[ale] Poptop

[Geoffrey]

Christopher Fowler wrote:
> On Mon, 2006-03-13 at 19:44 -0500, Tony Carter wrote:
>>> will need client software.  I know CISCO makes a nice 
>>> package, but I don't know if it works with Linux.  
>> Yup, it works like a charm.. The Mac client even works well.
>>
> 
> But you still have to have a public IP on the VPN server right?

I didn't want to jump into this fray as I don't recall all the 
specifics, but....

Back when I was with AT&T I had a successful solution for pptp from a 
nat'ed machine at my home to a nat'ed machine on the AT&T network.

So, I know it can be done, I just don't recall all the specifics.  I do 
have some old scripts I believe assisted in this process and I'll share 
the PPTP specifics here.  I've not researched this, so I don't know that 
these are the working scripts, but I saved them for a reason. :)

# PPTP for vpn

VPN_SVR=XXX.XXX.XXX.XXX

$IPCHAINS -A forward -j MASQ   -p tcp -s 172.16.10.215/32 \
     -d $VPN_SVR/32 1723 -i ppp0
$IPCHAINS -A output  -j ACCEPT -p tcp -s $IPADDR/24 \
     -d $VPN_SVR/32 1723 -i ppp0
$IPCHAINS -A input   -j ACCEPT -p tcp -s $VPN_SVR/32 1723 \
     -d $IPADDR/24  -i ppp0
$IPCHAINS -A forward -j MASQ   -p 47  -s 172.16.10.215/32      \
     -d $VPN_SVR/32      -i ppp0
$IPCHAINS -A output  -j ACCEPT -p 47  -s $IPADDR/24 \
     -d $VPN_SVR/32      -i ppp0
$IPCHAINS -A input   -j ACCEPT -p 47  -s $VPN_SVR/32     \
     -d $IPADDR/24  -i ppp0

I also recall that I had some modules that had to be loaded as well, but 
don't recall the specifics of them either. (gre??)

Note the references above to the 172.16.10.* network was my internal 
nat'ed subnet.

-- 
Until later, Geoffrey