[ale] Poptop

[Christopher Fowler]

On Tue, 2006-03-14 at 08:28, Geoffrey wrote:

> # PPTP for vpn
> 
> VPN_SVR=XXX.XXX.XXX.XXX
> 
> $IPCHAINS -A forward -j MASQ   -p tcp -s 172.16.10.215/32 \
>      -d $VPN_SVR/32 1723 -i ppp0
> $IPCHAINS -A output  -j ACCEPT -p tcp -s $IPADDR/24 \
>      -d $VPN_SVR/32 1723 -i ppp0
> $IPCHAINS -A input   -j ACCEPT -p tcp -s $VPN_SVR/32 1723 \
>      -d $IPADDR/24  -i ppp0
> $IPCHAINS -A forward -j MASQ   -p 47  -s 172.16.10.215/32      \
>      -d $VPN_SVR/32      -i ppp0
> $IPCHAINS -A output  -j ACCEPT -p 47  -s $IPADDR/24 \
>      -d $VPN_SVR/32      -i ppp0
> $IPCHAINS -A input   -j ACCEPT -p 47  -s $VPN_SVR/32     \
>      -d $IPADDR/24  -i ppp0
> 
> I also recall that I had some modules that had to be loaded as well, but 
> don't recall the specifics of them either. (gre??)
> 

That is correct.  And that is the problem.  At the remote sites I do not
control nor own the firewall.  It could be a PIX firewall, Or a LinkSys
router from BestBuy.  I was hoping poptop could be nat'ed like any other
protocol like http or ssh.  That would mean that almost all routers
would support the implementation.  If I could narrow it down to some
supported routers then maybe I could tell the customers to buy new
equipment.  A customer with a LinkSys router is very reluctant to pony
up the cash for a PIX.  In their eyes they both do the same thing.