PPTP/GRE Multi-forwarding NAT IPTables Example

Question

Google is showing me some returns on PPTP/GRE NAT through iptables/netfilter that will allow multiple connections.

However, I am not finding an example of using this pptp helper module that allows for this. Anyone done this before?

score 8 · Answer 1 · answered Aug 09 '10 at 16:22

8

I am assuming you are talking about being behind a NAT, and trying to have multiple users connect to a remote VPN server, then I just managed to fix this on DD-WRT v24-sp2 (04/16/10):

Apparently the kernel modules were missing which do the NAT translation for the GRE protocol - inserting them proved enough. I have added the following lines to the firewall script:

# Insert modules for PPTP over NAT:
insmod nf_nat_proto_gre
insmod nf_conntrack_proto_gre
insmod nf_conntrack_pptp
insmod nf_nat_pptp

The rest of iptables/netfilter is already set up correctly in DD-WRT apparently :)

If wanted I can dig up the rest of the NAT table entries relating to this.

answered Aug 09 '10 at 16:22

Tuinstoelen

181
2

1

Is that a 2.4 or 2.6 kernel underneath day DD-WRT build? (I'm looking at their web site and having a *really* hard time telling.) A 2.4 kernel will do this completely differently than a >= 2.6.14 kernel. – Evan Anderson Aug 09 '10 at 17:23
1

Uname -a tells me it is running 2.6.24 - indeed 2.4 would be quite different - apparently a lot has changed, amongst others the modules have been renamed to the nf_ netfilter prefix. – Tuinstoelen Aug 12 '10 at 07:23
2

You saved my day! My ISP provides internet access via PPTP channel, and the channel is kept up by home server. My job provides a VPN access to intranet via PPTP as well, and I couldn't connect to job PPTP VPN over my ISP PPTP. I googled for the solution several months, worked through my iptable rules uncountable times, and your solution made things work in the end! I added these modules to /etc/modprobe.d/pptp_nat.conf on my home server, and it works like a charm even after reboot! To complete the picture for guys who google around for the similar problem, my home server runs ArchLinux. – kstep Jan 15 '16 at 16:43
Like @kstep, this was working fine on my ArchLinux home server, but since I updated to kernel 4.7 last night, it just stopped working. – Stunts Aug 12 '16 at 09:40

score 2 · Accepted Answer · answered Aug 05 '10 at 18:28

2

This changed radically in kernel 2.6.14, and that accounts for the various random documentation examples you're finding (many with the pre-2.6.14 syntax). I don't have a machine handy to test on, but you should be fine with loading ip_conntrack_pptp and ip_nat_pptp to get PPTP connection tracking.

answered Aug 05 '10 at 18:28

Evan Anderson

141,071
19
191
328

Thanks this is a point in the right direction... will hold my accept to see if someone feels like spoonfeeding it to me :-) – Kyle Brandt Aug 05 '10 at 18:43
`modprobe` 'em and give it a go... >smile – Evan Anderson Aug 05 '10 at 18:44
Venturing into WDS with AIK right now ... This all seems really cool ... as long as it works :-) Will give this a go later today hopefully. – Kyle Brandt Aug 05 '10 at 18:52
1

Ahh... automated Windows deployment... joy that it is. Good luck. – Evan Anderson Aug 05 '10 at 19:26
How can I add those modules in ubuntu 18.04 ? – Shyamkkhadka Jun 17 '19 at 08:19

PPTP/GRE Multi-forwarding NAT IPTables Example

2 Answers2

Linked