LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-07-2011, 03:26 PM   #1
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Rep: Reputation: 5
PPTP-vpn on Debian, can connect but no Internet Access.


Hi LQ!

I have started a newly started a VPN-service with some friends and are offering both OpenVPN and PPTP-vpn.

The OpenVPN works perfectly, but we have some problem with the PPTP.

It is possible to connect to the VPN, but once connected you can't get any type of access to the outside world ( the interner ).


I've googled (Ok, not I, but the tech-guy has) and havn't found any solution so therefor we try here.

We are running Debian 5.0 on a XEN VPS.
On the machines we've tested OpenVPN works like a charm.


Any clues?


Best regards, Emil

Last edited by h0n0r; 01-11-2011 at 11:43 PM. Reason: SOLVED: Firewall issue.
 
Old 01-07-2011, 06:56 PM   #2
mf93
Member
 
Registered: Jun 2009
Distribution: Debian Squeeze, centOS
Posts: 229

Rep: Reputation: 36
make sure your server is configured to forward packets. Also, after you connect put this code in:

Code:
# route add default gw 192.168.1.1
where 192.168.1.1 is the ip of the gateway on your network. Also, make sure it is not a dns-resolution issue, so make sure your nameserver is your local network's, not the network you are tunneling into. If you are trying to tunnel the internet THROUGH the vpn, then make sure the server is configured to forward packets.
 
Old 01-08-2011, 10:57 AM   #3
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Original Poster
Rep: Reputation: 5
Sadly, this didn't solve the problem.

While connected I noticed I could SSH into the server, with it's external IP-adress through PuTTy, but nothing else.

If that information helps in some way.


Best regards, h0n0r.
 
Old 01-11-2011, 11:43 PM   #4
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Original Poster
Rep: Reputation: 5
Solved.
 
Old 05-10-2011, 04:52 PM   #5
lezelf
LQ Newbie
 
Registered: May 2011
Posts: 3

Rep: Reputation: 0
Hi, i have the same issue can you tell me how you solved it?
thank you.
 
Old 05-11-2011, 01:42 AM   #7
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Original Poster
Rep: Reputation: 5
I have a shellscript to do this, ill upload it after School later tonight
 
Old 05-12-2011, 02:39 AM   #8
lezelf
LQ Newbie
 
Registered: May 2011
Posts: 3

Rep: Reputation: 0
This would be greatly appreciated
 
Old 05-13-2011, 12:12 AM   #9
CodeKrash
LQ Newbie
 
Registered: May 2011
Posts: 21

Rep: Reputation: 1
if you want a secure, reliable way to use the internet from your VPN, use an SNAT/DNAT

There are scripts out there to automatically accomplish this when the system boots, but if your system is reliable and secure enough, you will want to monitor this activity manually.

Plus+ Some scripts only work in certain environments, depending on the version of linux/iptables/etc

Your best bet is to recreate the SNAT/DNAT methods.

If you have very many VPN users, you may have to resort to a different method, which requires even closer observation of iptables rules.

Gateway IPTABLES rules:

Code:
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    REJECT     all  --  0.0.0.0/0            127.0.0.0/8         reject-with icmp-port-unreachable
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1194
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3690
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
8    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
9    LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables denied: '
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  0.0.0.0/0            <ip4 address>      tcp dpt:8080 to:<ip4 PPTP Client>:80

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       all  --  10.8.0.0/24          0.0.0.0/0           to:<ip4 address>

Chain OUTPUT (policy ACCEPT)
ALso, if you wish to forward a port here is the solution:

Code:
//////////////PORT FORWARDING WORKING SOLUTION BEGIN
iptables -t nat -A PREROUTING -d $INTERNETIP -p tcp --dport 8080 -j DNAT --to-destination $LANIP
//////////////PORT FORWARDING WORKING SOLUTION END
PLEASE note that I am in the process of deciphering what my iptables /etc/init.d script actually does, namely the SNAT rule, so you may see that it is easy to get carried away with automation!

Last edited by CodeKrash; 05-13-2011 at 12:18 AM.
 
Old 05-13-2011, 03:35 AM   #10
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Original Poster
Rep: Reputation: 5
Of course the server I have the script stored on is down... I'll do it asap.
 
Old 05-29-2011, 07:27 AM   #11
h0n0r
LQ Newbie
 
Registered: Jul 2010
Posts: 13

Original Poster
Rep: Reputation: 5
Still need it?
 
Old 05-30-2011, 01:53 AM   #12
lezelf
LQ Newbie
 
Registered: May 2011
Posts: 3

Rep: Reputation: 0
deadly. actually i tried smth new like kill the firewall adminitrator (reason why i need VPN) lol but didnt really work out :/.
So yes i'm still in need
 
Old 08-20-2011, 03:16 PM   #13
xelotar
LQ Newbie
 
Registered: Aug 2011
Posts: 1

Rep: Reputation: Disabled
hmmm i came across this thread with the identical problem. so far i was not able to solve it, what was the solution to this issue?
 
Old 09-03-2011, 11:34 PM   #14
CodeKrash
LQ Newbie
 
Registered: May 2011
Posts: 21

Rep: Reputation: 1
SNAT works well to tunnel traffic through to the internet
 
Old 02-01-2012, 03:24 PM   #15
acampbell
Member
 
Registered: Nov 2003
Location: London
Distribution: Debian
Posts: 118

Rep: Reputation: 16
I've described my experience of setting up a PPTP VPN client on Debian: www.acampbell.org.uk/linux/vpn.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] pptp changed default after connect VPN Solov Linux - Networking 1 08-10-2010 09:06 AM
PPTP VPN can connect, but cannot ping/ssh koodoo Linux - Networking 1 02-23-2010 12:31 PM
PPTP VPN can connect, but cannot ping terrio Linux - Networking 5 02-18-2010 06:39 AM
How can I connect to my VPN server(win2003, pptp) jenen Linux - Networking 4 10-27-2009 01:35 PM
PPTP VPN cant connect to Lan Spunky Linux - Networking 10 10-17-2008 10:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration