Remotedesktop via VPN (PPTP Daemon)

[redoffice]

We´re using a PC with openSUSE 11.0 in our small company which works as Internetgateway + Router.

I set up the PPTP Daemon an made the configs to get incoming connections. It is possible to establish a connection from external zone eg. a Win XP Client but I cannot connect to the clients in the internal Zones.

The thing we want to do is a Remotedesktopconnection through the VPN tunnel of the Gateway (in our case 192.168.0.1) to a Windows Client (192.168.0.11) in the internal zone.

In Susefirewall2 I configured the RDP Port 3389 and the GRE Protocol (for VPN) to be allowed in the internal an external zone. For security reasons there is no masquerading of the Port 3389, which allows direct Remotedesktop usage from outside. Only Port 1723 is forwarded to "localhost".

The question is how to get internal client-connections through the PPTPd from outside?

[ab@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you able to see the connection making it to your gateway machine even
(LAN trace)? If so do the packets get forwarded to your internal network?

I have not played with PPTP personally but have setup OpenVPN on multiple
distributions many times and it is great and cross-platform (its client on
windows is the easiest I've used, and the client in SUSE is built into
NetworkManager. If it were my environment I would go this route instead
but that's just me. If that is not an option then troubleshoot where the
packets are going (make sure they get off the source box and make it to
your gateway, then off the gateway and through to the remote windows machine).

Good luck.





redoffice wrote:
> We´re using a PC with openSUSE 11.0 in our small company which works as
> Internetgateway + Router.
>
> I set up the PPTP Daemon an made the configs to get incoming
> connections. It is possible to establish a connection from external zone
> eg. a Win XP Client but I cannot connect to the clients in the internal
> Zones.
>
> The thing we want to do is a Remotedesktopconnection through the VPN
> tunnel of the Gateway (in our case 192.168.0.1) to a Windows Client
> (192.168.0.11) in the internal zone.
>
> In Susefirewall2 I configured the RDP Port 3389 and the GRE Protocol
> (for VPN) to be allowed in the internal an external zone. For security
> reasons there is no masquerading of the Port 3389, which allows direct
> Remotedesktop usage from outside. Only Port 1723 is forwarded to
> "localhost".
>
> The question is how to get internal client-connections through the
> PPTPd from outside?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK1yC+AAoJEF+XTK08PnB5lSwQAMrNBYOIjs JwF//Dks1Rb+Yg
iohG3KWsPL1jFywdzsaJJxZXwXuIeiGZp5zQVtJPirGMGyGkmu B6ZIbmOfmLthmB
EnYUK5xyX/NVbOtQ7+5f/a4+0m8OLhrazWV+nJovQ/tkLD8+3c1I9JNbiUhvnpwq
vDsi7Z7Xr1fd7j4wJwDVdueGOevKQvCFrHKFGHOiqeiBapOvZd 96iwiDzz87V4Rb
/IHgwz/N7gKGiir73UAQmFVqVFq+N3Cj+4Ge5pc/wOVwV5nLwulITtQ8Gq9cBape
1GKglW5jjPr1JJpP9lXB4cwwuOloEq6WXAc0sGlp/WoZIoZ2+G59QqdXMIBFsVq9
ac6fXqmpT6kZTVtbhInNGpUQLzcqilS7WSPlgwenIJ1JLwU6cs RDWvO4b8jNbut9
hnWreSNgESmexoEB2k2cdjYfb0gWsguxuukJV4IBHZlNFgBH9W zbUhi3HLM3Kkfv
KlzZ9p0QDcLGD1g9F3o+5qIrD450VPelhiHsBm3oM/w8Q+M/wA+3bQP0zT488Zfr
9CMYREXUB0OaukxPd2zxQg5KWl41nxLwpYnS+kF4UgWmhzXod9 JdSSbEwtYse8w/
LbqzKPumSA4zllEYYEfqC3MErEMWcQeS8HHWwZriDR1ZhSQ3F9 ezcUM6WP72GcEP
H+zh1iTzBtLetTxeyYgi
=4Q9X
-----END PGP SIGNATURE-----

[redoffice]

Thanks for the reply. OpenVPN is a very powerful program, I already tried that. But for our needs I wanted an easy as possible VPN connection.

Well I found a solution for the problem with connecting the internal clients.
Actually it was a very trivial thing. I only had to set a route of the Port 3389 to the Windows Workstation´s internal IP (192.168.0.11) from the internal IP of the connecting client from outside. That works just fine now!

[LRE]

Note that PPTP is far from secure compaired to others.
I personally use SSL-Explorer.

Is no longer maintained, old version can still be found on the net though. An open source alternative project is still running for it. This is called Adito. You might give that a try.

It can do some real great things, even running software right from the server which you don't have on you own pc (even windows software).