1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pptp Gre47

Discussion in 'Tomato Firmware' started by Reiper, Sep 21, 2007.

  1. Reiper

    Reiper LI Guru Member

    I've been running an old Cisco 678 Router between my ISP and my Small Business Server 2003 for a long time. Both the 678 and SBS are running NAT so my network is "double natted". However, we'll be moving soon and probably going to a wireless connection instead of DSL. To make a long story short, I've grown comfortable with having the double nat so I was wondering if I could stick a WRT54GL router running Tomato between the wireless modem and the SBS server? The reason I'm asking is on the Cisco 678 I had to forward protocol 47 (or GRE) to the IP address of the server in order for PPTP/VPN to work and I don't see this option in the Tomato interface?

    Thanks!
     
  2. ifican

    ifican Network Guru Member

    I dont believe there is an option within the gui however you may beable to do it via command line. As a curiosity, if you are already comfortable with IOS I would just get a newer old cisco router for fairly cheap.
     
  3. Reiper

    Reiper LI Guru Member

    Thanks... Any suggestions on routers?
     
  4. ifican

    ifican Network Guru Member

    If your handy with linux you might get that router to work, though i only use the soho routers i have for testing or backend stuff. Depending on what you want to spend I love the 1800's but they are pricey, you can find them on ebay but again very pricey. Next would be the 851w or 871w which are great routers with wireless. If you dont need the router to have wireless there is the early 800 series i want to say 831 (but if memory servers me right only has a ethernet wan port). Now there are 1700's and 2600's that can be gotten fairly cheap. However cisco is not the only way to go, i also own checkpoint and juniper that i love for there flexibility.

    But again the best thing at the moment is see if one of the linux experts around the site can tell you what iptables string you would need to use to forward gre (i know it can be done via command line but i just dont know how to do it via linux (well not yet at least)).
     
  5. Reiper

    Reiper LI Guru Member

    Great Information!! Thank you for your help!!!
     
  6. GeeTek

    GeeTek Guest

    Did you try DMZ ? It may forward the gre packets and still allow you to keep Tomato on the table for it's other healful benefits. Since you are forwarding to another NAT device anyway, your security level will not change.
     
  7. Reiper

    Reiper LI Guru Member

    Well the idea was to have dual NAT so setting the Server in DMZ actually defeats what I was trying to accomplish. The SBS server actually has two nics with two different IP subnets and does NAT across them. Therefore I could just connect the modem directly to the server (similar to what you mentioned with the server in Tomato's DMZ) but then I only have one round of NAT. Maybe I'm just being paranoid!! Thanks for the suggestion though!!
     
  8. GeeTek

    GeeTek Guest

    I figured that you were using Tomato for QOS or access restrictions or something. I did not realise that the extra NAT layer was a primary concern.
     
  9. Reiper

    Reiper LI Guru Member

    Hay, now there is an idea... Never thought of using QOS at work! Now that could be fun!! Great idea GeeTek. :)
     
  10. Toxic

    Toxic Administrator Staff Member

    GRE like AH and ISAKMP are built into the firmwares and are not an option for Enable/disable in most cases. they either support it or they dont. Cisco equipment (not linksys) should all support CLI control over GRE but as for linksys they either do or dont without any control over these protocols. if any one needs info on Double Natting have a look here.

    http://www.smallnetbuilder.com/content/view/24433/111/
     
  11. Reiper

    Reiper LI Guru Member

    Toxic, do you have any idea if GRE passthrough is supported by Tomato?
     
  12. Toxic

    Toxic Administrator Staff Member

    sorry i cannot answer that I dont have pptp server setup to test, you'd be better asking the Developer.
     
  13. GeeTek

    GeeTek Guest

    It passes GRE. I see it all the time.
     

Share This Page