LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-27-2004, 05:41 AM   #1
tingdahl
LQ Newbie
 
Registered: Aug 2004
Distribution: Fedora & Debian
Posts: 2

Rep: Reputation: 0
IP forwarding not working on ppp-over-ssh vpn


Hello,

I have a vpn (ppp-over-ssh) between our main office (192.168.0.0, nm 255.255.255.0) and a smaller one (192.168.2.0, nm 255.255.255.0). The vpn works perfect for the machine (192.168.2.10) that it is connected on, but I want the other machines (e.g.192.168.2.12) in the small office to have access to the main office's net.

The vpn-client-machine has the following ifconfig & routing table:
Code:
eth0      Link encap:Ethernet  HWaddr 00:50:04:ED:9E:FD
          inet addr:192.168.2.10  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::250:4ff:feed:9efd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4416126 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4759050 errors:0 dropped:0 overruns:0 carrier:0
          collisions:525560 txqueuelen:100
          RX bytes:2877777834 (2744.4 Mb)  TX bytes:3338851074 (3184.1 Mb)
          Interrupt:5 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:17448 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17448 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:59857493 (57.0 Mb)  TX bytes:59857493 (57.0 Mb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.207.254  P-t-P:192.168.207.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:27270 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30003 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:2317953 (2.2 Mb)  TX bytes:2552105 (2.4 Mb)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.207.1   *               255.255.255.255 UH    0      0        0 ppp0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     192.168.207.254 255.255.255.0   UG    0      0        0 ppp0
default         192.168.2.2     0.0.0.0         UG    0      0        0 eth0
And ipforwarding is turned on:
# cat /proc/sys/net/ipv4/ip_forward
1

The other machines at the small office are configured to route everything going to the main offiice via the vpn-client machine:
Code:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     192.168.2.10    255.255.0.0     UG    0      0        0 eth0
default         192.168.2.2     0.0.0.0         UG    0      0        0 eth0
When I do a trace-route, it goes to the vpn-machine, but not any further:

# traceroute 192.168.0.32
traceroute to 192.168.0.32 (192.168.0.32), 30 hops max, 40 byte packets
1 dgb10.dgbsweden (192.168.2.10) 0.595 ms 0.433 ms 0.484 ms
2 * * *
...
30 * * *
#

When I do the same from the vpn-machine, it works:

#traceroute to 192.168.0.32 (192.168.0.32), 30 hops max, 40 byte packets
1 192.168.207.1 52.422 ms 107.896 ms 104.974 ms
2 dgb32.dgb (192.168.0.32) 102.001 ms 99.144 ms 96.193 ms

I have no firewalls on the machines.

Does anyone have a clue what could be wrong?
 
Old 08-27-2004, 07:34 AM   #2
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
I think the route on the vpn machine to the remote 192.168.0.0/24 network should point to the remote end of the ppp link, i.e. the correct gateway should be 192.168.207.1 (supposed that 192.168.207.1 is the IP of the remote end of the ppp link).

Edit:
An other reason may be that the route to the local 192.168.2.0/24 network is missing at the remote end of the vpn link. (Thus your requests reach machines on the remote (192.168.0.0/24) network, but the replies are not routed back). Have you checked the routing table of the remote vpn machine?

Last edited by J_Szucs; 08-27-2004 at 07:57 AM.
 
Old 08-27-2004, 10:47 AM   #3
arno
Member
 
Registered: Jul 2004
Location: Netherlands
Distribution: fedora core 8, suse 10.3, ubuntu 7.10, kamikaze 7.09
Posts: 515

Rep: Reputation: 30
You subnet
192.168.0.0 192.168.2.10 255.255.0.0
should be
192.168.0.0 192.168.2.10 255.255.255.0
 
Old 08-27-2004, 06:31 PM   #4
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Quote:
You subnet 192.168.0.0 192.168.2.10 255.255.0.0
should be 192.168.0.0 192.168.2.10 255.255.255.0
You are right, that is an error for sure.

However, I think there must be some other error, too, as the routing towards the remote 192.168.0.0/24 network is accidentally not affected by that netmask error: all packages sent from a local client to the remote, 192.168.0.0/24 network are still routed to the correct gateway (192.168.2.10), and all packages coming from the remote network are routed on the local gateway, where the routing table is free of this error, so those packages are correctly routed to the local clients, too.
So, I think this error cannot be the only reason why traceroute does not work.

However, I must admit that I am not a network guru, so I may be wrong.

Last edited by J_Szucs; 08-27-2004 at 06:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH not working after VPN Install nutcake Linux - Networking 5 11-24-2005 12:18 PM
Iptables FORWARDing VPN fonzie Linux - Networking 2 02-06-2004 12:46 PM
ppp, and or vpn routing solution scheidel21 Linux - Networking 5 01-31-2004 11:10 AM
ssh X forwarding has stopped working. microtim Linux - Networking 2 09-20-2003 05:02 AM
iptables forwarding from ppp connection onto LAN CoolScan3 Linux - Networking 0 08-23-2002 05:40 PM


All times are GMT -5. The time now is 05:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration