I'm attempting to set up a poptop VPN server, on a system acting as a NAT firewall (running shorewall). The idea is, of course, to allow systems logging into the VPN access to the network behind the firewall.
There's lots of documentation on how to do this (especially helpfull was http://shorewall.net/PPTP.htm), and with some tweaking, the default debian poptop configuration is working mostly right. A windows 2000 client can log in, and ping hosts inside the private network. However, VPN clients cannot ping each other. I can't figure out if this is the intended behaviour of poptop, or a deficiency of my shorewall configuration. I've included copies of relevant config files below. Any insight anyone can provide will be greatly appreciated. (As an aside, I'm aware that my VPN connections are unencrypted. For my application, that isn't important.) Thanks, Philip Bock /etc/pptpd.conf: ---------------- speed 115200 option /etc/ppp/pptpd-options localip 192.168.1.100 remoteip 192.168.1.101-110 /etc/ppp/pptp-options: ---------------------- chap-secrets name rama domain flamewars.org auth netmask 255.255.255.0 nodefaultroute proxyarp lock /etc/shorewall/zones: --------------------- #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks dmz DMZ Demilitarized zone vpn VPN PPTP Virtual Private Network /etc/shorewall/interfaces: -------------------------- #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,norfc1918 loc eth1 detect vpn ppp+ detect /etc/shorewall/tunnels: ----------------------- # TYPE ZONE GATEWAY GATEWAY # ZONE pptpserver net /etc/shorewall/policy: ---------------------- #SOURCE DEST POLICY LOG # LEVEL loc net ACCEPT fw net ACCEPT loc fw ACCEPT fw loc ACCEPT fw vpn ACCEPT vpn fw ACCEPT loc vpn ACCEPT vpn loc ACCEPT net all DROP info # # THE FOLLOWING POLICY MUST BE LAST # all all REJECT info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
