Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-12-2006, 02:06 PM   #1
Registered: May 2003
Location: Vancouver
Distribution: RH9
Posts: 100

Rep: Reputation: 15
PPTP Reverse(synchronous) Tunnel

Hello All!!

We're trying to open up a branch office and thus want to extend our local intranet. We're going to do this by getting a Fedora Core 5 router to connect to a WSBS VPN server.

I have Windows Small Business Server 2003 (i know i know) that's currently acting as a VPN / DNS / Primary Domain Controller / and DHCP server. It's IP is and thus on the subnet, its name is pdc-01. There is also a Fedora Core 5 router with an IP of

I have a Fedora Core 5 Server running at a remote location that has a PPTP client running on it. This remote network is on the subnet and the router has the ip its name is pdc-02

When pdc-02 activates it's PPTP client and connects to pdc-01 it routes all traffic destined for through the VPN tunnel. Remotely everything works flawlessley, I even got samba working as a WINS proxy to pdc-01, but within the primary office network I cant connect to or anything on that subnet. I can ping and connect to the remote IP for the PPTP client, which is

Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for to At which point the request would sent to pdc-02, the problem is pdc-02 doesnt route or respond to those requests properly and I dont understand why.

Here are my VPN related IPTABLES rules on pdc-02

iptables --insert OUTPUT 1 --source --destination --jump ACCEPT --out-interface 'ppp0'
iptables --insert INPUT 1 --source --destination --jump ACCEPT --in-interface 'ppp0'
iptables --insert FORWARD 1 --source --destination --jump ACCEPT --out-interface 'ppp0'
iptables --insert FORWARD 1 --source --destination --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface 'ppp0' --jump
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump
TCPMSS --clamp-mss-to-pmtu
Old 09-13-2006, 12:31 PM   #2
Registered: Oct 2003
Location: Virginia, US
Distribution: Debian, Ubuntu, Knoppix.
Posts: 76

Rep: Reputation: 17
Originally Posted by otisthegbs
Now I'm assuming that this has to do with my routing rules. In the central office i've told my router to send all requests for to
I'm curious... do you mean you're routing traffic with iptables? It seems like the easiest way would be to just add a line to the routing tables on

For instance, ip route add via executed on should result in something like:
#ip route show dev eth0  scope link dev wan0  scope link  (made-up wan ip - ignore) dev lo  scope link 
default via dev eth0  (made-up wan router - ignore) via
oh... also, IP Forwarding needs to be enabled on pdc-02. You can enable it with sysctl -w net.ipv4.ip_forward=1

If you're still having problems after that, it might be something else, but your iptables rules look fine to me. Also, if any of those commands work, they're just temporary (until you reboot). You can always put them in an rc script, though.
Old 09-13-2006, 07:07 PM   #3
Registered: May 2003
Location: Vancouver
Distribution: RH9
Posts: 100

Original Poster
Rep: Reputation: 15
Ya totally, in post above it states in the third paragraph that I've already done this. Now the router at send all traffic destined for to but when the traffic gets to the second router doesnt send it to which is the second router's eth1.

and thats the prob: when the traffic gets to (which is a router) the router doesnt send it to

OH HEY, i just thought of something, what if i made a 'one-way' bridge using brctl. you think that would work? any one know?

the bridge would be between ppp0 and eth1

also to note as well when im logged into and try to ping i get this response

From icmp_seq=0 Redirect Host(New nexthop: so this tells me that knows to send traffic, thus 1.13 is the problem is it not?

Last edited by otisthegbs; 09-13-2006 at 07:11 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH reverse tunnel (lo only? why not eth0) Dinomight Linux - Networking 3 08-17-2006 09:44 PM
i installed pptp but cant connect/establish the tunnel... jamiguel77 Linux - Networking 0 04-24-2006 05:17 AM
pptp tunnel at boot gbj Linux - Networking 0 07-21-2003 01:30 PM
pptp-command tunnel configuration opogon1 Linux - Networking 1 12-26-2002 07:42 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 01:24 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:28 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration