LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-28-2006, 03:13 PM   #1
robbbert
Member
 
Registered: Oct 2005
Location: Hannover, Germany
Distribution: Let there be Ubuntu... :o)
Posts: 573

Rep: Reputation: 32
Question VPN connection to PC @ work


Hi,

From my home computer, I'd like to connect to my computer at work, which is connected to the corporate network there, and is running.

To the internet, I'm connected via DSL, and I've setup PPTPconfig, and also established a connection to the PPTP resp. VPN server:
Code:
Using interface ppp1pptpconfig: monitoring interface ppp1

Connect: ppp1 <--> /dev/pts/1
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
Cannot determine ethernet address for proxy ARP
local  IP address 192.168.0.91
remote IP address 192.168.0.92
primary   DNS address 192.168.0.20
pptpconfig: pppd process exit status 0 (started)
ip route replace 83.236.211.58 dev ppp0  src 84.131.89.58
pptpconfig: routes added to remote networks
pptpconfig: DNS changes made to /etc/resolv.conf
pptpconfig: connected
Currently there are two problems:
  1. I cannot connect ( = ping) to other computers in the corporate network. (I tried to reach them by their computer names, but tried some IP adresses too of which I think they would exist.)
    Maybe I have to set the corporate name server in PPTPconfig's settings?
  2. When I close PPTPconfig's connection, the underlying, regular DSL connection stops from working. I.e., "ping www.google.com" results in "unknown host". I have to "poff" it, and to re-connect.
I think there are some basic deficiencies with my knowledge on networking, so could please someone point me to a direction?

Thanks indeed
robbbert

[Edit](Probably) obviously, this is a Microsoft VPN server, not a Cisco one.[/Edit]

Last edited by robbbert; 03-28-2006 at 03:22 PM.
 
Old 03-28-2006, 06:11 PM   #2
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
It looks like you made a connection to a VPN server that gives you access to the 192.168.0.0/24 private IP subnet. Whatever network (for the most part the first 3 digits of the IP address) you connect to has to be different than the one you connect from, so make sure your home network and work network aren't both set as 192.168.0.x If they are you will probably have to change your home network. As for the lost connection to The Internet, this is probably due to one or both of your default gateway and DNS server(s) changing. If your default gateway changes then all your network traffic, including The Internet, will go through the VPN and out from that (the company) network.

1. "pptpconfig: DNS changes made to /etc/resolv.conf" says that your DNS settings did change. You can cat /etc/resolv.conf before and after connecting and see what changed. If there is an Active Directory domain at work or you need to connect to specific hosts on the work network by name, you probably need their DNS when the VPN is up. Presumably their DNS server(s) resolve outside addresses like linuxquestions.org the same as any other DNS server so that shouldn't hurt if you can actually see their DNS server.

2. Sounds like the default gateway doesn't get set back to the DSL connection. Barring that the VPN connection doesn't change the route (default gateway = default route) back itself, it probably has a disconnect script where you can add the default route back to whatever it was (ppp0?) On second though, you probably only need access to one or just a few subnets, so having individual routes instead
of a default route may be preferable. ex is that the VPN connection should use itself as the route to the 192.168.0.0/24 network instead of becoming the new default route.


If you cant get it working, or figure out what I was saying, post the results of cat /etc/resolv.conf and netstat -r before you make the VPN connection and while it's active.
 
Old 03-29-2006, 02:12 PM   #3
robbbert
Member
 
Registered: Oct 2005
Location: Hannover, Germany
Distribution: Let there be Ubuntu... :o)
Posts: 573

Original Poster
Rep: Reputation: 32
Quote:
make sure your home network and work network aren't both set as 192.168.0.x
I remember this caused problems in another case. However, my home PC is not connected to any private network, and I think 127.0.0.1 is the only valid IP address if there are no external name servers.
Quote:
"pptpconfig: DNS changes made to /etc/resolv.conf" says that your DNS settings did change
That's true. Before connecting to the VPN tunnel, its contents was:
Quote:
nameserver 217.237.149.161
nameserver 217.237.150.97
and afterwards:
Quote:
nameserver 192.168.0.20
When I change it back (while being connected to the VPN server) I can connect to URLs like www.google.com (but not when the nameserver is 192.168.0.20). Under Windows, with no special gateway or DNS specified, this worked.
Quote:
If there is an Active Directory domain at work or you need to connect to specific hosts on the work network by name, you probably need their DNS when the VPN is up
I believe that's 192.168.0.20.
Quote:
Presumably their DNS server(s) resolve outside addresses like linuxquestions.org the same as any other DNS server
That's true (when connecting from the Windows PC).
Quote:
it probably has a disconnect script where you can add the default route back
That's true. Its log says it was restoring the original resolv.conf but resolving external URIs doesn't work afterwards, until I re-connect to the DSL connection. However, the command "poff -a" doesn't output any message, which means there was an active connection indeed (still the DSL connection).
Quote:
If you cant get it working, or figure out what I was saying, post the results of cat /etc/resolv.conf and netstat -r before you make the VPN connection and while it's active.
I have to admit I'm really confused now...

Before opening the VPN tunnel:
Quote:
nameserver 217.237.149.161
nameserver 217.237.150.97
Quote:
robert@ubuntu:~$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
217.0.116.122 * 255.255.255.255 UH 0 0 0 ppp0
default * 0.0.0.0 U 0 0 0 ppp0
Afterwards:
Quote:
nameserver 192.168.0.20
Quote:
robert@ubuntu:~$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.92 * 255.255.255.255 UH 0 0 0 ppp1
83.236.211.58 * 255.255.255.255 UH 0 0 0 ppp0
217.0.116.122 * 255.255.255.255 UH 0 0 0 ppp0
default * 0.0.0.0 U 0 0 0 ppp0
- I'm appreciating your help very much and will do anything to get this working. I mean, it's not hard for me to work with PostgreSQL and Java instead of MS SQL Server and .NET but this networking stuff actually is a black hole to me, I don't know why.

If you had any idea Darin.
 
Old 03-29-2006, 03:00 PM   #4
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Quote:
Originally Posted by robbbert
ip route replace 83.236.211.58 dev ppp0 src 84.131.89.58
...Is the confusing part, it should instead be adding something to the route table to say, "hey! use the VPN to get to anything starting with 192.168.0" but it's not.

Since you can't see anything on the other side of the tunnel you can't see the nameserver and thus can't see The Internet. Presumably when the VPN is working so you CAN see the remote network, you will also see the 192.168.0.20 nameserver and also be able to surf the net while the VPN is active.

Quote:
Originally Posted by robbbert
...Under Windows, with no special gateway or DNS specified, this worked.
Windows and Linux should both be doing the same thing, working with no special settings. The downside is Linux is a little trickier to figure out, the upside is you can "look under the hood" easier in Linux. Brushing aside the W vs L debate, let's move on...

I'll take an edjumicated stab and suggest doing this when the VPN is up:
Code:
route add -net 192.168.0.0 netmask 255.255.255.0 gw 0.0.0.0 dev ppp1
My other guess is that since both your Internet and VPN connections are ppp connections (to Linux) they both use the same place to hold the "original" resolv.conf so when ppp0 comes up it stores a useless resolv.conf and makes a useable one, when ppp1 comes up it sees a stored resolv.conf (with presumably nothing in it) and tries to "restore" that file when it closes down. This would explain why you can't surf until after you restart the DSL (ppp0) connection. The permenant workaround for this, since the DSL is your primary Internet connection, is to:
-Make sure the DSL connection is active
-find the ppp stored resolve file, presumably it is /etc/ppp/resolv.conf
-overwrite the file above with the contents of /etc/resolv.conf
Code:
root@ubuntu:~# cat /etc/resolv.conf > /etc/ppp/resolv.conf
Overwriting the stored resolv.conf will make it so you can connect to The Internet after bringing down the VPN. Hopefully the route command gets the VPN working, if it does theres probably a startup script where you could add that command in. If not post how it went and we can take another shot at it.
 
Old 03-31-2006, 02:44 PM   #5
robbbert
Member
 
Registered: Oct 2005
Location: Hannover, Germany
Distribution: Let there be Ubuntu... :o)
Posts: 573

Original Poster
Rep: Reputation: 32
Issue solved

Quote:
route add -net 192.168.0.0 netmask 255.255.255.0 gw 0.0.0.0 dev ppp1
That did the trick! In the pptpconfig graphical dialogs, I was able add this option.
Quote:
root@ubuntu:~# cat /etc/resolv.conf > /etc/ppp/resolv.conf
When the VPN tunnel is open, now our corporate nameserver suffices, and surfing the internet does work without changing or adding the DSL nameservers.
However, when the VPN tunnel is closed, the original DSL nameservers need to be restored. I found a backup file the pptpconfig application apparently creates, and wrote a mini script (my first one!) according to your "cat" function to restore the original resolv.conf.

After all, I would like to thank you Darin for your support and engagement, I'm deeply grateful, and I'm trying to help others, too. - The VPN / Terminal Server connection even works better than the Windows variety did (speed and graphics quality). - I'm so glad with my full-blown Ubuntu Dapper, the best set of software I (as a former Microsoft guy) ever had installed on a computer.

Thanks again, sincerely
robbbert
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Connection! skate Linux - Newbie 4 09-10-2006 02:34 PM
Connection to Windows VPN flyingace Linux - Networking 4 03-28-2006 03:51 PM
vpn connection bahramcho Linux - Networking 1 05-04-2005 08:58 AM
vpn connection bahramcho Linux - Networking 1 04-29-2005 12:42 PM
VPN connection bahramcho Linux - Networking 1 04-25-2005 07:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration