VM Instance running pptp server inside virtual router.

[Steve Searles <ss...@zimcom.net>]

Anyone know the secret to making pptp server work through a virtual router.  The IP PROT 47 (GRE) seems to not be handled correctly.  I have not dug into the VR any further to troubleshoot, thought I would ask here and see if there was a quick answer.  I have not tried a static nat inside a vpc yet but I assume that may work.  Running CS 4.3.0/Advanced Networking. (Egress rule 0.0.0.0/0 any) ingress firewall open for ports 1-65535 and port forwarding for 1-65535 for testing.I know we can just use the l2tp vpn on the VR and essentially accomplish the same thing, however this particular application relies on the Microsoft RAS services and therefore needs to be terminated on the VM instance itself.

Thanks.

Re: VM Instance running pptp server inside virtual router.

[Andrei Mikhailovsky <an...@arhont.com>]

Steve, hi

I've done this in a past and had no issues. my pptp tunnels successfully worked from linux and macos clients. Sorry, don't have any windows clients.

I had to open port 1723 tcp and forwarded it to the linux vm running pptpd. I didn't have to do anything with proto 47.

Andrei

----- Original Message -----
> From: "Steve Searles" <ss...@zimcom.net>
> To: users@cloudstack.apache.org
> Sent: Thursday, 14 August, 2014 3:34:35 AM
> Subject: VM Instance running pptp server inside virtual router.
> 
> Anyone know the secret to making pptp server work through a virtual router.
> The IP PROT 47 (GRE) seems to not be handled correctly.  I have not dug
> into the VR any further to troubleshoot, thought I would ask here and see if
> there was a quick answer.  I have not tried a static nat inside a vpc yet
> but I assume that may work.  Running CS 4.3.0/Advanced Networking. (Egress
> rule 0.0.0.0/0 any) ingress firewall open for ports 1-65535 and port
> forwarding for 1-65535 for testing.I know we can just use the l2tp vpn on
> the VR and essentially accomplish the same thing, however this particular
> application relies on the Microsoft RAS services and therefore needs to be
> terminated on the VM instance itself.
> 
> Thanks.
> 
> 
> 

Re: VM Instance running pptp server inside virtual router.

[Ahmad Emneina <ae...@gmail.com>]

The VR is setup to explicitly drop all traffic and then only allow traffic
of TCP/UDP/ICMP to be enabled.

I believe this is on the roadmap though, if its not supported already in
4.4:

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Region+level+VPC+and+guest+network+spanning+multiple+zones
https://cwiki.apache.org/confluence/display/CLOUDSTACK/OVS+distributed+routing+and+network+ACL

HTH


On Wed, Aug 13, 2014 at 7:34 PM, Steve Searles <ss...@zimcom.net> wrote:

> Anyone know the secret to making pptp server work through a virtual
> router.  The IP PROT 47 (GRE) seems to not be handled correctly.  I have
> not dug into the VR any further to troubleshoot, thought I would ask here
> and see if there was a quick answer.  I have not tried a static nat inside
> a vpc yet but I assume that may work.  Running CS 4.3.0/Advanced
> Networking. (Egress rule 0.0.0.0/0 any) ingress firewall open for ports
> 1-65535 and port forwarding for 1-65535 for testing.I know we can just use
> the l2tp vpn on the VR and essentially accomplish the same thing, however
> this particular application relies on the Microsoft RAS services and
> therefore needs to be terminated on the VM instance itself.
>
> Thanks.
>
>
>