This tutorial explains how to configure and use Microsoft's PPTP with the GNAT Box firewall. Please note that there can be many variations of a PPTP configuration with the GNAT Box and this tutorial only covers a specific setup.

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server, creating virtual private network (VPN) by using TCP/IP-based data networks. PPTP supports multiple network protocols (IP, IPX and NetBEUI) and can be used for virtual private networking over public and private networks.

You can use PPTP to provide secure, on-demand, virtual networks by using dial-up lines, local area networks (LANs), wide area networks (WANs), or the Internet and other public TCP/IP-based networks.

GNAT Box provides transparent support for PPTP both inbound and outbound. Access control can be exercised by the GNAT Box in either direction.

References

• Microsoft's PPTP Information Page
• Installing, Configuring, and Using PPTP on Microsoft Clients and Servers
• PPTP for Macintosh
• Understanding PPTP
• Dynamic Compulsory Tunneling with RADIUS and PPTP
• PPTP and Implementation of Microsoft Virtual Private Networking
• PPTP Internet Draft Standard

Requirements

Software

1. Client - Windows 95
   • Dial-Up Networking upgrade
   • Microsoft Winsock Update
     
     
2. PPTP software is also available for other platforms and other vendors.
   • Macintosh
   • Windows 3.11
   • Windows for Workgroups
     
     
3. Server -
   • Windows NT 4.0
   • TCP/IP installed and bound to the network adapter
   • PPTP server is configured with a static IP address
   • RAS, with Dial-up Networking, is installed and configured
     
     
4. GNAT Box - You need to be running version 2.0.2 or higher.

Configuration

1. Server Setup - Please reference Installing, Configuring, and Using PPTP on Microsoft Clients and Servers. This document provides an excellent step by step procedure for setup and configuration of an NT server.
   
   Briefly:
   • Install PPTP and select the number of VPN devices.
   • Add the VPN devices as RAS ports and devices.
   • Configure encryption and authentication options.
   • Configure virtual Network IP number.
     
     
2. Client Setup - Win95
   
   
   
   • Dialup Connection
     1. Create a Dial-Up Network configuration to your ISP
     2. Create a Dial-Up Network configuration for PPTP by selecting Microsoft VPN Adapter instead of a modem.
        Name the configuration "GNAT Box PPTP."
        Enter the Host name or IP address of the External Network Interface of the GNAT Box.
        
        
   • LAN Connection
     1. Create a Dial-Up Network configuration for PPTP by selecting Microsoft VPN Adapter instead of a modem.
        Name the configuration "GNAT Box PPTP."
        Enter the Host name or IP address of the External Network Interface of the GNAT Box.
   
   
3. GNAT Box Setup -
   • Create a GNAT Box tunnel to the NT PPTP server. Use TCP port 1723.
   • Create a Remote Access filter that allows access to the PPTP tunnel. Adjust the filter to your local security policy. Save the filter and save the Remote Access filter set.
   • Add a static route for the PPTP Virtual network and use the real IP address of the NT PPTP server as the gateway to the virtual network.
   • PPTP access will now be enabled.

Using the PPTP VPN

1. Establish a network connection, either via a dialup to an ISP or from a LAN.
2. Click on the GNAT Box PPTP Dial-up Networking icon. If you haven't entered a password you will be prompted for one. After validation your PPTP connection will be established.
3. You will now have a VPN tunnel to the NT server. Depending upon your configuration and protocols configured, you should be able to see local hosts in the Network Neighborhood. You should also be able to access TCP/IP based hosts, if proper routing on the NT server has been configure.