OpenVPN Support Forum

Hey guys,

I currently have OpenVPN AS service running very well, but I would like to offer PPTP service too.

Is running PPTP and Openvpn AS on the same server without the two conflicting in any way possible?

Thank you for any pointers/help you might provide,
Nile

as far as they dont use the same port/protocol yes..

Michael.

How would I incorporate an iptables rule to allow PPTPD connections/NAT into this mess? Someone please help.

Chain INPUT (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:915
AS0_ACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:914
AS0_ACCEPT udp -- anywhere 3.247.203.1 state NEW udp dpt:917
AS0_ACCEPT udp -- anywhere 3.247.203.1 state NEW udp dpt:916
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere 3.247.203.1 state NEW tcp dpt:943

Chain FORWARD (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere

Chain AS0_ACCEPT (7 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain AS0_IN (4 references)
target prot opt source destination
ACCEPT all -- anywhere 5.5.0.1
AS0_IN_POST all -- anywhere anywhere

Chain AS0_IN_POST (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_IN all -- anywhere 5.5.0.0/20
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere anywhere

Chain AS0_OUT (2 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere

Chain AS0_OUT_S2C (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere

Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

I am sorry, but this is beyond my basic understanding of IPTABLES
Any help would be appreciated!!!

You will need to open up TCP port 1723 and protocol GRE for PPTP to work.
As far as concurrently running OpenVPN and a PPTP server - I suggest you don't do this, as OpenVPN-AS relies somewhat heavily on iptables which the PPTP server might break if you install them both together.
You can try this on a non-production machine and see how they behave though...
Good luck!

Right, yeah I see that it sure does. Well, I have already installed PPTPD and I can connect, but the routing won't work.

I have created an alias interface for PPTPD to give out to users, but the question is how to make it NATed.

Gosh I need ideas, as I must come up with a PPTPD server on the same machine.

Any further ideas/help would be appreciated.
Nile

Does sticking a MASQUERADE rule in the interface in question work?

No. I honestly need to dig up some books on IPTABLES. I just don't fully understand OVPN-AS's rules... when I do I will be able to add what I need... so unless someone has an answer I am going to spend a few weeks studying linux networking.

If you post your iptables listing then it would be easier to help you...