Hi!

I recently got PoPToP PPTP Server working on my Mandrake 10.1 box and I am having problems. After going through 5 Linux Distributions, OpenVPN, FreeS\WAN, OpenS\WAN and StrongS\WAN, I am nearly about to blow up... .

Basically, My friend can connect using Windows XP SP2 fine, however, ALL that he can see and ping is the PPTP Server itself.

PPTP Server IP = 10.0.0.1
Client IP Range = 192.168.0.25 -> 192.168.0.50

The PPTP Server IP is a virtual one, meaning that I have just made it that IP in the PPTP Config file and that all works nicely. And so on my friend's Windows XP Box, he can execute:

C:\WINDOWS>ping 10.0.0.1

without any problems. And I can execute:

[root@server root]#ping 192.168.0.25

with no problems.

The Problem occurs when HE (192.168.0.25) tries to ping ANOTHER (192.168.0.3) box on my network.

C:\WINDOWS>ping 192.168.0.3

and it fails. Now, I think that he _may_ have that IP on his internal network, and I'm sure that I can change my IP address assignments without any problems, however, how would I go about letting HIS CLIENT COMPUTER (192.168.0.25) access my Windows XP box (192.168.0.3) on My network (192.168.0.x)?

Thanks!

Does _anyone_ reply to posts @ LinuxQuestions......??????

People do respond to posts here providing that they can help you. You don't tend to get streams of posts saying "sorry don't know".
If you don't get a response its likely that no-one feels able to help, you might take this as a clue that you are maybe in the wrong forum. PPTP is after all a Microsoft protocol.

I don't have much experience with PPTP but I can make some general suggestions.

Check the IP that is being assigned to the client. Typically with tunnel assigned addresses this is likley to be a host specific address carrying a 255.255.255.255 mask. In this case if the client tries to ping 192.168.0.3, it is in effect on a different network and will either get a Network Unreachable response or if he has a default route from his local network will likely get delivered to his internet firewall and timeout.

If so you can do a route add 192.168.0.3 mask 255.255.255.255 10.0.0.1 on his XP box and it will then know how to route to your host.

If he needs generic access to the 192.168.0.0 subnet on your network but has the same subnet locally then you are going to cause him problems by doing this and will need to use a different
subnet for your end, either that or implement nat so that it appears to be a different subnet to him.

Don't mind responding to your post, but it would help if you posted more than just a problem description. i.e. pptpd.conf, ifconfig output after client connects, relavent logfile entries, etc...

A couple of reasons why VPN's don't work when trying to implement for the first time:

1) Firewall rules do not cover the case where the client IP should NOT be NAT'd. Remember, your firewall should not NAT the packets to/from the remote VPN client. You simply want to pass this traffic (as is) across the tunnel.

2) The internal interface of the firewall (which I am assuming is also your PPTP server) is not being set to proxy arp for the remote VPN IP address. Without the interface being set to proxy for the remote IP, then a computer on your LAN cannot locate the remote VPN client (using arp). Thus, it does not know where to send the reply packet.

I had similar problems with PoPToP. I gave up and switched to OpenVPN, which finally worked - but I now realize the problem was the same.

At least Fedora Core 3 doesn't enable IP forwarding by default.

- You'll also need to make sure your firewall is set up correctly.

- You'll also need to ensure that the remote machine knows to route through the local machine, and that the local machine can route on that interface.

I wrote a verbose blog entry at http://www.sonnik.com/archives/000032.html - while it discusses OpenVPN, it addresses basic concepts that would explain the PoPToP problems as well.

make sure the following line appears on /etc/ppp/options.pptpd
proxyarp