I tried several times to get a VPN working - I tried 1) Tunneling IP over SSH fw. 2) IPSec 3) PPTP All were painful, and often unreliable. (I'd do a kernel update, and suddenly VPN would die a horrible death, and I'd have to recompile a bunch of stuff to get it back up - ugh) The best way, bar none, no exceptions, is using OpenVPN. Cross platform, fairly quick setup, good security, highly reliable. After a few hours of tinkering during setup, "it just works" and has done so very reliably under rather demanding circumstances for over a year. Probably the worst part was setting up the routing tables on either end, and that seems to be a PITA regardless of your VPN solution... The only downside I can find to OpenVPN is that it requires a process on the GW for each connection, so this could get cumbersome if you have hundreds of simultaneous connections. But, with my half-dozen connections, it works fanastically! Cheers! -Ben On Monday 31 October 2005 13:27, James B. Byrne wrote: > I have set up a VPN over PPTP on a CentOS server using the > DKMS module rpm dkms-0-2.0.6-3.el4 from > http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie > w/dkms-0-2.0.6-3.el4.kb.html > > and > > kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at > http://pptpclient.sourceforge.net/howto-fedora- > core-3.phtml. > > I have configured the pptpd server on Centos4 to use MS_CHAPv2, > 128bit encryption and to assign server side and client IP addresses > in the range a.b.c.42-48 and a.b.c.52-58 respectively. > > I have also opened the firewall for tcp port 1723 and the GRE > protocol (47). > > I have configured a Microsoft Win2Kpro client and I can connect and > establish a VPN. However I am missing something because: > > 1. If I try and connect to a machine on the local network segment > then the VPN channel is not used (this is probably the correct > behaviour but it is not what I want and I need to know how to force > local network paths over an encrypted connection). > > 2. If I try and connect to a host outside our local network then > the traffic is not routed out through the gateway but it does > travel over the vpn to the local pptdp server. > > So, what am I missing in all of this? Are there options for the > pptpd that I need to set for this to work? > > I have a similar problem when I connect from outside the local > network segment. The the vpn connects but then I cannot reach any > other host. > > Any suggestions are welcome. I am a digest subscriber so if you > could copy my email address on your reply then I would be > appreciative. > > Regards, > Jim > > -- > *** e-mail is not a secure channel *** > mailto:byrnejb.<token>@harte-lyne.ca > James B. Byrne Harte & Lyne Limited > vox: +1 905 561 1241 9 Brockley Drive > fax: +1 905 561 0757 Hamilton, Ontario > <token> = hal Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978