Routing issue with VPN Client into PPP/Poptop
Hello All,
I do not understand how to configure the routing for my VPN client through my VPN server. I am running Poptop on Suse 9.1 Professional and have configured it to allow connections through the mppe module. I can make connections sucessfully and the client recieves it's ip address. What I can't do is configure the routing to allow the remote VPN client to be on the network. I need the client to access a alternate samba server in addition to the VPN machine. I have disabled the firewall for the moment but need to work in the routing rules with a secure firewall configuration. I would like to use IP Tables but are new to them and don't understand what rules I would need. My remote client is given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur. Can someone point me in the right direction as to what I need to do to allow the client to get on the network. I can't ping from either direction and get protocol rejected messages when pinging from the VPN server back to the ppp connection. I have attached dumps of some logs and configuration settings. Thanks in advance for any help, Regards, Brett Carruthers *** options.pptpd file name * lock mtu 1450 mru 1450 proxyarp ms-wins 192.168.0.8 auth ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 default-asyncmap # debug # Handshake Auth Method +chap +mschap-v2 # Data Encryption Methods mppe required *** ifconfig whilst client connected eth0 Link encap:Ethernet HWaddr 00:C0:9F:3D:20:03 inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::2c0:9fff:fe3d:2003/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1211603 errors:0 dropped:0 overruns:0 frame:0 TX packets:1364323 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:162763963 (155.2 Mb) TX bytes:163546618 (155.9 Mb) Base address:0xece0 Memory:fe3e0000-fe400000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2222 errors:0 dropped:0 overruns:0 frame:0 TX packets:2222 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:176258 (172.1 Kb) TX bytes:176258 (172.1 Kb) ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.0.11 P-t-P:192.168.0.230 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:89 errors:51 dropped:0 overruns:0 frame:0 TX packets:61 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:7717 (7.5 Kb) TX bytes:334 (334.0 b) *** Successful connection from /var/log/messages Oct 6 11:00:56 webserv pptpd[20627]: MGR: Launching /usr/sbin/pptpctrl to handle client Oct 6 11:00:56 webserv pptpd[20627]: CTRL: local address = 192.168.0.11 Oct 6 11:00:56 webserv pptpd[20627]: CTRL: remote address = 192.168.0.230 Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd speed = 115200 Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd options file = /etc/ppp/options.pptpd Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Client 210.9.55.194 control connection started Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 1) Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Made a START CTRL CONN RPLY packet Oct 6 11:00:56 webserv pptpd[20627]: CTRL: I wrote 156 bytes to the client. Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Sent packet to client Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 7) Oct 6 11:00:57 webserv pptpd[20627]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Made a OUT CALL RPLY packet Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Starting call (launching pppd, opening GRE) Oct 6 11:00:57 webserv pptpd[20627]: CTRL: pty_fd = 5 Oct 6 11:00:57 webserv pptpd[20627]: CTRL: tty_fd = 6 Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): Connection speed = 115200 Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): local address = 192.168.0.11 Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): remote address = 192.168.0.230 Oct 6 11:00:57 webserv pptpd[20627]: CTRL: I wrote 32 bytes to the client. Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Sent packet to client Oct 6 11:00:57 webserv pppd[20628]: pppd 2.4.2 started by root, uid 0 Oct 6 11:00:57 webserv pppd[20628]: Using interface ppp0 Oct 6 11:00:57 webserv pppd[20628]: Connect: ppp0 <--> /dev/pts/2 Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15) Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15) Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs Oct 6 11:01:00 webserv pppd[20628]: MPPC/MPPE 128-bit stateful compression enabled Oct 6 11:01:02 webserv pppd[20628]: found interface eth0 for proxy arp Oct 6 11:01:02 webserv pppd[20628]: local IP address 192.168.0.11 Oct 6 11:01:02 webserv pppd[20628]: remote IP address 192.168.0.230 *** Routing table Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.230 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 *** protocol rejects when trying to ping client from server Oct 6 11:10:15 webserv pppd[20628]: Protocol-Reject for unsupported protocol 0x9000 |
i think there is trouble with your network structure. your eth0 and ppp devices are in same network segment. u can move VPN ip to another segment. like 192.168.1.230. and u can turn on routing (if u didnt do that), also do SNAT for VPN client.
Code:
echo "1">/proc/sys/net/ipv4/ip_forward Quote:
http://www.linuxquestions.org/questi...ghlight=poptop altenatives: onather VPN server such as IP_SEC based VPN server instead of poptop. http://www.freeswan.org/ or u can buy a new ADSL modem which includes VPN server :D good luck |
All times are GMT -5. The time now is 07:19 AM. |