LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 07-03-2013, 12:21 PM   #1
ljzxtww
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Rep: Reputation: Disabled
mutiple ip for vpn(PPTP or other protocols)


Hi everyone:

i have a problem with setup multiple ip for pptp, right now i am using vps with two ip, one ip is main ip and other one is additional ip.

I want to my second ip forward to main ip working in same machine, you guy know how to set it up.

i try alias ip and set firewall not working for me

thank you guy lots

ljzxtww
 
Old 07-04-2013, 09:00 AM   #2
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
I have not set up a pptp server yet, but in most cases you configure a server, you can make it to listen to all avalible ip addresses in the server. the difference between main ip address and the otheres is in default route, the one it is in default route network range or is in pointopoint with default route neighbor can handle public requests. so if you can make the pptp server listen to both ip addresses and make an ip route table with default route to second ip address, you can make this work
 
Old 07-04-2013, 10:58 AM   #3
ljzxtww
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pendrive View Post
I have not set up a pptp server yet, but in most cases you configure a server, you can make it to listen to all avalible ip addresses in the server. the difference between main ip address and the otheres is in default route, the one it is in default route network range or is in pointopoint with default route neighbor can handle public requests. so if you can make the pptp server listen to both ip addresses and make an ip route table with default route to second ip address, you can make this work
Hi pendrive:

thank you give me the good tutor.

I have set up a VPN on a VPS Server using PPTP. I have one NIC with one aliases.

eth0
eth0:0

with two example external ip:

24.24.212.175 main ip
24.24.212.176 aliases ip

my localip 10.0.0.1 and remoteip 10.0.0.10-100


The 2 interfaces have public addresses.

the both ip are USA IP and at same machine

the main ip(24.24.212.175) is working fine with me
but one problems is when I connect my second ip, it automatic forward to main ip((24.24.212.175)
so what should i do to forward the second ip to using only , i dont want to forward the second ip to main ip.


I have tried configuring IP forwarding and IPtables, but the users traffic is always routed to eth0.

Note: I dont need add a dedicated ip for each other user. i just want to add a dedicated ip to share each other user.

thanks



ljzxtww

Last edited by ljzxtww; 07-04-2013 at 01:12 PM.
 
Old 07-05-2013, 07:12 AM   #4
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
Sorry it took so long to write you back,
your welcome ljzxtww.
Well, in my point of view, things should work well and I don't see any thing wrong. both the eth0 and eth0:0 have their ip address and layer 2 link.
have you double checked that the pptp server is listening to the second address too?
because I think there is possibility that in some situations the packets leads to second ip addresses, have been in effect of proxy arp and end up with the first ip address.
maybe after you connect to the second ip address, it leads to the pptp server, but it writes back the data over the first ip address and it seems to a forwarding with you. which pptp server are you using?
 
Old 07-05-2013, 10:42 AM   #5
ljzxtww
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
is ok my friend. thank you reply and help me

Quote:
Originally Posted by pendrive View Post
have you double checked that the pptp server is listening to the second address too?
How can I check the pptp server listing

Quote:
Originally Posted by pendrive View Post
first ip address and it seems to a forwarding with you. which pptp server are you using?
what do you mean pptp server i am using, you mean vps provider.

Last edited by ljzxtww; 07-05-2013 at 11:38 AM.
 
Old 07-06-2013, 06:44 AM   #6
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
well, if the vps word you used stands for "virtual private server", then I assumed you've owned a linux vps server and you've installed a pptp server on it to serve vpn connections. and my "pptp server" is refreing to the pptp server you've installed on your linux box. if I'm getting wrong about your situation, then you should clear me first.
What I know is that a pptp tunneling is a point to point tunneling which capsulates ppp packets and uses a tcp session for controlling that over 1723 port number. you can check that with
#netstat -natup
and see if there is this entry in the output:
0.0.0.0:1723
 
Old 07-06-2013, 11:56 AM   #7
ljzxtww
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pendrive View Post
well, if the vps word you used stands for "virtual private server", then I assumed you've owned a linux vps server and you've installed a pptp server on it to serve vpn connections. and my "pptp server" is refreing to the pptp server you've installed on your linux box. if I'm getting wrong about your situation, then you should clear me first.
What I know is that a pptp tunneling is a point to point tunneling which capsulates ppp packets and uses a tcp session for controlling that over 1723 port number. you can check that with
#netstat -natup
and see if there is this entry in the output:
0.0.0.0:1723

this is when I connect to my second ip(alias ip):

[root@vpn ~]# netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 815/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 893/master
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7580/pptpd
tcp 0 0 67.207.208.106:22 25.24.212.175:52058 ESTABLISHED 7461/sshd
tcp 0 0 67.207.208.106:22 25.24.212.175:52172 ESTABLISHED 7558/sshd
tcp 0 48 67.207.208.106:22 25.24.212.175:51881 ESTABLISHED 7409/sshd
tcp 0 0 67.207.208.91:1723 25.24.212.175:52175 ESTABLISHED 7582/pptpd [24.24.2
tcp 0 0 :::22 :::* LISTEN 815/sshd


this one is my main ip:

[root@vpn ~]# netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 815/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 893/master
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7580/pptpd
tcp 0 0 67.207.208.106:22 25.24.212.175:52058 ESTABLISHED 7461/sshd
tcp 0 0 67.207.208.106:1723 25.24.212.175:52250 ESTABLISHED 7631/pptpd [24.24.2
tcp 0 48 67.207.208.106:22 25.24.212.175:51881 ESTABLISHED 7409/sshd
tcp 0 0 :::22 :::* LISTEN 815/sshd

Last edited by ljzxtww; 07-06-2013 at 11:59 AM.
 
Old 07-13-2013, 12:37 AM   #8
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
sorry I was so much busy in the past days. don't know you have found a solution yet, but the line
Code:
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7580/pptpd
shows it satisfies the first condition.
so far, so good.
I'm suspecting that linux aliases shares layer 2 for every alias. for example I'm sure in cisco devices, each second ip for an interface has its own layer 2. and because of in pptp your dealing with layer2 encapsulation, you face this problem.
It was more helpful if you just for testing things, could ask your vps provider to build you a second interface and set the second ip for second interface. or if you could create a lab in office or home and test the situation.
 
Old 07-13-2013, 12:56 AM   #9
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,814

Rep: Reputation: Disabled
@ljzxtww: In case you are not aware of it, the authentication mechanism in PPTP is fatally flawed. An attacker with access to the data stream (for instance, someone using the same public wireless network, or someone connected to the same LAN segment) will be able to obtain your username and password quite easily.

I know this is not related to your original question, but I thought you should know that the protocol you're in the process of implementing offers little to no real security.
 
Old 07-13-2013, 11:43 AM   #10
ljzxtww
LQ Newbie
 
Registered: Jul 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pendrive View Post
sorry I was so much busy in the past days. don't know you have found a solution yet, but the line
Code:
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7580/pptpd
shows it satisfies the first condition.
so far, so good.
I'm suspecting that linux aliases shares layer 2 for every alias. for example I'm sure in cisco devices, each second ip for an interface has its own layer 2. and because of in pptp your dealing with layer2 encapsulation, you face this problem.
It was more helpful if you just for testing things, could ask your vps provider to build you a second interface and set the second ip for second interface. or if you could create a lab in office or home and test the situation.
hi:

Thanks you for reply the post, is ok for me. also i already have second interface ip alias. check it out.


Code:
[root@vpn ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:85:61:2A  
          inet addr:67.207.208.106  Bcast:67.207.208.127  Mask:255.255.255.192
          inet6 addr: fe80::216:3eff:fe85:612a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:108121 errors:0 dropped:0 overruns:0 frame:0
          TX packets:92551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:42713388 (40.7 MiB)  TX bytes:39895978 (38.0 MiB)
          Interrupt:23 

eth0:0    Link encap:Ethernet  HWaddr 00:16:3E:85:61:2A  
          inet addr:67.207.208.91  Bcast:67.207.208.127  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:23
 
Old 07-20-2013, 04:29 AM   #11
pendrive
Member
 
Registered: Mar 2011
Posts: 51

Rep: Reputation: 2
No I mean try do not alias it because of the situation I was suspected.
try something like this:
eth0 67.207.208.106
eth1 67.207.208.91
I mean get another interface. not alias it. if its gonna cost you, you can create a lab in home and test it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PPTP Packets from the VPN Client Cannot Reach the VPN server SubZeroJake Linux - Networking 1 05-14-2012 06:52 PM
VPN using PPTP WolfCub Linux - Networking 0 09-28-2008 05:52 PM
pptp vpn connetion from behind non vpn router paind Linux - Networking 0 07-18-2008 02:44 PM
LXer: Linux Configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server LXer Syndicated Linux News 0 06-13-2007 08:46 AM
Performance Analysis of VPN Protocols Smooth Linux - Security 1 10-11-2003 07:44 AM


All times are GMT -5. The time now is 11:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration