routing and VPN

cboyd · 11-22-2004, 12:06 AM

I am using PPTP to connect to my office Win2K VPN server. I've successfully set up PPTP 1.4.0 and PPP 2.4.2 and have compiled MPPE into the kernel. The connection is working fine, but now I am having some routing problems. Let me explain my network setup:

Cable modem connected to Linux box which is running iptables for a firewall and also handing masquerading for all other boxes behind the firewall box.

The box that I'm running PPTP on to make the VPN connection is behind the firewalled box. The network the VPN server puts me on is 66.119.14.0. Here is what my routing table looks like after the connection:

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
66.119.14.61    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

Here is what ifconfig shows for the ppp0 device:

Code:

ppp0      Link encap:Point-to-Point Protocol
          inet addr:66.119.14.62  P-t-P:66.119.14.61  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:144 (144.0 b)  TX bytes:80 (80.0 b)

I want all traffic destined for the 66.119.14.0 network to go through the VPN connection. As it is, a traceroute to an IP on the 66.119.14.0 network goes out through the default route using the 192.168.0.1 gateway on the eth0 device. This is not what I want, so after the connection is made, I add this to the routing table:

route add -net 66.119.14.0 netmask 255.255.255.0 gw 66.119.14.61 dev ppp0

After adding this to the routing table, I can no longer reach the 66.119.14.0 network. I'm not a network guru, so I am a bit lost at this point. Can someone please help me with this? The box that is trying to make the connection to the VPN server is Slackware 10.0 running kernel version 2.4.26. Thanks in advance.

scheidel21 · 11-22-2004, 01:24 AM

I am not sure if this will solve your problem but I had a similar problem with my PPTP VPN, problem was I couldn't access any of my LAN computer they used private IP's what solved my problem was to disable the proxyarp option in the PPTP configuation. after that I could access the LAN computers. You will still need to setup the routing through the PPTP tunnel like you did so that requests don't go through the default gateway, but I hope this works for you. Let us know.

Alex

cboyd · 11-22-2004, 02:16 AM

No dice. Any other ideas? I'm completely stuck!!

ugge · 11-22-2004, 10:50 AM

You are on the right track. The route command you gave are the right one, as you would like all traffic for the net to go through that interface.

The problem with you not reaching the 66.119.14.0 network is only a proof that this route command works.
Now we know that the problem most likely lies in the setup of your VPN connection.
As I have no personal knowledge of setting up a VPN connection I'm afraid I can't guide you any further.

Please keep us posted about your progress.

gd2shoe · 11-23-2004, 12:18 AM

What route is taken to 66.119.14.61 specifically (before adding the 66.119.14.0 rule)? Can you connect to 66.119.14.61 after the rule is added (it doesn't sound like it, but I'll ask anyway)? Can you VPN in from another machine (Windows machine for example) (Windows uses the tracert command by the way)?

Good luck.

cboyd · 11-23-2004, 02:18 AM

OK, I'm getting closer now. If I add the specific IP address I am trying to reach to the routing table, it works. So, what does that mean? For example:

Code:

route add -net 66.119.14.67 netmask 255.255.255.255 gw 66.119.14.61 dev ppp0.

Code:

traceroute 66.119.14.67
traceroute to 66.119.14.67 (66.119.14.67), 30 hops max, 38 byte packets
 1  66.119.14.61 (66.119.14.61)  35.292 ms  35.627 ms  37.827 ms
 2  66.119.14.67 (66.119.14.67)  37.990 ms  35.070 ms  41.509 ms

Why doesn't it work when I add the entire 66.119.14.0 network??

cboyd · 12-01-2004, 01:12 AM

Anyone have any more input on this topic? I seem to be stuck. Any help would be appreciated.

gd2shoe · 12-01-2004, 02:02 AM

See previous post.