DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#26 2009-05-17 22:49:59
- Electrocut
- Member
- From: France
- Registered: 2009-04-05
- Posts: 195
Re: PopTop, PPPD, and LibCrypt
Thank you !
In my case, I may try later to replace my DNS-313 Kernel, in order to enable crypt features.
My aim would be to make openswan (IPSEC) + xl2tpd + ppp working, so it would be possible to use the NAS as a "L2TP over IPSEC" VPN server:
- L2tp over Ipsec is (as PPTP) native in Windows XP / Windows Vista / Windows Mobile,
but it is safer.
- As it can run over UDP (Ipsec NAT-T), instead of GRE protocole (PPTP), it can work on networks where PPTP can't (3G providers with NAT not supporting PPTP ...)
- L2tp over Ipsec is as simple to setup as PPTP in Windows XP / Vista / Mobile, when using Pre-Shared Key (instead of Certificates).
Keep us updated !
Last edited by Electrocut (2009-05-17 22:51:16)
DNS-313
Offline
#27 2009-05-17 22:52:20
- metal450
- Member
- Registered: 2009-05-02
- Posts: 29
Re: PopTop, PPPD, and LibCrypt
Well crap...maybe this is what I should do too. But later. I just spent way too long getting THIS working 
Offline
#28 2009-05-17 23:20:55
- Electrocut
- Member
- From: France
- Registered: 2009-04-05
- Posts: 195
Re: PopTop, PPPD, and LibCrypt
metal450 wrote:
Yep...in any case, thanx so much for the tip (u saved me so much time trying to get that iptables stuff working - i wonder why that site, and several others, said they were necessary??)
I think they setup iptables for two reasons:
- to filter incoming traffic: just PPTP is allowed:
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
- to do some NAT, to the traffic going out of the VPN server, so the next hops (default gateway ...), thinks that the traffic is coming from the VPN server itself. This is needed because in the example, remote clients are not in the same network as the LAN (clients 192.168.5.x ... LAN 192.168.0.x ?)
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
The article is not clear, I think.
By the way, how have you chosen your VPN client IP addresses ? :
Two cases :
- the VPN clients are taken inside the 192.168.1.0 / 255.255.255.0 local network: you should have enable ARP PROXY, and VPN clients are "bridged" to the LAN Network, everything should be just fine.
- the VPN clients are not taken inside the 192.168.1.0 / 255.255.255.0 local network, you should need Ip masquerade (NAT) too ... (in that case, PING www.google.com shouldn't have work ... but just to be sure ...)
Last edited by Electrocut (2009-05-17 23:29:41)
DNS-313
Offline
#29 2009-05-17 23:29:19
- metal450
- Member
- Registered: 2009-05-02
- Posts: 29
Re: PopTop, PPPD, and LibCrypt
Electrocut wrote:
I think they setup iptables for two reasons:
- to filter incoming traffic: just PPTP is allowed:
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
- to do some NAT, to the traffic going out of the VPN server, so the next hops (default gateway ...), thinks that the traffic is comming from the VPN server itself:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
Aha...gotcha!
Electrocut wrote:
By the way, how have you chosen your VPN client IP addresses ? If the VPN clients are not inside the 192.168.1.0 / 255.255.255.0 network, you would need Ip masquerade (NAT) too ... (in that case, PING www.google.com shouldn't have work ... but just do be sure ...)
Well, I currently have it set as:
remoteip 192.168.1.234-240
localip 192.168.0.234-240
...although I was pretty much just following an example configuration I found somewhere online, so there's no real reason I made that choice. If you haven't figured it yet, I've got very little (=none) experience with this and am learning as I go - my first "real" exposure to linux was just when I got this box, only a couple weeks ago! So if you think I should have this setup differently...I'm all ears 
Offline
#30 2009-05-17 23:30:22
- Electrocut
- Member
- From: France
- Registered: 2009-04-05
- Posts: 195
Re: PopTop, PPPD, and LibCrypt
Sorry, I edited my post just before your reply :p
DNS-313
Offline
#31 2009-05-17 23:42:24
- Electrocut
- Member
- From: France
- Registered: 2009-04-05
- Posts: 195
Re: PopTop, PPPD, and LibCrypt
I don't really understand why the "localip" is chosen this way.
In your case, I would have tried:
remoteip 192.168.1.234-240
localip 192.168.1.4
DNS-313
Offline
#32 2009-05-18 00:41:19
- metal450
- Member
- Registered: 2009-05-02
- Posts: 29
Re: PopTop, PPPD, and LibCrypt
Electrocut wrote:
In your case, I would have tried:
remoteip 192.168.1.234-240
localip 192.168.1.4
Tried it, same issue - I can access network shares, ping google, but not visit google. It must have something to do with the cellular connection...will test & let u know!
Keep me posted on your OpenSwan pursuits...I'd be interested to hear how that turns out as well
Offline
#33 2010-09-04 02:22:32
- gorbunok
- Member
- Registered: 2010-09-04
- Posts: 8
Re: PopTop, PPPD, and LibCrypt
Hi guys,
I see this thread wasn't touched for some time, but I was wondering if you can help me to get pptp client working on dns-323 with mpee support. Is this possible at all?
Thanks
Offline
#34 2010-11-10 04:26:43
- kotl
- Member
- Registered: 2010-11-10
- Posts: 5
Re: PopTop, PPPD, and LibCrypt
Those who are looking for both Server and Client, please visit the other thread:
http://dns323.kood.org/forum/viewtopic. … 132#p39132
I will soon post more info on this.
Offline