<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> Hum. Is
your DSL modem built in to the router you are using, or could you supplant your
router with a / your Linux box? <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> If you can
put your Linux box directly on the internet, then your VPN concentrator will
(inherently) be directly on the net too.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Unfortunately my router is combined with the DSL modem
effectively a single CPE.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> I believe
the limitation, which may have been patched and with out being aware of it as I
don't use PPTP (yet), is in the helper module for<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> connection tracking
for PPTP. I would have to refresh my self on the PPTP protocol and it's
interaction with IPTables. I suggest you do some more <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
lang=EN-NZ style='font-size:10.0pt;font-family:"Courier New"'>> reading on
the mailing list as well as on NetFilter.org to see if you can find out
something else.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have just come across some information that says that the
connection tracking support for PPTP connections in particular is now part of
the mainstream kernel ( >= 2.6.14 ). I am currently downloading version
2.6.18-3 and will let you know how it goes.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>PS. I’m using CentOS which probably isn’t the
best choice for hacking things to pieces – guess that serves me right. I
believe debian (Sarge) has support for pptp_conntrack in it already so I might
give that a go as well.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>If you’re interested I am more than happy to discuss
this matter off the mailing lists, but perhaps may serve a better purpose by
being on the lists for future reference for others.<o:p></o:p></span></font></p>
</div>
</body>
</html>