Community discussions

MUM Europe 2020
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

PPTP with proxy logging

Fri Dec 30, 2005 7:52 am

I have setup pptp connections for hotspot users to use for more security. When they establish the pptp session with the router, I am no longer receiving "web proxy info" message on that user.

I thought that since the user was logged into hotspot and then created pptp on top of hotspot login, that traffic between user and AP would be secured and then the router would pass the traffic along afterward as if they were a nromal hotspot user.

I guess I was wrong. It seems that once the pptp tunnel is created, the router treats the connection no longer as a hotspot user and therefore does not pass the traffic through web proxy. Do you think this is true?

If so, can anyone give me some ideas to try that may allow me to log at the router once the traffic comes out of the pptp tunnel? or alternatively make sure the traffic still passes through the web proxy so that it gets logged?
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Dec 30, 2005 2:49 pm

it's always possible to use RADIUS authentication/accounting on ppp-type connections.

just try "radius" search on the forum...
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

Fri Dec 30, 2005 5:18 pm

I am not sure you understand what logging I an talking about. Radius accounting will give me uptime and packets transfered. I do not think it can give me web-proxy logs.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Dec 30, 2005 6:15 pm

yes, sorry. completely misunderstood.
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

Sat Dec 31, 2005 12:19 am

I suppose once the tunnel is terminated by the router and it then routes the traffic toward its destination, there should be some way to have the http traffic passed through the web-proxy service first, the same way the hotspot transparent proxy works.

Maybe I would need to set a firewall rule to send the traffic to the hotspot proxy? Can someone provide me some guidance on how I might accomplish this? I guess I would be sending all traffic from port 80 to port 8080 where the proxy resides?? Someone who has any ideas, please advise.
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

Sun Jan 01, 2006 8:02 am

Just posting what I determined through another post.

0 I chain=dstnat in-interface=pptp-in1 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.100.3.1 to-ports=8080
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

Wed Jan 04, 2006 9:39 am

Just a little more info. To have all pptp sessions with different interface names I use.

0 I chain=dstnat in-interface=!wlan1 protocol=tcp dst-port=80 action=dst-nat to-addresses=x.x.x.x (ip of proxy) to-ports=8080
 
smilga
just joined
Posts: 17
Joined: Wed Jun 02, 2004 3:10 pm

Wed Jan 04, 2006 2:46 pm

Please send support output file from router to support@mikrotik.com to see your whole configuration.
 
User avatar
hecklertm
Member Candidate
Member Candidate
Topic Author
Posts: 165
Joined: Fri Jun 24, 2005 5:12 am
Location: US

Wed Jan 04, 2006 3:42 pm

My 2 posts from above explain that I figured out this particular issue. Thanks

Who is online

Users browsing this forum: CZFan, GiedriusK, McSee, MSN [Bot] and 111 guests