PPTP Connection sharing behind NAT


Hello,


I would like to set up a Linux machine to route connections over a PPTP connection to a secondary ISP inside a pre-existing network, so that internal machines generally use the "standard" ISP connection, and others can be configured to use the Linux machine's PPTP connection as a gateway/tunnel for their internet access.

I have no previous practical experience with PPTP and most of the Linux PPTP documentation seems quite daunting, so if anyone knows a simple way to do this, I'd appreciate any help or advice before I get started.

-----

So far, I'm visualizing it like so:

U = Standard Unencrypted connection
E = PPTP Encryption connection

------------ ------- ---------- -----------
| Internet |--U--| ISP |--U--| Router |-----U-----| Clients |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| E--|--E--|--E--|--E--|----E | | |
------------ ------- ---------- -----------
| | WAN DHCP/LAN 10.0.0.1 (10.0.0.0/8)
U E |
| | E
--------- |
| ISP-2 | E ---------- -----------
--------- |-E-| Linux* |-E-| Clients |
---------- -----------
(192.168.0.0/24)

* Linux (Ubuntu 6.10):

WAN: 10.0.1.0/8 (For PPTP connection both DNS/routing are required)
LAN: 192.168.0.0/24 (For the few clients who are to use ISP-2)
PPP: PPTP connection to ISP-2

IPTables:
- Incoming from WAN/PPP blocked
- Outgoing LAN to WAN blocked
- Outgoing LAN to PPP passed

Routing/DNS forwarding: Set to use ISP-2's gateway and DNS for all

-----

So, does anyone know a simple way to do this, such as if m0n0wall (which has support for a PPTP WAN but does not seem to allow me to set DNS or gateway options to be able to resolve and contact the PPTP server in the first place to establish the connection) can be configured to do this, or is there going to be a lot of trial and error? ;)


Thank you,

Joseph Theriault
administrator@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Relevant Pages

  • Cant connect PPTP VPN to MS Windows Server
    ... Installed pptp and pptp network manager packages ... Added a new PPTP VPN connection, specified username, password, etc. ... WinXP virtual machine hosted on this same box. ... then the dump from the Linux attempt (see bottom of this ...
    (alt.os.linux.suse)
  • RE: Cannot create a VPN connection using PPTP from 2003 Server
    ... Run this command to install the WAN Miniport: ... If I pass a bad username or password the connection asks for the correct ... another server on the Internet by creating a VPN connection. ... connection uses PPTP and has been running fine until recently. ...
    (microsoft.public.windows.server.networking)
  • RE: PPTP VPN connection problems
    ... We have a tool called PPTPping, it may help you to narrow down the GRE 47 ... we will use PPTP Ping utility to determine whether any hardware ... | Thread-Topic: PPTP VPN connection problems ...
    (microsoft.public.windows.server.sbs)
  • Re: Strange PPTP VPN behavior-- "greIn_ip_match !Found" messages
    ... >been trying to connect from Work to Home (the router is at home). ... >The home router forwards tcp port 1723, and I have set PPTP ... >network" in my work VPN connection setup. ... >I find that the constant network activity is due to multiple messages ...
    (microsoft.public.windowsxp.network_web)
  • Re: Strange PPTP VPN behavior-- "greIn_ip_match !Found" messages
    ... >been trying to connect from Work to Home (the router is at home). ... >The home router forwards tcp port 1723, and I have set PPTP ... >network" in my work VPN connection setup. ... >I find that the constant network activity is due to multiple messages ...
    (microsoft.public.windowsxp.general)