PPTPD service on Openvpn AS machine!?

[tacom6]

Hey guys,

I currently have OpenVPN AS service running very well, but I would like to offer PPTP service too.

Is running PPTP and Openvpn AS on the same server without the two conflicting in any way possible?

Thank you for any pointers/help you might provide,
Nile

[maikcat]

as far as they dont use the same port/protocol yes..

Michael.

[tacom6]

How would I incorporate an iptables rule to allow PPTPD connections/NAT into this mess? Someone please help.

Chain INPUT (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:915
AS0_ACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:914
AS0_ACCEPT udp -- anywhere 3.247.203.1 state NEW udp dpt:917
AS0_ACCEPT udp -- anywhere 3.247.203.1 state NEW udp dpt:916
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:943

Chain FORWARD (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere

Chain AS0_ACCEPT (7 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain AS0_IN (4 references)
target prot opt source destination
ACCEPT all -- anywhere 5.5.0.1
AS0_IN_POST all -- anywhere anywhere

Chain AS0_IN_POST (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_IN all -- anywhere 5.5.0.0/20
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere anywhere

Chain AS0_OUT (2 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere

Chain AS0_OUT_S2C (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere

Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

[tacom6]

I am sorry, but this is beyond my basic understanding of IPTABLES
Any help would be appreciated!!!

[swg0101]

You will need to open up TCP port 1723 and protocol GRE for PPTP to work.
As far as concurrently running OpenVPN and a PPTP server - I suggest you don't do this, as OpenVPN-AS relies somewhat heavily on iptables which the PPTP server might break if you install them both together.
You can try this on a non-production machine and see how they behave though...
Good luck!

[tacom6]

Right, yeah I see that it sure does. Well, I have already installed PPTPD and I can connect, but the routing won't work.

I have created an alias interface for PPTPD to give out to users, but the question is how to make it NATed.

Gosh I need ideas, as I must come up with a PPTPD server on the same machine.

Any further ideas/help would be appreciated.
Nile

[swg0101]

Does sticking a MASQUERADE rule in the interface in question work?

[tacom6]

No. I honestly need to dig up some books on IPTABLES. I just don't fully understand OVPN-AS's rules... when I do I will be able to add what I need... so unless someone has an answer I am going to spend a few weeks studying linux networking.

[swg0101]

If you post your iptables listing then it would be easier to help you...