[pptp-server] Secured Linux host, serving local subnet issue

Wed Dec 8 17:03:08 CST 1999

On Wed, 8 Dec 1999, Paul Hargreaves wrote:

> I've got a Mandrake 6.1 Linux host, and I want to secure all traffic to it,
> regardless of location (either the local subnet or over the internet).
> 
> All of this stuff is at my home, so I can fiddle with impunity.
> 
> Here's where I've got to:
> 
> Linux host: 10.0.0.1/8. dhcpd giving out 10.0.0.2-254/8. Samba listening on
> all interfaces.
> Win98: Using dynamic IP.
> 
> Everything has been working fine, with me adding and removing machines, and
> being able to use Samba with impunity.
> 
> Installed pptpd. Altered the /etc/ppp/options and enabled basic chaps, I'll
> worry about the patches when I get everything working.
> 
> Added vpn support to win98. Altered my chaps-secrets, "Dialed in" (over lan,
> 1 segment) and everything seemed to work.
> 
> Realised that although I was getting a tunnel, I wasn't using it because my
> 98 client can see 10.0.0.1 without vpn, so doesn't use the tunnel.
Try configuring the vpn connection to set the default route. Then any
traffic should be tunneled. Why you want to tunnel on your local lan is
beyond me though..  =)

> 
> Changed the linux box to 10.1.0.1/16, altered dhcpd to serve
> 10.1.0.2-254/16, restarted daemons and used winipcfg to refresh my ip
> addresses. Altered my "dial-in" session to point to the new location, then
> "dialed in". winipcfg now shows an ip address of 10.1.0.2/16 on my adapter,
> and 10.0.0.2/8 on my ppp link. Obviously I don't want 10.0.0.2/8, I want
> 10.0.0.2/16, so looked at the ppp docs and attempted to add in the netmask
> option into the options file, but nothing happened. Tried adding it to
> pptpd.conf, same result.
> 
> So, next idea. Changed pptpd to serve 192.168.0.1 as localip, and
> 192.168.1.1-255 as remoteip. Reconnected, and winipcfg shows everything
> fine. However, if I try to ping 192.168.0.1 from my win98 box, I get
> Destination host unreachable. Pinging it from the linux machine itself
> returns correctly, since I guess once the ppp tunnel is created, the server
> is given another ip address for a while.
> 
> If you've got this far ;) here are my questions:
> 
> 1. Is there any easy way of getting pptpd to serve out an A class IP address
> with the netmask of my choice?
> 2. What is a sensible set of configuration for my setup? I'm planning on
> firewalling my linux machine, and only allowing localnet dhcpd, and remote
> vpn through it. Whenever I use my linux machine at home, I'll vpn over to
> it; it also means that when I'm remote, my configuration should be
> identical, my ISP will set my IP, rather than my dhcp server.
> 

-- 
Nate Carlson <carlson at real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500