Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Dave on June 26, 2002, 10:09:54 PM

Title: Workaround needed for PPTP VPN
Post by: Dave on June 26, 2002, 10:09:54 PM

I wanted to set up a PPTP VPN, but unfortunately my ISP won't allow protocal GRE 47 to pass through the router.  

Do I have any other options to setup VPN?

Title: Re: Workaround needed for PPTP VPN
Post by: Hans Pedersen on June 27, 2002, 12:09:41 PM

I asked the same question a few weeks ago, but since I didn't get an answer, I suppose the GRE protocol is required.

Title: Re: Workaround needed for PPTP VPN
Post by: Franck on June 27, 2002, 12:21:24 PM

Dave wrote:
>
> I wanted to set up a PPTP VPN, but unfortunately my ISP won't
> allow protocal GRE 47 to pass through the router.
>
> Do I have any other options to setup VPN?
The other option with SME is IPSEC (Freeswan is included in the distribution). BUT, IPSEC is using protocols 50 (ESP) and/or 51 (AH), and I doubt your ISP will allow these protocols to pass through your router.....

My final words will be : bad ISP, choose another ISP....

Title: Re: Workaround needed for PPTP VPN
Post by: Hans Pedersen on June 27, 2002, 05:36:43 PM

/HansFranck wrote:

> My final words will be : bad ISP, choose another ISP....

... or spend some money on a router that supports the protocols in question.

Title: Re: Workaround needed for PPTP VPN
Post by: Dave on June 27, 2002, 07:04:29 PM

Thanks for your input.  They did give me another option, and that would be to eliminate NAT, and just give public IPs to our entire network (12 computers).  If I agree to this, they will allow GRE, but that opens up a tonne of security issues.

Should I go with this option?  What should I consider?

Title: Re: Workaround needed for PPTP VPN
Post by: steve on June 27, 2002, 07:25:43 PM

can you use ipsec instead?

Title: Re: Workaround needed for PPTP VPN
Post by: Dave on June 27, 2002, 08:02:06 PM

No - just more ports that they won't allow me to use

Title: OFFTOPIC: Re: Workaround needed for PPTP VPN
Post by: Dan G. on June 27, 2002, 08:25:43 PM

Dave,

I have a complete solution based on a non-SME toolset, for exactly this kind of situation.  I had a client that needed every host on his LAN to be able to access IPSEC and/or PPTP VPNs, from any vendor, at any of their client sites.  It was a headache, but the solution worked.

In short, it's a Red Hat 2.4 kernel machine running IPTables, screening a big chunk of their private subnet --- all using routable/legal/non-RFC-1918 addresses, like your ISP suggested.  The Shorewall package at www.shorewall.net is the script set I used to manage the IPTables config  --- and I highly recommend it.

The whole solution is open source.  Let me know if you are interested, and I'll give you details off-list.

Good luck,

Dan

Title: Re: OFFTOPIC: Re: Workaround needed for PPTP VPN
Post by: Lazo on June 28, 2002, 01:09:34 AM

does your problem is your router or your ISP?? if it is your router, is less expensive to change the router and continue with your services or update like your ISP said (for me, 12 IP public is very expensive, at least in my area, it could charge by this event, and you will be paying more by month)

did I explained my self clear?? sorry, I'm not very good in English!!