Date: Fri, 13 Mar 1998 09:57:11 -0800 From: Ian Field <ifield@mstk.com> To: "'Jeff Buseman'" <jeff@netronix.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: RE: Natd Support for Microsoft PPTP / VPN using protocol 47 Message-ID: <411B07D1F591D111928500A0C985DE2E01FF18@alpha.mstk.com>
next in thread | raw e-mail | index | archive | help
I'd be VERY interested in what you find out about this Jeff...
Thanks
Ian FIeld
-----Original Message-----
From: Jeff Buseman [mailto:jeff@netronix.com]
Sent: Thursday, March 12, 1998 10:19 AM
To: freebsd-questions@FreeBSD.ORG
Subject: Natd Support for Microsoft PPTP / VPN using protocol 47
I am trying to get a MS VPN set up using the MS PPTP through a
FreeBSD machine set up as a firewall. It has all the hardware and
software loaded / configured to use NATd, ipfw, and routing to
provide Internet access from the internal 10.* network to the ISP.
The MS Server and Client machines are also loaded / configured.
My problem is that as I watch the NATd translations (-v), I see
that the TCP traffic (port 1723, per MS Knowledge Base Article
q166288) is translated properly, but the non TCP protocol traffic
(protocol 47) is not, even though the source and destination
addresses are displayed properly. My NATd command is:
natd -l -v -i vx0 -redirect_address 10.1.1.30 204.xxx.xxx.91
I see the following typical messages (from memory, so this may be
a little sytactically messed up):
in [tcp] 204.xxx.xxx.96:1030 -> 204.xxx.xxx.91:1723 aliased to
204.xxx.xxx.96:1030 -> 10.1.1.1:1723
in [?] 204.xxx.xxx.96 -> 204.xxx.xxx.91 aliased to
204.xxx.xxx.96 -> 204.xxx.xxx.91
Anyway, the point is that the unidentified protocol (47) is not
being translated by NATd. (I checked that packets with a Lan Sniffer
and they are protocol 47).
Finally, my question(s) is this: Is there some way to make NATd
do the translation on this protocol, or does it only handle TCP and
UDP traffic? If so, is there some other way to get the MS PPTP in
through the firewall to an unregistered network, or has someone
hacked the NATd code to support MS PPTP? Or, how is everyone else
providing MS VPN through their firewall?
Jeff Buseman
jeff@netronix.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411B07D1F591D111928500A0C985DE2E01FF18>