poptop and routing to the LAN

muxman · 10-14-2004, 05:31 AM

I have poptop running, I can connect to the vpn remotely and get an ip address. On the connecting machine I can ping the address of the pptp server on the LAN of the remote network I'm vpn'd into. I cannot however contact any other machines on that remote network. I'm connecting in to gain access to the LAN on that remote network but only the address on eth0 on the server that is running poptop is responding.

How to I get the vpn server to forward my traffic to the rest of the LAN on it's side?

Are there any easier or better pptp servers to run besides poptop? This is the only one I know of right now and I"m wondering what other there are.

Thanks.

michaelk · 10-14-2004, 08:56 AM

From
http://pptpclient.sourceforge.net/routing.phtml

iptables -A INPUT -s 192.168.10.0/24 -d 0.0.0.0/0.0.0.0 -j ACCEPT -i (internal interface)

iptables -A FORWARD s 0.0.0.0/0.0.0.0 -d192.168.10.0/24
-j ACCEPT -o (external interface)

iptables -A FORWARD -s 192.168.10.0/24 -d 0.0.0.0/0.0.0.0
-j ACCEPT

iptables --table nat --append POSTROUTING \
--out-interface ${IFNAME} --jump MASQUERADE

muxman · 10-14-2004, 11:44 AM

I'm not running iptables on the vpn machine. I take it I have to in order for the traffic to forward correctly? Is that the only way for it to work is by forwarding that way? No big deal if it is but I'd like not to have more running than needs to be if possible.

Thanks.

michaelk · 10-14-2004, 01:11 PM

Sorry, I don't know of any other way at the moment.

bastard23 · 10-14-2004, 05:11 PM

If the client's IP address is in the same network as the server's lan, you need to make sure you have proxy_arp on in the ppp options file. (Debian has /etc/ppp/pptpd-options).

You also need ip_forward on (echo 1 >/proc/sys/net/ipv4/ip_forward).

If the VPN clients addresses are in a different network, then you need to setup routing.