LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-12-2006, 02:06 PM   #1
otisthegbs
Member
 
Registered: May 2003
Location: Vancouver
Distribution: RH9
Posts: 100

Rep: Reputation: 15
PPTP Reverse(synchronous) Tunnel


Hello All!!

We're trying to open up a branch office and thus want to extend our local intranet. We're going to do this by getting a Fedora Core 5 router to connect to a WSBS VPN server.

I have Windows Small Business Server 2003 (i know i know) that's currently acting as a VPN / DNS / Primary Domain Controller / and DHCP server. It's IP is 192.168.1.2 and thus on the 192.168.1.0 subnet, its name is pdc-01. There is also a Fedora Core 5 router with an IP of 192.168.1.1

I have a Fedora Core 5 Server running at a remote location that has a PPTP client running on it. This remote network is on the subnet 192.168.2.0 and the router has the ip 192.168.2.1 its name is pdc-02

When pdc-02 activates it's PPTP client and connects to pdc-01 it routes all traffic destined for 192.168.1.0 through the VPN tunnel. Remotely everything works flawlessley, I even got samba working as a WINS proxy to pdc-01, but within the primary office network I cant connect to 192.168.2.1 or anything on that subnet. I can ping and connect to the remote IP for the PPTP client, which is 192.168.1.13.

Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for 192.168.2.0 to 192.168.1.13. At which point the request would sent to pdc-02, the problem is pdc-02 doesnt route or respond to those requests properly and I dont understand why.


Here are my VPN related IPTABLES rules on pdc-02

iptables --insert OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination
192.168.1.0/24 --jump ACCEPT --out-interface 'ppp0'
iptables --insert INPUT 1 --source 192.168.1.0/24 --destination
0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface 'ppp0'
iptables --insert FORWARD 1 --source 0.0.0.0/0.0.0.0 --destination
192.168.1.0/24 --jump ACCEPT --out-interface 'ppp0'
iptables --insert FORWARD 1 --source 192.168.1.0/24 --destination
0.0.0.0/0.0.0.0 --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface 'ppp0' --jump
MASQUERADE
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump
TCPMSS --clamp-mss-to-pmtu
 
Old 09-13-2006, 12:31 PM   #2
indeterminate
Member
 
Registered: Oct 2003
Location: Virginia, US
Distribution: Debian, Ubuntu, Knoppix.
Posts: 76

Rep: Reputation: 17
Quote:
Originally Posted by otisthegbs
Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for 192.168.2.0 to 192.168.1.13.
I'm curious... do you mean you're routing traffic with iptables? It seems like the easiest way would be to just add a line to the routing tables on 192.168.1.1

For instance, ip route add 192.168.2.0/24 via 192.168.1.13 executed on 192.168.1.1 should result in something like:
Code:
#ip route show
192.168.1.0/24 dev eth0  scope link 
152.8.200.4/24 dev wan0  scope link  (made-up wan ip - ignore)
127.0.0.0/8 dev lo  scope link 
default via 152.8.200.1 dev eth0  (made-up wan router - ignore)
192.168.2.0/24 via 192.168.1.13
oh... also, IP Forwarding needs to be enabled on pdc-02. You can enable it with sysctl -w net.ipv4.ip_forward=1

If you're still having problems after that, it might be something else, but your iptables rules look fine to me. Also, if any of those commands work, they're just temporary (until you reboot). You can always put them in an rc script, though.
 
Old 09-13-2006, 07:07 PM   #3
otisthegbs
Member
 
Registered: May 2003
Location: Vancouver
Distribution: RH9
Posts: 100

Original Poster
Rep: Reputation: 15
Ya totally, in post above it states in the third paragraph that I've already done this. Now the router at 192.168.1.1 send all traffic destined for 192.168.2.0/24 to 192.168.1.13 but when the traffic gets to 192.168.1.13 the second router doesnt send it to 192.168.2.0/24 which is the second router's eth1.

and thats the prob: when the traffic gets to 192.168.1.13 (which is a router) the router doesnt send it to 192.168.2.0/24


OH HEY, i just thought of something, what if i made a 'one-way' bridge using brctl. you think that would work? any one know?

the bridge would be between ppp0 and eth1

also to note as well when im logged into 192.168.1.1 and try to ping 192.168.2.1 i get this response

From 192.168.1.2: icmp_seq=0 Redirect Host(New nexthop: 192.168.1.13) so this tells me that 192.168.1.2 knows to send 192.168.2.0/24 traffic 192.168.1.13, thus 1.13 is the problem is it not?

Last edited by otisthegbs; 09-13-2006 at 07:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH reverse tunnel (lo only? why not eth0) Dinomight Linux - Networking 3 08-17-2006 09:44 PM
i installed pptp but cant connect/establish the tunnel... jamiguel77 Linux - Networking 0 04-24-2006 05:17 AM
pptp tunnel at boot gbj Linux - Networking 0 07-21-2003 01:30 PM
pptp-command tunnel configuration opogon1 Linux - Networking 1 12-26-2002 07:42 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 01:24 PM


All times are GMT -5. The time now is 08:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration