[ROUTING] VPN client networking/firewall

loopy69 · 10-05-2004, 08:13 PM

Hello All,

I do not understand how to configure the routing for my VPN client through my VPN server. I am running Poptop on Suse 9.1 Professional and have configured it to allow connections through the mppe module. I can make connections sucessfully and the client recieves it's ip address.

What I can't do is configure the routing to allow the remote VPN client to be on the network. I need the client to access a alternate samba server in addition to the VPN machine. I have disabled the firewall for the moment but need to work in the routing rules with a secure firewall configuration.

I consider myself fairly versant with networking but admittedly Im new to linux iptables and the like. My remote clients are given an IP address of 192.168.0.230, the server is 192.168.0.11 and the internet connection goes through a firewalled ADSL modem at 192.168.0.1. I have port forwarded port 1723 to my VPN server from the ADSL to allow the vpn connection to occur.

Can someone point me in the right direction as to what I need to do to allow the client to get on the network. I can't ping from either direction and get protocol rejected messages when pinging from the VPN server back to the ppp connection. I have attached dumps of some logs and configuration settings.

Thanks in advance for any help,
Regards,
Brett Carruthers

*** options.pptpd file
name *
lock
mtu 1450
mru 1450
proxyarp
ms-wins 192.168.0.8
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
default-asyncmap
# debug

# Handshake Auth Method
+chap
+mschap-v2

# Data Encryption Methods
mppe required

*** ifconfig whilst client connected
eth0 Link encap:Ethernet HWaddr 00:C0:9F:3D:20:03
inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe3d:2003/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1211603 errors:0 dropped:0 overruns:0 frame:0
TX packets:1364323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:162763963 (155.2 Mb) TX bytes:163546618 (155.9 Mb)
Base address:0xece0 Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2222 errors:0 dropped:0 overruns:0 frame:0
TX packets:2222 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:176258 (172.1 Kb) TX bytes:176258 (172.1 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.11 P-t-P:192.168.0.230 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:89 errors:51 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7717 (7.5 Kb) TX bytes:334 (334.0 b)

*** Successful connection from /var/log/messages
Oct 6 11:00:56 webserv pptpd[20627]: MGR: Launching /usr/sbin/pptpctrl to handle client
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: local address = 192.168.0.11
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: remote address = 192.168.0.230
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd speed = 115200
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: pppd options file = /etc/ppp/options.pptpd
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Client 210.9.55.194 control connection started
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 1)
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Made a START CTRL CONN RPLY packet
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: I wrote 156 bytes to the client.
Oct 6 11:00:56 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 7)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Made a OUT CALL RPLY packet
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Starting call (launching pppd, opening GRE)
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: pty_fd = 5
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: tty_fd = 6
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): Connection speed = 115200
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): local address = 192.168.0.11
Oct 6 11:00:57 webserv pptpd[20628]: CTRL (PPPD Launcher): remote address = 192.168.0.230
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: I wrote 32 bytes to the client.
Oct 6 11:00:57 webserv pptpd[20627]: CTRL: Sent packet to client
Oct 6 11:00:57 webserv pppd[20628]: pppd 2.4.2 started by root, uid 0
Oct 6 11:00:57 webserv pppd[20628]: Using interface ppp0
Oct 6 11:00:57 webserv pppd[20628]: Connect: ppp0 <--> /dev/pts/2
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:58 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Received PPTP Control Message (type: 15)
Oct 6 11:00:59 webserv pptpd[20627]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Oct 6 11:01:00 webserv pppd[20628]: MPPC/MPPE 128-bit stateful compression enabled
Oct 6 11:01:02 webserv pppd[20628]: found interface eth0 for proxy arp
Oct 6 11:01:02 webserv pppd[20628]: local IP address 192.168.0.11
Oct 6 11:01:02 webserv pppd[20628]: remote IP address 192.168.0.230

*** Routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.230 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

*** protocol rejects when trying to ping client from server
Oct 6 11:10:15 webserv pppd[20628]: Protocol-Reject for unsupported protocol 0x9000