Routing table for a PPTP configuration
Hi all,
I have a problem cofiguring VPN connection using pptp. I've installed the pptp package (it's Robby's). I followed the instructions linked from pptp's site (a debian how-to if i'm not mistaken). well, here's my particular setup: 1) I connected to an access point through my wireless connection eth1. it's using wep protocol. i got an ip (10.11.220.122). pretty straightforward. 2) I created pptp configuration in /etc/ppp/ directory as instructed and executed "pppd call my_tunnel". it's successful and i got another ip (130.95.97.196) and a remote ip (192.168.0.44) on ppp0 device. 3) I think here's where my problem is - updating the routing table. I'm not sure which ip pairs I should route. There're a few different suggestions I found on the web but none works. so, basically, i need to know what I should add to the routing table. 4) my checking point is the browser - I mean, if everything goes well, my browser should be able to connect to the proxy server for internet access. so far, no matter what i put in the routing table (based on what i read), the browser can't get to the proxy server. it's not dns because the name got resolved (i tried a ping and i can see the ip for the proxy server). help! :p cheers. ADDED: ooh.. i forgot... i'm on Slack-12, if you need to know. |
Code:
/sbin/ip add route default dev ppp0 |
Quote:
Examples: 1. You got IP 10.11.220.122, route shows "Destination: default, Gateway: 10.11.0.1". 2. You initiated connection to 130.95.97.196, default route remains same. 3.1. You add default route via ppp0 and pptp goes down. 3.2. You add route to 130.95.97.196 via 10.11.0.1, add default route via ppp0. Any connection you trying to initiate goes thru tunnel. 3.3. If you mean HTTP/FTP/SOCKS proxy server: You add route to 130.95.97.196 via 10.11.0.1, then route to your proxy (for example 192.168.0.1) via ppp0. You're connecting to proxy via pptp and directly to any other IP / host, if not through proxy. |
Quote:
|
oooh... i've just realized that i haven't really route 'everything' to the tunnel, right? my internet browser (using the proxy) has absolutely no problems now, but i can't do stuffs like wget and ssh. now, how do i add the default route without killing the ppp0 device (pptp)? whenever i do a "route add default dev ppp0", the device hung up on me :(
|
So, ppp0 is now your default route, you should specify others directly, you may specify subnetworks on 'normal' interface
Code:
/sbin/ip route add 10.0.0.0/32 dev eth1 |
Quote:
If you'll run something like 'route add 130.95.97.196 gw 10.11.0.1 dev eth1' prior to adding default route you should have all the connections with this destination initiated through eth1 with the right gateway. 'default' route will be used if your system won't find any other route to destination, like the one here, so it sholdn't interfere with your pptp connection. I'm quite confused about proxy you're talking about - why using it if you have gateway (130.95.97.196) to the internet? I see two general options here: 1. It is (gateway you're connecting to with pptp) connected to the internet and it allows you to connect anywhere you like - you can just add default route through it and connect anywhere with anything. You don't need to specify proxy servers anywhere (browser included), just the default route. 2. It allows you connect to itself, but it won't let you to connect anywhere - just DNS and PROXY server for example - that's why you've been given address of a proxy server, which is necessary to get into the internet. In this case you have all the limitations (and some advantages, like cache) of a proxy (try reading wiki if you don't know what proxy is) and you'll have to specify that proxy server in any software that supports it, most simple unix utils (like wget) automatically check HTTP_PROXY environment variable for proxy IP / hostname. |
Quote:
Quote:
in any case, i can at least still download through the web links... that's not too bad. thanks for the help guys! |
Quote:
Direct answer to your question depends on your proxy type (HTTP / SOCKS proxy), but since you aren't specifying that you have several ports for your proxy and you already using HTTP proxy on the port you have, the answer is, most likely, "no, you cannot". Most HTTP proxies can be used with other (HTTP-like) protocols like FTP and RSYNC, so most software which can communicate via this protocols can use it, software which uses its own binary protocols cannot. I have Squid proxy server on my second computer (which has internet connection) and use it with all the browsers, ICQ, Rsync, CVS / SVN / GIT (all three mostly have repositories configured with WebDAV, which is pure HTTP), ftp clients / download managers like wget or curl, and probably something else I can't remember) What you can't use through proxy are p2p software like bittorrent, amule, mldonkey or limeware - they have their own file-sharing protocols (bittorrent, ed2k, gnutella, etc), and any games since they have very low-latency bandwidth-consuming protocols, in no way http-compatible, and would be hardly playable through slow proxy connection anyway. In rare cases there are SOCKS proxies which (with the help of special tunneling software) act like pptp tunnel and can be used for everything, but quite resource-consuming and harder to use. Some software, like firefox or SIM IM, have support for it, so you can try connecting to the same proxy/port with socks protocol, I've never seen HTTP/SOCKS proxies on the same port however. |
All times are GMT -5. The time now is 08:02 AM. |