] On Behalf Of AKholod
> Sent: Wednesday, April 06, 2005 5:53 AM
> To: netfilter at lists.netfilter.org
> Subject: How can Iget multiple outgoing VPN (pptp) connections with
> iptablesand snat?
> 
> I have problem. Multiple clients in our corporate network need access
to
> remote network by VPN - PPTP protocol, VPN gate to the remote network
is
> CISCO router with VPN support. I study many forums and find four
solutions
> for setup VPN connection:
> 
> 1) VPN masquerading for old kernel - 2.0, 2.2
> 
> 2) Special external program - pptpproxy
> 
> 3) I find links to iptables extensions -
> <http://cvs.netfilter.org/netfilter-extensions/helpers/pptp/>
ip_nat_pptp,
> ip_conntrack_pptp, ip_nat_proto_gre, ip_conntrack_proto_gre, but I
don't
> find any sources for this modules.
> 
> 4) Add next rules in iptables startup script:
> 
> 
> 
> $IPTABLES -A FORWARD -p tcp --dport 1723 -i $LAN_IFACE -j ACCEPT
> 
> $IPTABLES -A FORWARD -p 47 -i $LAN_IFACE -j ACCEPT
> 
> 
> 
> And finally I have question: "How CORRECT (RECOMMENDED BY DEVELOPERS)
way
> for setup iptables version 1.2.11 and Linux kernel 2.6 for admission
> multiple outgoing PPTP VPN connections?"
> 
> 
> 
> Best regards,
> 
> Andrey Kholod




More information about the netfilter mailing list