Re: [bitfolk] HTTP via PPTP to same host

7 Oct 2010

...
   You will need
to use the vpn endpoint address, essentially one that is dedicated to the vpn anyway.

 Routing can.only be done per ip so.you can't add a route over the vpn. 
 Actually it's possible to do with Linux's advanced / policy routing
 support, you need an additional routing table to route the PPTP
 traffic then put the PPTP traffic into that table (probably based on
 the IP protocol number, although PPTP isn't just one protocol).

 See lartc.org for more information.

  If you don't want to have to enter another
address, you could probably proxy it locally and send over the vpn to it's internal
address. 
 This sort of thing is probably much easier though, even something with iptables like:

  iptables -t nat -A OUTPUT -p tcp -d YOUR.VPS -j DNAT --to YOUR.VPS.INTERNAL.IP

 Would probably work (as PPTP isn't TCP). 
Not quite, PPTP uses GRE for its encrypted transport, but uses TCP
port 1723 for signalling and handshaking.

By using firewall marking you can flag up certain traffic have
advanced routing pickup and push via a custom routing table. You could
mark the PPTP related traffic and have an extra routing table for just
that (this is all on the client rather than the server).

iptables -t mangle -A OUTPUT -p tcp --dport 1723 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p gre -j MARK --set-mark 1

ip rule add fwmark 1 table default
ip route add $(ip route show | grep default) table default
ip route del $(ip route show | grep default) table main
ip route add default dev <VPN INTERFACE> table main

(default is should be an unused routing table in
/etc/iproute2/rt_tables, main is the standard one)

...
  PS: Using PPTP between two Linux machines seems
insane, OpenVPN or similar
 would surely be better? 
Agreed, OpenVPN is much less faff (not that it helps with this
particular problem).

~Mat

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [bitfolk] HTTP via PPTP to same host