LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Routing table for a PPTP configuration (http://www.linuxquestions.org/questions/slackware-14/routing-table-for-a-pptp-configuration-628527/)

lordwolf 03-16-2008 09:48 PM

Routing table for a PPTP configuration
 
Hi all,

I have a problem cofiguring VPN connection using pptp. I've installed the pptp package (it's Robby's). I followed the instructions linked from pptp's site (a debian how-to if i'm not mistaken). well, here's my particular setup:

1) I connected to an access point through my wireless connection eth1. it's using wep protocol. i got an ip (10.11.220.122). pretty straightforward.

2) I created pptp configuration in /etc/ppp/ directory as instructed and executed "pppd call my_tunnel". it's successful and i got another ip (130.95.97.196) and a remote ip (192.168.0.44) on ppp0 device.

3) I think here's where my problem is - updating the routing table. I'm not sure which ip pairs I should route. There're a few different suggestions I found on the web but none works. so, basically, i need to know what I should add to the routing table.

4) my checking point is the browser - I mean, if everything goes well, my browser should be able to connect to the proxy server for internet access. so far, no matter what i put in the routing table (based on what i read), the browser can't get to the proxy server. it's not dns because the name got resolved (i tried a ping and i can see the ip for the proxy server).

help! :p

cheers.

ADDED: ooh.. i forgot... i'm on Slack-12, if you need to know.

iiv 03-17-2008 07:19 AM

Code:

/sbin/ip add route default dev ppp0

FraGGod 03-17-2008 09:06 AM

Quote:

Originally Posted by iiv (Post 3091271)
/sbin/ip add route default dev ppp0

I'd also suggest you to make sure there are no other default routes and you still have route to your pptp server, since setting default route may override route to this server (which was 'default route' before that), terminating the connection.

Examples:
1. You got IP 10.11.220.122, route shows "Destination: default, Gateway: 10.11.0.1".
2. You initiated connection to 130.95.97.196, default route remains same.
3.1. You add default route via ppp0 and pptp goes down.
3.2. You add route to 130.95.97.196 via 10.11.0.1, add default route via ppp0. Any connection you trying to initiate goes thru tunnel.
3.3. If you mean HTTP/FTP/SOCKS proxy server: You add route to 130.95.97.196 via 10.11.0.1, then route to your proxy (for example 192.168.0.1) via ppp0. You're connecting to proxy via pptp and directly to any other IP / host, if not through proxy.

lordwolf 03-17-2008 09:20 PM

Quote:

Originally Posted by FraGGod (Post 3091395)
I'd also suggest you to make sure there are no other default routes and you still have route to your pptp server, since setting default route may override route to this server (which was 'default route' before that), terminating the connection.

Examples:
1. You got IP 10.11.220.122, route shows "Destination: default, Gateway: 10.11.0.1".
2. You initiated connection to 130.95.97.196, default route remains same.
3.1. You add default route via ppp0 and pptp goes down.
3.2. You add route to 130.95.97.196 via 10.11.0.1, add default route via ppp0. Any connection you trying to initiate goes thru tunnel.
3.3. If you mean HTTP/FTP/SOCKS proxy server: You add route to 130.95.97.196 via 10.11.0.1, then route to your proxy (for example 192.168.0.1) via ppp0. You're connecting to proxy via pptp and directly to any other IP / host, if not through proxy.

thanks fraggod! you're right, adding the default route to ppp0 simply kills the connection. so, what i did is just item 3.2 (for the tunnel) and 3.3 (for the proxy). i am writing using this connection! :p thanks again.

lordwolf 03-17-2008 10:17 PM

oooh... i've just realized that i haven't really route 'everything' to the tunnel, right? my internet browser (using the proxy) has absolutely no problems now, but i can't do stuffs like wget and ssh. now, how do i add the default route without killing the ppp0 device (pptp)? whenever i do a "route add default dev ppp0", the device hung up on me :(

iiv 03-18-2008 03:12 AM

So, ppp0 is now your default route, you should specify others directly, you may specify subnetworks on 'normal' interface
Code:

/sbin/ip route add 10.0.0.0/32 dev eth1

FraGGod 03-18-2008 11:41 AM

Quote:

Originally Posted by lordwolf (Post 3092103)
thanks fraggod! you're right, adding the default route to ppp0 simply kills the connection. so, what i did is just item 3.2 (for the tunnel) and 3.3 (for the proxy). i am writing using this connection! :p thanks again.

Well, I've meant 3.2 and 3.3 as mutually exlusive options)
If you'll run something like 'route add 130.95.97.196 gw 10.11.0.1 dev eth1' prior to adding default route you should have all the connections with this destination initiated through eth1 with the right gateway. 'default' route will be used if your system won't find any other route to destination, like the one here, so it sholdn't interfere with your pptp connection.


I'm quite confused about proxy you're talking about - why using it if you have gateway (130.95.97.196) to the internet?
I see two general options here:

1. It is (gateway you're connecting to with pptp) connected to the internet and it allows you to connect anywhere you like - you can just add default route through it and connect anywhere with anything. You don't need to specify proxy servers anywhere (browser included), just the default route.

2. It allows you connect to itself, but it won't let you to connect anywhere - just DNS and PROXY server for example - that's why you've been given address of a proxy server, which is necessary to get into the internet. In this case you have all the limitations (and some advantages, like cache) of a proxy (try reading wiki if you don't know what proxy is) and you'll have to specify that proxy server in any software that supports it, most simple unix utils (like wget) automatically check HTTP_PROXY environment variable for proxy IP / hostname.

lordwolf 03-19-2008 12:53 AM

Quote:

Originally Posted by iiv (Post 3092313)
So, ppp0 is now your default route, you should specify others directly, you may specify subnetworks on 'normal' interface
Code:

/sbin/ip route add 10.0.0.0/32 dev eth1

hi iiv... before i forgot, thanks for the suggestions. just to clarify, is the command you gave above the same as running "route add 10.0.0.0/32 dev eth1"? sorry if it's a silly question, i've only known the existence of 'route' last week... let alone /sbin/ip :p anyways, i already have an entry "10.11.0.0 * 255.255.0.0 U 0 0 0 eth1" in the routing table. is this more or less the same route? should i still put that in?

Quote:

Originally Posted by FraGGod (Post 3092797)
Well, I've meant 3.2 and 3.3 as mutually exlusive options)
If you'll run something like 'route add 130.95.97.196 gw 10.11.0.1 dev eth1' prior to adding default route you should have all the connections with this destination initiated through eth1 with the right gateway. 'default' route will be used if your system won't find any other route to destination, like the one here, so it sholdn't interfere with your pptp connection.

I'm quite confused about proxy you're talking about - why using it if you have gateway (130.95.97.196) to the internet?
I see two general options here:

1. It is (gateway you're connecting to with pptp) connected to the internet and it allows you to connect anywhere you like - you can just add default route through it and connect anywhere with anything. You don't need to specify proxy servers anywhere (browser included), just the default route.

2. It allows you connect to itself, but it won't let you to connect anywhere - just DNS and PROXY server for example - that's why you've been given address of a proxy server, which is necessary to get into the internet. In this case you have all the limitations (and some advantages, like cache) of a proxy (try reading wiki if you don't know what proxy is) and you'll have to specify that proxy server in any software that supports it, most simple unix utils (like wget) automatically check HTTP_PROXY environment variable for proxy IP / hostname.

fraggod, i have to go through the proxy for all internet access (i'm on the uni's network). yeah... i think my case falls into the second category. is there a way for me to route all connections to the proxy server? i'm only beginning to understand the routing table... so, i don't have an idea if that is even possible. i'm reading a few materials on it at the moment.

in any case, i can at least still download through the web links... that's not too bad. thanks for the help guys!

FraGGod 03-19-2008 07:25 AM

Quote:

Originally Posted by lordwolf (Post 3093461)
fraggod, i have to go through the proxy for all internet access (i'm on the uni's network). yeah... i think my case falls into the second category. is there a way for me to route all connections to the proxy server? i'm only beginning to understand the routing table... so, i don't have an idea if that is even possible. i'm reading a few materials on it at the moment.

in any case, i can at least still download through the web links... that's not too bad. thanks for the help guys!

Proxy servers actually have nothing to do with routing - they are implemented on top of TCP/IP, so physically you connect to proxy via TCP/IP every time you request something, not any further.
Direct answer to your question depends on your proxy type (HTTP / SOCKS proxy), but since you aren't specifying that you have several ports for your proxy and you already using HTTP proxy on the port you have, the answer is, most likely, "no, you cannot".

Most HTTP proxies can be used with other (HTTP-like) protocols like FTP and RSYNC, so most software which can communicate via this protocols can use it, software which uses its own binary protocols cannot.
I have Squid proxy server on my second computer (which has internet connection) and use it with all the browsers, ICQ, Rsync, CVS / SVN / GIT (all three mostly have repositories configured with WebDAV, which is pure HTTP), ftp clients / download managers like wget or curl, and probably something else I can't remember)
What you can't use through proxy are p2p software like bittorrent, amule, mldonkey or limeware - they have their own file-sharing protocols (bittorrent, ed2k, gnutella, etc), and any games since they have very low-latency bandwidth-consuming protocols, in no way http-compatible, and would be hardly playable through slow proxy connection anyway.

In rare cases there are SOCKS proxies which (with the help of special tunneling software) act like pptp tunnel and can be used for everything, but quite resource-consuming and harder to use. Some software, like firefox or SIM IM, have support for it, so you can try connecting to the same proxy/port with socks protocol, I've never seen HTTP/SOCKS proxies on the same port however.


All times are GMT -5. The time now is 03:09 AM.