peter at endian.com
Thu Aug 21 18:39:32 UTC 2008
> I had just completed a test connecting Windows Vista PPTP through
> chilli. I had no issues once the required kernel modules were loaded.
That's wired. Maybe it was only luck? Sometimes it works also for me
without special iptables rules. But most of the time it doesn't.
Have you tried to connect/disconnect/connect/disconnect all the time?
Maybe there's also a special combination you need to have (maybe a
special service pack on client), because we have this problem only on
some installations and in my lab of course. Some other installations
never had that problem. Probably nobody tried there..
If i unload the helper modules, it also works always, without any
problem. It stops working only if i load the helper modules. That makes
also perfectly sense, because it does not pass twice the helper modules
if they are unloaded.
But certainly I need the modules, otherwise you could never have
multiple connections through the machine.
> With that said, I have actually long suspected that problems with VPNs
> could be due to connection tracking... I'm guessing those notrack rules
> are keepers.
I really hope that's the solution.
Next i would like to try is trying only with the notrack rules and
removing the drop rules. Only for trying.. Because in theory they should
not harm nor help
> I don't think your FORWARD ACCEPT rules on tun0 are necessary... it
> should be forwarding everything from/to tun0.
Well, surely you don't really need them. I added them because normally a
firewall is configured in order to block all traffic and let pass only
what you want, as it is in my case.
But you're right, the accept rules are not necessary when nothing other
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: peter at endian.com
More information about the Chilli