http://www.linuxquestions.org/questi...hreadid=138307
http://www.linuxquestions.org/questi...threadid=47354
These are two threads with some of the headaches I had with routing of the Poptop VPN I installed.
Of course I use debian and not suse, although suse is a great distro, I just prefer debian based distros. Now to help you with your VPN problem.
First here is my current pptpd.conf file contents it is stock and should be similar or same to the one installed by default on your machine. Simply adjust the IP addresses for your LAN and don't use the same remote and local ip addresses
################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 0.9.12
#
################################################################################
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options
# TAG: debug
#
# Turns on (more) debugging to syslog
#
#debug
# TAG: localip
# TAG: remoteip
#
# Specifies the local and remote IP address ranges.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
localip 192.168.0.10-20
remoteip 192.168.0.20-30
#localip 10.0.1.1
#remoteip 10.0.1.2-100
Next this is my pptpd-options file I have disabled proxyarp (because I found this caused my inability to route the traffic to other computers on my LAN) and I have enabled MD5 Chap authentication this suits it for my purposes. I never botheres to compile encryption into my kernel as I usually tunnel it through an ssh session when I use it on rare occasion. Now if I recall the MPPE encryption is in the more recent PPP versions and does not need to be compiled into the kernel. However, do not quote me on this, and one problem you may be having is that you need to compile the encryption into the kernel. Now I do know through my research their are some precompiled kernels with the encryption compiled in it (I couldn't find one because my server is on a mac could only locate kernels for x86) You maight be using a 2.6.x version kernel and I do not know if there are any 2.6.x kernels compiled with the encryption support, and you may have to compile your own. With all that mouthful said here is the working options file.
## SAMPLE ONLY
## CHANGE TO SUIT YOUR SYSTEM
## turn pppd syslog debugging on
#debug
## change 'servername' to whatever you specify as your server name in chap-secrets
name servername
## change the domainname to your local domain
domain scheidel21.net
## these are reasonable defaults for WinXXXX clients
## for the security related settings
auth
require-chap
#require-chapms
#require-chapms-v2
#+chap
##### ATTENTION #######
# These options are disabled because the stock Debian kernel as well as the
# pppd package do not support MPPE encryption. But it is recommended to patch
# your kernel and use a pppd with MPPE support if you use this package. Without
# these options, PPTP can not be considered to be safe.
##+chapms
##+chapms-v2
##mppe-40
##mppe-128
##mppe-stateless
## Fill in your addresses
ms-dns 192.168.0.3
ms-wins 192.168.0.3
## Fill in your netmask
netmask 255.255.255.0
## some defaults
nodefaultroute
#proxyarp
lock
Now last the secrets file the CHAP sevrets file contains our users, the servername, the password, and a static IP if we wish to assign by username, as I do.
# Secrets for authentication using CHAP
# client server secret IP addresses
scheidel21 * password 192.168.0.6
scheidel22 * password 192.168.0.7
haldodgers * password 192.168.0.8
bakermedic1 * password 192.168.0.9
password is actually the password for each user didn't want to let you have em sorry...lol
Some things to try.....disable all of your MPPE encryptions in your options file. Then restart pptpd daemon. attempt to connect to your VPN server with a windows machine on your LAN and disable the require encryption option, in XP it is located under properties --> security tab, then select advanced and click the setting button.
make sure you enbale MD5 CHAP authentication and change the drop down box to allow unencrypted sessions.
if you can connect to your vpn server this way with the username password combo from your chap file then likely your culprit is encryption.
Also ensure that your username and password are exactly as in the chaps file, as they are case sensitive and will not let oyu logon with the wrong case.
Good luck let us know what happens anyhting else I can try to do to help let me know.
Alex
