Access old PPTP behind OpenBSD 6.1

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Access old PPTP behind OpenBSD 6.1

bonne
Yes... I know... Don't run MS PPTP.... and that is why I am implementing
OpenBSD.

Untill OpenVPN is fully installed on every client, I need to provide access
to PPTP during transition.

I don't know what to use in pf.conf though. I have tried everything that I
find logical.

In sysctl.conf I have added:


net.inet.gre.allow=1
net.inet.gre.wccp=1
net.inet.mobileip.allow=1


Lets say that openBSD public IP is 1.2.3.4  local IP 10.77.1.2 and LAN is
10.77.1.0/24 - PPTP server is 10.77.1.106

How would my PPTP lines look in pf.conf?

Help is greatly appriciated.

Regards, Lars.
Reply | Threaded
Open this post in threaded view
|

Re: Access old PPTP behind OpenBSD 6.1

lilit-aibolit
You need to have redirect rule to PPTP server for GRE protocol.

However you'll have only one vpn session at same time.


On 05/09/17 08:06, Lars Bonnesen wrote:

> Yes... I know... Don't run MS PPTP.... and that is why I am implementing
> OpenBSD.
>
> Untill OpenVPN is fully installed on every client, I need to provide access
> to PPTP during transition.
>
> I don't know what to use in pf.conf though. I have tried everything that I
> find logical.
>
> In sysctl.conf I have added:
>
>
> net.inet.gre.allow=1
> net.inet.gre.wccp=1
> net.inet.mobileip.allow=1
>
>
> Lets say that openBSD public IP is 1.2.3.4  local IP 10.77.1.2 and LAN is
> 10.77.1.0/24 - PPTP server is 10.77.1.106
>
> How would my PPTP lines look in pf.conf?
>
> Help is greatly appriciated.
>
> Regards, Lars.
>

Reply | Threaded
Open this post in threaded view
|

Re: Access old PPTP behind OpenBSD 6.1

Rui Ribeiro
Be just careful that some operating systems already discontinued PPTP a few
in the server side, and also in the client implementation, notably from iOS
10 and macOS Sierra, it is no longer supported.

https://support.apple.com/en-us/HT206844

On 5 September 2017 at 07:36, lilit-aibolit <[hidden email]> wrote:

> You need to have redirect rule to PPTP server for GRE protocol.
>
> However you'll have only one vpn session at same time.
>
>
>
> On 05/09/17 08:06, Lars Bonnesen wrote:
>
>> Yes... I know... Don't run MS PPTP.... and that is why I am implementing
>> OpenBSD.
>>
>> Untill OpenVPN is fully installed on every client, I need to provide
>> access
>> to PPTP during transition.
>>
>> I don't know what to use in pf.conf though. I have tried everything that I
>> find logical.
>>
>> In sysctl.conf I have added:
>>
>>
>> net.inet.gre.allow=1
>> net.inet.gre.wccp=1
>> net.inet.mobileip.allow=1
>>
>>
>> Lets say that openBSD public IP is 1.2.3.4  local IP 10.77.1.2 and LAN is
>> 10.77.1.0/24 - PPTP server is 10.77.1.106
>>
>> How would my PPTP lines look in pf.conf?
>>
>> Help is greatly appriciated.
>>
>> Regards, Lars.
>>
>>
>


--
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Reply | Threaded
Open this post in threaded view
|

Re: Access old PPTP behind OpenBSD 6.1

Stuart Henderson
In reply to this post by bonne
On 2017-09-05, Lars Bonnesen <[hidden email]> wrote:

> Yes... I know... Don't run MS PPTP.... and that is why I am implementing
> OpenBSD.
>
> Untill OpenVPN is fully installed on every client, I need to provide access
> to PPTP during transition.
>
> I don't know what to use in pf.conf though. I have tried everything that I
> find logical.
>
> In sysctl.conf I have added:
>
>
> net.inet.gre.allow=1
> net.inet.gre.wccp=1
> net.inet.mobileip.allow=1
>
>
> Lets say that openBSD public IP is 1.2.3.4  local IP 10.77.1.2 and LAN is
> 10.77.1.0/24 - PPTP server is 10.77.1.106
>
> How would my PPTP lines look in pf.conf?
>
> Help is greatly appriciated.
>
> Regards, Lars.
>

PPTP through NAT is awkward. You might have more luck running PPTP on
the OpenBSD box using npppd(8) rather than passing it through to another
machine; config is not too tricky.