LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VPN routing (https://www.linuxquestions.org/questions/linux-networking-3/vpn-routing-4175576535/)

mrnuts13 04-03-2016 04:39 AM
VPN routing
 
Hello everyone! I have got some struggles with PPTP connection to the VPN-server of my company. Please help me to resolve them
First of all I need to say that connection to the same VPN-server using Windows on the same laptop works properly. So, i guess there is some routing issues that I cannot understand.

Please let me explain the connection process:
1. supo pon connection_name
2. later on I can see in the logs that connection to the server is successful
Code:
Mar 28 16:22:02 laptop_name pppd[3427]: EAP authentication succeeded
Mar 28 16:22:02 laptop_name kernel: [ 633.276105] PPP MPPE Compression module registered
Mar 28 16:22:02 laptop_name pppd[3427]: MPPE 128-bit stateless compression enabled
Mar 28 16:22:04 laptop_name pppd[3427]: local IP address 172.17.19.53
Mar 28 16:22:04 laptop_name pppd[3427]: remote IP address 172.17.19.19
3. add some routing

Code:
route add -net 172.17.0.0/16 dev ppp0
route add -net 172.16.0.0/16 dev ppp0
or
Code:
route add -net 172.17.0.0 netmask 255.255.0.0 gw 172.17.19.19 dev ppp0
 route add -net 172.16.0.0 netmask 255.240.0.0 gw 172.17.19.19 dev ppp0
I tried both ways, but with no success. I still cannot access local resourses provided by VPN network

In addition please take a look on the screenshot of Windows routing where everything work properly (link here http://i73.fastpic.ru/big/2016/0403/...b5963146de.png )

Thank you in advance!

ferrari 04-03-2016 05:13 AM
Are you able to ping the VPN gateway successfully? Can you just show us your complete routing table for a better picture?
Code:
ip route

mrnuts13 04-03-2016 05:39 AM
Quote:
Originally Posted by ferrari (Post 5525456)
Are you able to ping the VPN gateway successfully? Can you just show us your complete routing table for a better picture?
Code:
ip route

Code:
ping 172.17.19.19
PING 172.17.19.19 (172.17.19.19) 56(84) bytes of data.
64 bytes from 172.17.19.19: icmp_seq=1 ttl=128 time=11.7 ms
64 bytes from 172.17.19.19: icmp_seq=2 ttl=128 time=10.4 ms
64 bytes from 172.17.19.19: icmp_seq=3 ttl=128 time=12.4 ms
64 bytes from 172.17.19.19: icmp_seq=4 ttl=128 time=11.1 ms
64 bytes from 172.17.19.19: icmp_seq=5 ttl=128 time=10.3 ms
64 bytes from 172.17.19.19: icmp_seq=6 ttl=128 time=11.4 ms
^C
--- 172.17.19.19 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5007ms

Code:
ip route
default via 192.168.1.1 dev wlan0  proto static
80.249.186.139 via 192.168.1.1 dev wlan0  src 192.168.1.112
172.16.0.0/12 via 172.17.19.19 dev ppp0
172.17.0.0/16 via 172.17.19.19 dev ppp0
172.17.19.19 dev ppp0  proto kernel  scope link  src 172.17.19.20
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.112  metric 9

ferrari 04-03-2016 06:35 AM
Well, that looks ok to me, assuming 172.16.0.0/12 172.17.0.0/16 are where the resources can be reached. Are you trying to reach these resources by IP address or by DNS name?

mrnuts13 04-03-2016 06:45 AM
Quote:
Originally Posted by ferrari (Post 5525476)
Well, that looks ok to me, assuming 172.16.0.0/12 172.17.0.0/16 are where the resources can be reached. Are you trying to reach these resources by IP address or by DNS name?
Yes, you are correct, I tried to use DNS name instead of ip-addresses, and to be completely honest I don't know the particular ip-addresses of the needed resources. Maybe some DNS setting I miss?

ferrari 04-03-2016 07:16 AM
You may need to add a suitable company name server in /etc/resolv.conf

For example, in my case, the name server machine is the same as the VPN gateway. Yours may or may not be.

mrnuts13 04-03-2016 08:15 AM
Quote:
Originally Posted by ferrari (Post 5525493)
You may need to add a suitable company name server in /etc/resolv.conf

For example, in my case, the name server machine is the same as the VPN gateway. Yours may or may not be.
Please clarify: are you talking about 172.17.19.19 address?

wpeckham 04-03-2016 08:41 AM
almost there ...
 
To make it clear: VPN and routing are just fine. What you have is a DNS/nameserver issue.

If you can find out the IP address of the nameserver for that remote network, you can add that to your /etc/resolv.conf (or set your VPN to use it automagicly: works in some versions) and then you can address servers by name.

Without that working, you will have to address the remote resources by IP address. (IPv4 only, I would assume by the detail provided)

mrnuts13 04-03-2016 08:46 AM
Quote:
Originally Posted by wpeckham (Post 5525526)
To make it clear: VPN and routing are just fine. What you have is a DNS/nameserver issue.

If you can find out the IP address of the nameserver for that remote network, you can add that to your /etc/resolv.conf (or set your VPN to use it automagicly: works in some versions) and then you can address servers by name.

Without that working, you will have to address the remote resources by IP address. (IPv4 only, I would assume by the detail provided)
Thank you for the reply. What I did recently:

1. sudo gedit /etc/resolvconf/resolv.conf.d/head
2. added
Code:
search domain_name
  nameserver 172.17.19.19
3. sudo service network-manager restart

Re-connected to the VPN, added routings and still no luck...Please advice

ferrari 04-03-2016 02:33 PM
You can't guess at these things. The VPN DHCP server would normally pass these details automatically. You appear to be configuring and connecting manually. You need to be careful when manually assigning a name server, since when you disconnect the VPN, your ISP name server(s) need to be present again for name resolution to work. Network Manager for exmaple won't touch a manually edited /etc/resolv/conf file.

Anyway, I would suggest that you use 'ipconfig /all' (shell command) via your Windows install to obtain the DNS server information when connected by VPN.

mrnuts13 04-04-2016 01:16 AM
Quote:
Originally Posted by ferrari (Post 5525674)
You can't guess at these things. The VPN DHCP server would normally pass these details automatically. You appear to be configuring and connecting manually. You need to be careful when manually assigning a name server, since when you disconnect the VPN, your ISP name server(s) need to be present again for name resolution to work. Network Manager for exmaple won't touch a manually edited /etc/resolv/conf file.

Anyway, I would suggest that you use 'ipconfig /all' (shell command) via your Windows install to obtain the DNS server information when connected by VPN.
Thank you so much for answering. Please take a look on the screenshot and please accept my apologies for it is on Russian language. I underlined where DNS info is:

http://i76.fastpic.ru/big/2016/0404/...5590ccec3f.png

Also, be advised that I edited head file, because /etc/resolv.conf is created automatically and network manager reboot take an effect on it. I'd like to ask you to tell me how I should add these DNS-servers: with domain or search option

Thank you in advance!

ferrari 04-04-2016 01:49 AM
Ok, your DNS servers are listed as:
172.22.0.10
172.17.17.10
172.16.0.100

I'm using Network Manager as well, and my DNS servers are configured automatically for my company VPN, but you can specify other DNS servers in your VPN connection definition. Refer to the IPv4 settings tab. However, I'm surprised this is not happening automatically, along with a default route for ppp0.

mrnuts13 04-04-2016 01:55 AM
Quote:
Originally Posted by ferrari (Post 5525874)
Ok, your DNS servers are listed as:
172.22.0.10
172.17.17.10
172.16.0.100

I'm using Network Manager as well, and my DNS servers are configured automatically for my company VPN, but you can specify other DNS servers in your VPN connection definition. Refer to the IPv4 settings tab. However, I'm surprised this is not happening automatically, along with a default route for ppp0.
Thank you for the reply. Let me shed a light on it: I'm using patched PPPT service, because of some specific settings of VPN of our company and it's different from network manager PPPT service, that's why I can only manually configure dns and etc.

ferrari 04-04-2016 02:41 AM
Quote:
Thank you for the reply. Let me shed a light on it: I'm using patched PPPT service, because of some specific settings of VPN of our company and it's different from network manager PPPT service, that's why I can only manually configure dns and etc.
Ok, got it. So, let us know when you have the configuration working as you expected. :)

ferrari 04-04-2016 04:24 AM
Quote:
I'd like to ask you to tell me how I should add these DNS-servers: with domain or search option
I misunderstood your question when I first read it. DNS server appear as 'nameserver' entries in /etc/resolv.conf, so you could use
Code:
nameserver 172.22.0.10
nameserver 172.17.17.10
nameserver 172.16.0.100


All times are GMT -5. The time now is 04:50 AM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page