[Voyage-linux] PPTP/GRE traffic in Voyage
A Gordon
(spam-protected)
Sun Sep 28 08:33:42 HKT 2008
Hello,
I'm having problems connecting to a remote VPN through a voyage-based
wireless router - maybe somebody has any experience with iptables/pptp ?
Here's the setup:
1. a linux laptop, with a valid PPTP setup (using a wired network and
bypassing the voyage router - the connection is succesful)
2. a voyage-based router (WRAP board), with one external network
interface (eth0 at 192.168.0.145) and one internal (NAT) wireless
network interface (ath0 at 10.1.20.1).
I'm using voyage v0.4 (old, but stable enough for me).
3. The NAT between ath0 and eth0 is done using the standard
"/usr/local/sbin/nat.sh":
$ nat.sh ath0 eth0 "10.1.20.0/24"
Using 'tcpdump' on the voyage box, it seems that GRE packats are
forwared from the wireless interface to the wired interface and sent out
to the internet, but incoming packets are not forwarded back to the
wireless interface.
Monitoring the wireless interface shows only outgoing packets from
10.1.20.10 (which is my linux laptop) to the VPN server (vpn.myu.edu):
$ tcpdump -i ath0 ip proto 47
23:59:43.535275 IP 10.1.20.10 > vpn.myu.edu: GREv1, call 60440, seq 1,
length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:45.718015 IP 10.1.20.10 > vpn.myu.edu: GREv1, call 60440, seq 2,
length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:48.721889 IP 10.1.20.10 > vpn.myu.edu: GREv1, call 60440, seq 3,
length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:51.722030 IP 10.1.20.10 > vpn.myu.edu: GREv1, call 60440, seq 4,
length 36: LCP, Conf-Request (0x01), id 1, length 22
Monitoring the wired interface shows both outgoing and incoming packets
(192.168.0.145 is the IP of the voyage box):
$ tcpdump -i eth0 ip proto 47
23:59:43.535568 IP 192.168.0.145 > vpn.myu.edu: GREv1, call 60440, seq
1, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:43.706254 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 2,
ack 1, length 40: LCP, Conf-Ack (0x02), id 1, length 22
23:59:45.718227 IP 192.168.0.145 > vpn.myu.edu: GREv1, call 60440, seq
2, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:45.886659 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 3,
ack 2, length 40: LCP, Conf-Ack (0x02), id 1, length 22
23:59:46.528628 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 4,
length 25: LCP, Conf-Request (0x01), id 1, length 11
23:59:48.722094 IP 192.168.0.145 > vpn.myu.edu: GREv1, call 60440, seq
3, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:48.890442 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 5,
ack 3, length 40: LCP, Conf-Ack (0x02), id 1, length 22
23:59:49.527974 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 6,
length 25: LCP, Conf-Request (0x01), id 2, length 11
23:59:51.722254 IP 192.168.0.145 > vpn.myu.edu: GREv1, call 60440, seq
4, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:59:51.889123 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 7,
ack 4, length 40: LCP, Conf-Ack (0x02), id 1, length 22
23:59:52.527763 IP vpn.myu.edu > 192.168.0.145: GREv1, call 0, seq 8,
length 25: LCP, Conf-Request (0x01), id 3, length 11
So the question is, which commands are needed to make iptables forward
GRE packages from the wired interface back to the wireless (NAT'ed)
interface ?
Thanks,
Gordon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.voyage.hk/pipermail/voyage-linux/attachments/20080928/91993916/attachment-0001.html>
More information about the Voyage-linux
mailing list