So, recently we switched our firewall/routing system from a Cisco PIX to a Linux based firewall w/ IPTables. It just so happens that no one has been doing major work with any external vendors. The two day’s we’ve been trying to do some work over PPTP VPN and haven’t been able to very well. The short version of the problem is that we can only establish one connection from an internal machine to an external server. Anyone else that tries to connect to that same server, can’t. On top of that, the connection is “held” open for about 10 minutes after the last use, so we have to wait for it to reset (after 10mn) for someone else to use it. BIG PAIN. After alot of searching I found the solution from the Waikato LUG.
Here’s a short version for those who don’t like to read:
- Install Linux Kernel version 2.6.14 or better (I used 2.6.17)
- modprobe ip_nat_pptp
- modprobe ip_conntrack_pptp
- Put the following lines into your modprobe boot (like /etc/modprobe.conf):
_insert ip_nat_pptp /bin/true
insert ip_conntrack_pptp /bin/true_
Thats about it, you shouldn’t need to add anything to your IPTables, as long as PPTP VPN worked previously. For me the change was immediately noticable.