LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-05-2004, 08:13 PM   #1
loopy69
LQ Newbie
 
Registered: Apr 2004
Distribution: Fedora Core 5
Posts: 23

Rep: Reputation: 15
[ROUTING] VPN client networking/firewall


Hello All,

I do not understand how to configure the routing for my VPN client through my VPN server. I am running Poptop on Suse 9.1 Professional and have configured it to allow connections through the mppe module. I can make connections sucessfully and the client recieves it's ip address.

What I can't do is configure the routing to allow the remote VPN client to be on the network. I need the client to access a alternate samba server in addition to the VPN machine. I have disabled the firewall for the moment but need to work in the routing rules with a secure firewall configuration.

I consider myself fairly versant with networking but admittedly Im new to linux iptables and the like. My remote clients are given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur.

Can someone point me in the right direction as to what I need to do to allow the client to get on the network. I can't ping from either direction and get protocol rejected messages when pinging from the VPN server back to the ppp connection. I have attached dumps of some logs and configuration settings.

Thanks in advance for any help,
Regards,
Brett Carruthers

*** options.pptpd file
name *
lock
mtu 1450
mru 1450
proxyarp
ms-wins 192.168.0.8
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
default-asyncmap
# debug

# Handshake Auth Method
+chap
+mschap-v2

# Data Encryption Methods
mppe required


*** ifconfig whilst client connected
eth0 Link encap:Ethernet HWaddr 00:C0:9F:3D:20:03
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe3d:2003/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1211603 errors:0 dropped:0 overruns:0 frame:0
TX packets:1364323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:162763963 (155.2 Mb) TX bytes:163546618 (155.9 Mb)
Base address:0xece0 Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2222 errors:0 dropped:0 overruns:0 frame:0
TX packets:2222 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:176258 (172.1 Kb) TX bytes:176258 (172.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.11 P-t-P:192.168.0.230 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:89 errors:51 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7717 (7.5 Kb) TX bytes:334 (334.0 b)


*** Successful connection from /var/log/messages
Oct 6 11:00:56 webserv pptpd[20627]: MGR: Launching /usr/sbin/pptpctrl to handle client
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: local address = 192.168.0.11
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: remote address = 192.168.0.230
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd speed = 115200
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd options file = /etc/ppp/options.pptpd
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Client 210.9.55.194 control connection started
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 1)
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Made a START CTRL CONN RPLY packet
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: I wrote 156 bytes to the client.
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 7)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Made a OUT CALL RPLY packet
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Starting call (launching pppd, opening GRE)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: pty_fd = 5
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: tty_fd = 6
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): Connection speed = 115200
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): local address = 192.168.0.11
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): remote address = 192.168.0.230
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: I wrote 32 bytes to the client.
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pppd[20628]: pppd 2.4.2 started by root, uid 0
Oct 6 11:00:57 webserv pppd[20628]: Using interface ppp0
Oct 6 11:00:57 webserv pppd[20628]: Connect: ppp0 <--> /dev/pts/2
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:01:00 webserv pppd[20628]: MPPC/MPPE 128-bit stateful compression enabled
Oct 6 11:01:02 webserv pppd[20628]: found interface eth0 for proxy arp
Oct 6 11:01:02 webserv pppd[20628]: local IP address 192.168.0.11
Oct 6 11:01:02 webserv pppd[20628]: remote IP address 192.168.0.230

*** Routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.230 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

*** protocol rejects when trying to ping client from server
Oct 6 11:10:15 webserv pppd[20628]: Protocol-Reject for unsupported protocol 0x9000
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client routing problem on Debian Sarge pohl886 Linux - Networking 9 09-10-2006 05:49 PM
routing and VPN cboyd Linux - Networking 7 12-01-2004 02:02 AM
Routing issue with VPN Client into PPP/Poptop loopy69 Linux - Networking 1 10-07-2004 08:48 AM
recommended distro for vpn/firewall/routing? n00b1000 Linux - Networking 1 08-29-2004 02:38 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration