VPN network problem

dma8hm1956 · 04-27-2009, 12:38 AM

Hi all,

I am using slackware 12.1 on my desktop.
My problem is that I cannot connect to the VPN server
of my office. Although I have searched all the relevant
threads on this forum, I don't know how to do it.
Any help would be gratefully appreciated.

Thanks

What I have done is:
- ran "netconfig" an chose DHCP as my type of network connection.
- downloaded SlackBuilds of pptp-1.7.2, pptpd-1.3.4, wicd-1.5.4.
and installed all of them successfully.
- as "wicd" could not find /bin/ip, I have linked it to /sbin/ip.
- ran the following commands in order (the logs are listed at the
end of this message.):
$ wicd
$ wicd-client &
$ pptpsetup --create VPN_Network --server 172.16.2.12 \
--username my_username --password my_password \
--encrypt --start

The logs are:

Please note that on Windows XP the VPN network status is:{{{
Device Name: WAN Miniport (PPTP)
Device Type: vpn
Server Type: PPP
Transports: TCP/IP
Authentication: MS CHAP V2
Encryption: MPPE 128
Compression: (none)
PPP multilink framing: Off
Server IP address: 85.185.67.230, 172.16.2.12
Client IP address: 10.0.0.117, 172.32.1.176
}}}

pptpsetup --create VPN_Network --server 172.16.2.12 --username my_username \
--password my_password --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
Cannot determine ethernet address for proxy ARP
local IP address 172.32.1.166
remote IP address 172.16.2.12

$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1d:60:2f:30:5b
inet addr:10.4.5.32 Bcast:10.4.5.255 Mask:255.255.255.0
inet6 addr: fe80::21d:60ff:fe2f:305b/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1525 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:136667 (133.4 KiB) TX bytes:7998 (7.8 KiB)
Interrupt:17 Base address:0x8000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4672 errors:0 dropped:0 overruns:0 frame:0
TX packets:4672 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1020332 (996.4 KiB) TX bytes:1020332 (996.4 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:172.32.1.166 P-t-P:172.16.2.12 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:62 (62.0 B) TX bytes:68 (68.0 B)

$ ip r
172.16.2.12 via 10.4.5.1 dev eth0 src 10.4.5.32
172.16.2.12 dev ppp0 proto kernel scope link src 172.32.1.166
10.4.5.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 10.4.5.1 dev eth0

$ ping 10.4.5.1
PING 10.4.5.1 (10.4.5.1) 56(84) bytes of data.
64 bytes from 10.4.5.1: icmp_seq=1 ttl=255 time=7.88 ms
64 bytes from 10.4.5.1: icmp_seq=2 ttl=255 time=11.7 ms
64 bytes from 10.4.5.1: icmp_seq=3 ttl=255 time=19.6 ms

$ ping www.google.com
ping: unknown host www.google.com

number22 · 04-29-2009, 05:32 AM

You need to bridge your vpn interface with your original/local network, and add your bridge into your routing table.

dma8hm1956 · 04-29-2009, 07:44 PM

Quote:

Originally Posted by number22

You need to bridge your vpn interface with your original/local network, and add your bridge into your routing table.

Many thanks for your reply. How can I do that?

Thanks

number22 · 05-04-2009, 07:54 PM

Quote:

Originally Posted by dma8hm1956

Many thanks for your reply. How can I do that?

Thanks

I used to use Openvpn, and it has very good document, however, you may need to recompile your kernel to enable bridge interface, then you should have bridge-utility in hand,(i forget where you can get it from, either from kernel.org or openvpn).In this files; it has scripts to create proper bridge up. (of course you need modify network number to suit your setup).

Although Openvpn is vpn server software, the idea is still same to setup bridge interface, because vpn is within your internet connections, to put 2 different network to work together, you need bridge.

Once your vpn up and running, your default gateway and routing table must reflect with your vpn setup.
Good luck.

niels.horn · 05-04-2009, 08:09 PM

In Slackware the bridge utilities are included.

Basically you do everything with the brctl command:

Code:

brctl addbr br0       # create bridge br0
brctl addif br0 eth0  # add eth0 to br0
brctl show            # show bridges & interfaces

and:

Code:

man brctl             # show the man page for brctl

dma8hm1956 · 05-18-2009, 07:53 AM

Still I can not connect to the to the VPN server.
After running the commands:
$ brctl addbr br0
$ brctl addif br0 eth0
$ brctl show

the logs are:
$ ifconfig -a
br0 Link encap:Ethernet HWaddr 00:1d:60:2f:30:5b
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth0 Link encap:Ethernet HWaddr 00:1d:60:2f:30:5b
inet addr:10.4.5.32 Bcast:10.4.5.255 Mask:255.255.255.0
inet6 addr: fe80::21d:60ff:fe2f:305b/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1711 errors:0 dropped:0 overruns:0 frame:0
TX packets:97 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:148603 (145.1 KiB) TX bytes:11267 (11.0 KiB)
Interrupt:17 Base address:0xa000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13866 errors:0 dropped:0 overruns:0 frame:0
TX packets:13866 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2205976 (2.1 MiB) TX bytes:2205976 (2.1 MiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:172.32.1.217 P-t-P:172.16.2.12 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:62 (62.0 B) TX bytes:68 (68.0 B)

$ ip r
172.16.2.12 via 10.4.5.1 dev eth0 src 10.4.5.32
10.4.5.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 10.4.5.1 dev eth0

$ ping 10.4.5.1
PING 10.4.5.1 (10.4.5.1) 56(84) bytes of data.
From 10.4.5.32 icmp_seq=2 Destination Host Unreachable
From 10.4.5.32 icmp_seq=3 Destination Host Unreachable

$ ping 10.4.5.32
PING 10.4.5.32 (10.4.5.32) 56(84) bytes of data.
64 bytes from 10.4.5.32: icmp_seq=1 ttl=64 time=0.025 ms
64 bytes from 10.4.5.32: icmp_seq=2 ttl=64 time=0.020 ms

$ ping www.google.com
ping: unknown host www.google.com

+Alan Hicks+ · 05-18-2009, 10:35 AM

Answering your question is going to require a little bit more information, but I suspect that I already know the correct answer.

In order to access the public Internet, do you have to be connected through this VPN? If that's the case, your problem is almost certainly that you've got an incorrect default gateway set. I'd be willing to bet that your default gateway should be via ppp0, not eth0, and that bridging is not the way to fix your problem.

number22 · 05-18-2009, 06:02 PM

ok; i copy and paste my vpn setup. hope it can help.

My bridge-start:

Code:

#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.2.254"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.2.255"

for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc mtu 1460 arp up
done

ifconfig $eth 0.0.0.0 promisc arp up
sleep 1
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast promisc arp up
sleep 1
ifconfig $eth 192.168.2.2 netmask $eth_netmask broadcast 192.168.2.255 promisc arp up
sleep 1
route add default gw 192.168.2.1

My Bridge-stop

Code:

#!/bin/bash

####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged together
tap="tap0"

ifconfig $br down
brctl delbr $br

for t in $tap; do
    openvpn --rmtun --dev $t
done

after you run bridge-start

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 br0

You should replace my eth0 setup with your ppp0. good luck