-   Linux - Networking (
-   -   PPTP Reverse(synchronous) Tunnel (

otisthegbs 09-12-2006 02:06 PM

PPTP Reverse(synchronous) Tunnel
Hello All!!

We're trying to open up a branch office and thus want to extend our local intranet. We're going to do this by getting a Fedora Core 5 router to connect to a WSBS VPN server.

I have Windows Small Business Server 2003 (i know i know) that's currently acting as a VPN / DNS / Primary Domain Controller / and DHCP server. It's IP is and thus on the subnet, its name is pdc-01. There is also a Fedora Core 5 router with an IP of

I have a Fedora Core 5 Server running at a remote location that has a PPTP client running on it. This remote network is on the subnet and the router has the ip its name is pdc-02

When pdc-02 activates it's PPTP client and connects to pdc-01 it routes all traffic destined for through the VPN tunnel. Remotely everything works flawlessley, I even got samba working as a WINS proxy to pdc-01, but within the primary office network I cant connect to or anything on that subnet. I can ping and connect to the remote IP for the PPTP client, which is

Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for to At which point the request would sent to pdc-02, the problem is pdc-02 doesnt route or respond to those requests properly and I dont understand why.

Here are my VPN related IPTABLES rules on pdc-02

iptables --insert OUTPUT 1 --source --destination --jump ACCEPT --out-interface 'ppp0'
iptables --insert INPUT 1 --source --destination --jump ACCEPT --in-interface 'ppp0'
iptables --insert FORWARD 1 --source --destination --jump ACCEPT --out-interface 'ppp0'
iptables --insert FORWARD 1 --source --destination --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface 'ppp0' --jump
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump
TCPMSS --clamp-mss-to-pmtu

indeterminate 09-13-2006 12:31 PM


Originally Posted by otisthegbs
Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for to

I'm curious... do you mean you're routing traffic with iptables? It seems like the easiest way would be to just add a line to the routing tables on

For instance, ip route add via executed on should result in something like:

#ip route show dev eth0  scope link dev wan0  scope link  (made-up wan ip - ignore) dev lo  scope link
default via dev eth0  (made-up wan router - ignore) via

oh... also, IP Forwarding needs to be enabled on pdc-02. You can enable it with sysctl -w net.ipv4.ip_forward=1

If you're still having problems after that, it might be something else, but your iptables rules look fine to me. Also, if any of those commands work, they're just temporary (until you reboot). You can always put them in an rc script, though.

otisthegbs 09-13-2006 07:07 PM

Ya totally, in post above it states in the third paragraph that I've already done this. Now the router at send all traffic destined for to but when the traffic gets to the second router doesnt send it to which is the second router's eth1.

and thats the prob: when the traffic gets to (which is a router) the router doesnt send it to

OH HEY, i just thought of something, what if i made a 'one-way' bridge using brctl. you think that would work? any one know?

the bridge would be between ppp0 and eth1

also to note as well when im logged into and try to ping i get this response

From icmp_seq=0 Redirect Host(New nexthop: so this tells me that knows to send traffic, thus 1.13 is the problem is it not?

All times are GMT -5. The time now is 04:07 PM.