If you are trying to connect to a PPTP server that is behind a firewall, check out ipfwd
I have created a module to allow Linux IP masquerading to handle PPTP. Similar work was done by John Hardin, and his PPTP masquerading page has far better instructions than mine. Mine works fine, but if you need more help, his site is a good way to go.
There are some limitations. Currently, only one inside machine can have an open virtual circuit to an outside machine X. If another inside machine connects to machine X, the first inside machine will lose its connection because packets will be intermixed. This problem exists because this protocol is not port based. There are a couple things in the PPTP spec that might allow IP masquerading to work more generically. There are callID and peerCallID areas that could act as identifiers for sessions. The only problem is that Windows NT sets both of them to 0, so nothing useful can be done with them currently. I may modify the code to see if an NT server machine just sets peerCallID to the callID that the connecting client specifies. If so, then masquerading would work for any number of inside machines.
To use any of the following patches, you need to select CONFIG_IP_MASQUERADE_GRE.
To use the following patch, you need to select CONFIG_IP_MASQUERADE_PPTP in your kernel config. It can be built as either a module or into the kernel. To load it as a module, run insmod ip_masq_pptp.
John Hardin has also create a PPTP patch for 2.0.x kernels. He has a good set of debugging notes and instructions that are not included here.
Back to Gordon's Home Page.