OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: PPTP Question

Re: PPTP Question


Ge' Weijers (geprogressive-systems.com)
Thu, 16 Apr 1998 12:46:47 -0400 (EDT)


My reasonably educated guess is that PPTP can be sent through a NAT router
successfully. The control packets don't seem to contain any IP addresses,
so I don't expect any problems there. As long as the NAT router can figure
out to which machine the GRE packets should be sent things will work.

The payloads of the GRE packets are PPP frames, and PPP (IPCP) can
negotiate any IP address for use inside the tunnel, the NAT does not need
any cleverness to handle this.

An MIT student project actually succeeded in proxying PPTP through a
Linux-based firewall, see:

http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/

Hope this helps,

Ge'

On Tue, 14 Apr 1998, Joseph S. D. Yao wrote:

> > According to the VPN book, the PPTP packet consists of the delivery
> > header, the IP header, a GREv2 header and the payload. The IP
> > header of course contains the source and destination IP addresses.
> > But if I'm using redirection at the firewall or other NAT device (so
> > the connection is ostensibly made between the PC's address and a
> > particular port or virtual IP address on the external side of the
> > firewall), where is the >internal< IP address being broadcast?
>
> More to the point, is there any way to make the IP addresses in the
> delivery header and the internal IP header [presumably not the external
> IP header, since you said this is the PPTP packet, which is
> encapsulated in the IP packet] different? If not, you can't have NAT.
>
> --
> Joe Yao jsdycospo.osis.gov - Joseph S. D. Yao
> COSPO Computer Support EMT-A/B
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.
>
>

Ge' Weijers Voice: (614)326 4600
Progressive Systems, Inc. FAX: (614)326 4601
2000 West Henderson Rd. Suite 400
Columbus, OH 43220 http://www.Progressive-Systems.com



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:47 CDT