[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] how to set up a the PPTP server with firewall rules
 Date:  Sun, 6 Jul 2003 18:15:21 -0700 (PDT)
On Sun, 6 Jul 2003, Manuel Kasper wrote:
> 
> Hmm, this is an interesting new problem (PPTP client and PPTP server
> cannot run at the same time)... I think maybe it could be solved with
> MPD's "set pptp self <ipaddr>" command to make MPD bind to a specific IP
> address, then have the PPTP client bind to the pseudo WAN IP and the PPTP
> server to the real WAN IP. The latter may not be known at the time the
> PPTP server starts and can even change dynamically, though... :(

Only the GRE traffic is a problem, since there's no conflict with the
control connection (as long as you don't need simultaneous client and
server operation with respect to a single remote system).  So the PPTP
code should be able to use the local IP address of the already-established
control connection socket to bind() the (presumably raw) GRE socket.  It
could even bind to the remote IP by using connect(), which also improves
efficiency.

AFAIK port numbers are ignored for raw sockets, which is too bad since the
TCP/UDP "destination port" field holds the GRE protocol type, and could be
used to avoid conflicts with other uses of GRE.

					Fred Wright