LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 10-07-2004, 01:52 AM   #1
loopy69
LQ Newbie
 
Registered: Apr 2004
Distribution: Fedora Core 5
Posts: 23

Rep: Reputation: 15
Routing issue with VPN Client into PPP/Poptop


Hello All,

I do not understand how to configure the routing for my VPN client through my VPN server. I am running Poptop on Suse 9.1 Professional and have configured it to allow connections through the mppe module. I can make connections sucessfully and the client recieves it's ip address.

What I can't do is configure the routing to allow the remote VPN client to be on the network. I need the client to access a alternate samba server in addition to the VPN machine. I have disabled the firewall for the moment but need to work in the routing rules with a secure firewall configuration.

I would like to use IP Tables but are new to them and don't understand what rules I would need. My remote client is given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur.

Can someone point me in the right direction as to what I need to do to allow the client to get on the network. I can't ping from either direction and get protocol rejected messages when pinging from the VPN server back to the ppp connection. I have attached dumps of some logs and configuration settings.

Thanks in advance for any help,
Regards,
Brett Carruthers

*** options.pptpd file
name *
lock
mtu 1450
mru 1450
proxyarp
ms-wins 192.168.0.8
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
default-asyncmap
# debug

# Handshake Auth Method
+chap
+mschap-v2

# Data Encryption Methods
mppe required


*** ifconfig whilst client connected
eth0 Link encap:Ethernet HWaddr 00:C0:9F:3D:20:03
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe3d:2003/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1211603 errors:0 dropped:0 overruns:0 frame:0
TX packets:1364323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:162763963 (155.2 Mb) TX bytes:163546618 (155.9 Mb)
Base address:0xece0 Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2222 errors:0 dropped:0 overruns:0 frame:0
TX packets:2222 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:176258 (172.1 Kb) TX bytes:176258 (172.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.11 P-t-P:192.168.0.230 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:89 errors:51 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7717 (7.5 Kb) TX bytes:334 (334.0 b)


*** Successful connection from /var/log/messages
Oct 6 11:00:56 webserv pptpd[20627]: MGR: Launching /usr/sbin/pptpctrl to handle client
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: local address = 192.168.0.11
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: remote address = 192.168.0.230
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd speed = 115200
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd options file = /etc/ppp/options.pptpd
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Client 210.9.55.194 control connection started
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 1)
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Made a START CTRL CONN RPLY packet
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: I wrote 156 bytes to the client.
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 7)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Made a OUT CALL RPLY packet
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Starting call (launching pppd, opening GRE)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: pty_fd = 5
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: tty_fd = 6
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): Connection speed = 115200
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): local address = 192.168.0.11
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): remote address = 192.168.0.230
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: I wrote 32 bytes to the client.
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pppd[20628]: pppd 2.4.2 started by root, uid 0
Oct 6 11:00:57 webserv pppd[20628]: Using interface ppp0
Oct 6 11:00:57 webserv pppd[20628]: Connect: ppp0 <--> /dev/pts/2
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:01:00 webserv pppd[20628]: MPPC/MPPE 128-bit stateful compression enabled
Oct 6 11:01:02 webserv pppd[20628]: found interface eth0 for proxy arp
Oct 6 11:01:02 webserv pppd[20628]: local IP address 192.168.0.11
Oct 6 11:01:02 webserv pppd[20628]: remote IP address 192.168.0.230

*** Routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.230 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

*** protocol rejects when trying to ping client from server
Oct 6 11:10:15 webserv pppd[20628]: Protocol-Reject for unsupported protocol 0x9000
 
Old 10-07-2004, 08:48 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
i think there is trouble with your network structure. your eth0 and ppp devices are in same network segment. u can move VPN ip to another segment. like 192.168.1.230. and u can turn on routing (if u didnt do that), also do SNAT for VPN client.
Code:
echo "1">/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.1.230 -j SNAT --to 192.168.0.x(linux local ip)
Quote:
My remote client is given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur.
and there maybe another problem with GRE protocol. im not sure
http://www.linuxquestions.org/questi...ghlight=poptop

altenatives: onather VPN server such as IP_SEC based VPN server instead of poptop. http://www.freeswan.org/
or u can buy a new ADSL modem which includes VPN server


good luck

Last edited by maxut; 10-07-2004 at 08:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange client IP change on a VPN connection(pptp - poptop).txt 4mix Linux - Networking 1 09-16-2005 10:45 AM
Radius and PPP +POPTOP VPN Server omid1979 Linux - Networking 0 01-30-2005 06:57 AM
PoPToP VPN with Shorewall: can only reach PoPToP server pgwillemsen Linux - Networking 0 12-27-2004 07:11 AM
Winxp Client Connet To Vpn (poptop) Not Working Probably ronaldlee Linux - Networking 13 08-31-2004 03:11 AM
ppp, and or vpn routing solution scheidel21 Linux - Networking 5 01-31-2004 11:10 AM


All times are GMT -5. The time now is 09:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration