LinuxQuestions.org - Routing issue with VPN Client into PPP/Poptop

Hello All,

I do not understand how to configure the routing for my VPN client through my VPN server. I am running Poptop on Suse 9.1 Professional and have configured it to allow connections through the mppe module. I can make connections sucessfully and the client recieves it's ip address.

What I can't do is configure the routing to allow the remote VPN client to be on the network. I need the client to access a alternate samba server in addition to the VPN machine. I have disabled the firewall for the moment but need to work in the routing rules with a secure firewall configuration.

I would like to use IP Tables but are new to them and don't understand what rules I would need. My remote client is given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur.

Can someone point me in the right direction as to what I need to do to allow the client to get on the network. I can't ping from either direction and get protocol rejected messages when pinging from the VPN server back to the ppp connection. I have attached dumps of some logs and configuration settings.

Thanks in advance for any help,
Regards,
Brett Carruthers

*** options.pptpd file
name *
lock
mtu 1450
mru 1450
proxyarp
ms-wins 192.168.0.8
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
default-asyncmap
# debug

# Handshake Auth Method
+chap
+mschap-v2

# Data Encryption Methods
mppe required

*** ifconfig whilst client connected
eth0 Link encap:Ethernet HWaddr 00:C0:9F:3D:20:03
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe3d:2003/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1211603 errors:0 dropped:0 overruns:0 frame:0
TX packets:1364323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:162763963 (155.2 Mb) TX bytes:163546618 (155.9 Mb)
Base address:0xece0 Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2222 errors:0 dropped:0 overruns:0 frame:0
TX packets:2222 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:176258 (172.1 Kb) TX bytes:176258 (172.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.11 P-t-P:192.168.0.230 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:89 errors:51 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7717 (7.5 Kb) TX bytes:334 (334.0 b)

*** Successful connection from /var/log/messages
Oct 6 11:00:56 webserv pptpd[20627]: MGR: Launching /usr/sbin/pptpctrl to handle client
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: local address = 192.168.0.11
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: remote address = 192.168.0.230
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd speed = 115200
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd options file = /etc/ppp/options.pptpd
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Client 210.9.55.194 control connection started
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 1)
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Made a START CTRL CONN RPLY packet
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: I wrote 156 bytes to the client.
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 7)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Made a OUT CALL RPLY packet
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Starting call (launching pppd, opening GRE)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: pty_fd = 5
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: tty_fd = 6
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): Connection speed = 115200
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): local address = 192.168.0.11
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): remote address = 192.168.0.230
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: I wrote 32 bytes to the client.
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pppd[20628]: pppd 2.4.2 started by root, uid 0
Oct 6 11:00:57 webserv pppd[20628]: Using interface ppp0
Oct 6 11:00:57 webserv pppd[20628]: Connect: ppp0 <--> /dev/pts/2
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:01:00 webserv pppd[20628]: MPPC/MPPE 128-bit stateful compression enabled
Oct 6 11:01:02 webserv pppd[20628]: found interface eth0 for proxy arp
Oct 6 11:01:02 webserv pppd[20628]: local IP address 192.168.0.11
Oct 6 11:01:02 webserv pppd[20628]: remote IP address 192.168.0.230

*** Routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.230 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

*** protocol rejects when trying to ping client from server
Oct 6 11:10:15 webserv pppd[20628]: Protocol-Reject for unsupported protocol 0x9000