Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    3 public servers: middle machine for traffic forwarding


    With the following machines...
    Server 1: PPTP client windows; Public IP: 1.1.1.1
    Server 3: PPTP server centos6; Public IP: 3.3.3.3
    Connecting VPN server3 from server1 works correctly!

    Goal is to have a middle server forwarding traffic in both ways
    Server 1: PPTP client windows; Public IP: 1.1.1.1
    Server 2: Traffic forwarding centos6; Public IP: 2.2.2.2
    Server 3: PPTP server centos6; Public IP: 3.3.3.3

    Server1 connects with PPTP client to 2.2.2.2 and this server2 redirects to 3.3.3.3 (server3)
    Is it possible to have that scenario?


    Tried the following setup in Server2
    1. Routing enabled
    Code:
    # echo "1" > /proc/sys/net/ipv4/ip_forward
    # nano /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    # sysctl -p
    2. Iptables forward
    Code:
    # iptables -F -t nat
    # iptables -F
    # iptables -A FORWARD -d 3.3.3.3 -i eth0 -j ACCEPT
    # iptables -t nat -A PREROUTING -i eth0 -d 2.2.2.2 -j DNAT --to-destination 3.3.3.3
    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # iptables save
    # iptables reload
    When trying to connect with Server1 VPN PPTP client to 2.2.2.2, it redirects correctly to 3.3.3.3.
    However, in server3 (3.3.3.3) it does not assign a PPTP client to 2.2.2.2.
    Here is the connection log at server3

    Code:
    # tail -f /var/log/messages
    Nov 29 09:53:39 office pptpd[2121]: CTRL: Client 2.2.2.2 control connection started
    Nov 29 09:53:39 office pptpd[2121]: CTRL: Starting call (launching pppd, opening GRE)
    Nov 29 09:53:39 office pppd[2122]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
    Nov 29 09:53:39 office pppd[2122]: pppd 2.4.5 started by root, uid 0
    Nov 29 09:53:39 office pppd[2122]: Using interface ppp2
    Nov 29 09:53:39 office pppd[2122]: Connect: ppp2 <--> /dev/pts/3
    Nov 29 09:54:09 office pppd[2122]: LCP: timeout sending Config-Requests
    Nov 29 09:54:09 office pppd[2122]: Connection terminated.
    Nov 29 09:54:09 office pppd[2122]: Modem hangup
    Nov 29 09:54:09 office pppd[2122]: Exit.
    Nov 29 09:54:09 office pptpd[2121]: GRE:  read(fd=6,buffer=6124a0,len=8196) from PTY failed: status = -1 error =  Input/output error, usually caused by unexpected termination of pppd,  check option syntax and pppd logs
    Nov 29 09:54:09 office pptpd[2121]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
    Nov 29 09:54:09 office pptpd[2121]: CTRL: Client 2.2.2.2 control connection finished
    Any ideas to setup the server2 working as middle traffic forwarder?

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    4,031
    Should be possible, if you nat traffic in both ways.
    Will probably take a lot of tcpdumps, log reading and caffeine bewerage of your choice.
    Also, dns resolution might be a funny topic.

    There is a tool, that seems to fit your usecase better: https://www.tinc-vpn.org/
    You must always face the curtain with a bow.

  3. #3
    -->
    Correct me if I am wrong, what you want is to install a PPTP gateway between your client and your internal server (server3) then there is no PPTP encapsulation between server2 et server3. How server2 can reach server3? depending on than you may or may not use nat.

    Another question: why use an obsolete protocole instead of openvpn or ipsec or others?

$spacer_open
$spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •