+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, VPN with Transparent Proxy in Technical; Ive got a PPTP VPN server setup on my windows 2003 domain controller at my house, the DC is behind ...
  1. #1

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20

    VPN with Transparent Proxy

    Ive got a PPTP VPN server setup on my windows 2003 domain controller at my house, the DC is behind the transparent proxy, so how can i make the VPN work correctly externally. Ive just tried opening port 1723 and 47 on the router and forwarding them to the transparent proxy which then should destination NAT those packets to the DC, i tried the following iptables rules:

    Code:
    -A PREROUTING -p tcp -m tcp -i eth0 --dport 1723 -j DNAT --to-destination 192.168.2.36:1723
    -A PREROUTING -p tcp -m tcp -i eth0 --dport 47 -j DNAT --to-destination 192.168.2.36:47
    The DC is on ip 192.168.2.36 and the transparent proxy has 192.168.2.34 and 192.168.1.34 with the router having 192.168.1.1

  2. #2
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Most Transparent proxys automatically pick up any traffic on port 80 and automatically forward it.

    Unless your using AOheLL you should configure your router to forward port 1723 to your VPN server (your domain controller)

    Make sure your router supports the GRE protocol. The GRE protocol is called protocol 47 and is NOT the same as port 47. What are you using as your router??

  3. #3

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20
    Yes i know it picks up on port 80
    I cant forward it to the Domain Controller because its behind the proxy on a different address (the router is on 192.168.1.1 and the dc is on 192.168.2.34) the router only allows me to enter address's in the 192.168.1.* range

    The routers a Linksys AG241

  4. #4
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Assign the router a new IP address in the 192.168.2.* range?

    Orrr just add another ip address to the domain controller of 192.168.1.34, that way you dont have to reconfigure anything.

    Point the router at the 192.168.1.34 range.

    Your router does support PPTP passthrough so use that.

    Id be carefull when considering configuring your VPN, are you sure that everything is locked down correctly, as once enabled its not just your users that can connect to it

    You may need a new password policy and lockout policies.

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,487
    Thank Post
    867
    Thanked 855 Times in 675 Posts
    Rep Power
    197
    I think you are missing the point of "transparent proxy" - this tends to refer to a transparent *web* proxy, which has nothing to do with PPTP at all.

    It also looks like you have one too many IP ranges there... is there a good reason for that?

    A network diagram may help.

  6. #6
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    An even better question would be : Why does your network run with class C Ranges???

    You'll be limited to only 254 computers per subnet, surely thats a bad thing :S.

  7. #7

    Join Date
    Jan 2007
    Location
    Durham, UK
    Posts
    328
    Thank Post
    33
    Thanked 17 Times in 12 Posts
    Rep Power
    20
    Quote Originally Posted by greenfieldsupport View Post
    An even better question would be : Why does your network run with class C Ranges???

    You'll be limited to only 254 computers per subnet, surely thats a bad thing :S.
    Its my home network like i said...

    Quote Originally Posted by tom_newton View Post
    I think you are missing the point of "transparent proxy" - this tends to refer to a transparent *web* proxy, which has nothing to do with PPTP at all.

    It also looks like you have one too many IP ranges there... is there a good reason for that?

    A network diagram may help.
    I'll try to get one created in a bit using visio

    Quote Originally Posted by greenfieldsupport View Post
    Assign the router a new IP address in the 192.168.2.* range?

    Orrr just add another ip address to the domain controller of 192.168.1.34, that way you dont have to reconfigure anything.

    Point the router at the 192.168.1.34 range.

    Your router does support PPTP passthrough so use that.

    Id be carefull when considering configuring your VPN, are you sure that everything is locked down correctly, as once enabled its not just your users that can connect to it

    You may need a new password policy and lockout policies.
    How can i put another ip address on the DC, would that require multiple NIC's?



SHARE:
+ Post New Thread

Similar Threads

  1. ISA server as a transparent proxy
    By FN-GM in forum Wireless Networks
    Replies: 30
    Last Post: 25th February 2008, 05:33 PM
  2. Transparent authentication on subdomains
    By powdarrmonkey in forum Web Development
    Replies: 0
    Last Post: 4th February 2008, 04:28 PM
  3. Transparent squid + local IP addresses
    By jonathan.lees in forum *nix
    Replies: 1
    Last Post: 2nd December 2007, 02:20 AM
  4. Squid Transparent
    By Jackd in forum *nix
    Replies: 5
    Last Post: 10th October 2007, 03:12 PM
  5. Squid Transparent Proxy.
    By Jackd in forum Network and Classroom Management
    Replies: 2
    Last Post: 25th July 2007, 07:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •