[pptp-server] Re: [pptp-server] Using PPTPD & Linux PPTP to setup VPN

tmk tmk at netmagic.net
Thu Jul 8 14:08:47 CDT 1999


without reading in detail (i'm an expert, right? ;) it looks like you want
to do the following:

connect your home box to your work box via pptp (working already)
connect the 2 networks together (not working too well)

here's what you need to do.
turn on ip_forwarding (should already be on if you're masqing)
set up a NON-masq'd route from your local net to your work net
set up a NON-masq'd route from your work net to your local net

let the computers on BOTH networks know that the linux boxes are gateways
(also probably already done)

some specifics:
say your home ip's are 10.0.0.x and work ips are 192.168.0.x, both linux
boxes are x.x.x.1, both netmasks are 24bit (255.255.255.0)

also, let's say that for your pptp connection, the servers have their
respective x.x.x.2 ip addrs for the remote/local ip

so we do a 
route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.0.2
on the work box
and
route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2
on the home box

make sure that those routes are NOT masq'd

this is untested, but sounds right :) if it doesn't work let me know and
i'll figure it out. one thing to try might be switching the gateway  ip's

Kevin

On Thu, 8 Jul 1999, Jim Morris wrote:

> Hi All,
> 
> I am trying to setup a "Virtual Private Network" across the Internet,
> between my home LAN and the office LAN.  Both ends use Linux servers
> and IP masquerading to connect to the Internet. I use the DYNIP.COM
> service to associate a known DNS name with the office network.
> 
> Before anyone suggests alternative methods to setup a VPN, let me say
> that I am trying it with PPTPD because it seems to be the only
> possibility I've thought of that does not require a known *FIXED* IP
> address on both ends of the VPN.
> 
> So far, PPTPD works great to let me dialup my local ISP using my Win98
> PC, and then use a PPTP adapter to connect to the office LAN.
> However, it seems to me that if I use the PPTP program under Linux, I
> should be able to connect *ALL* my home PC's (3) to the office LAN, at
> the same time that I am doing IP Masquerading to the Internet on both
> ends.
> 
> So far, I've tried to do this with limited success.  I can ping a
> machine the internel network at the office from a PC on my LAN at
> home.  However, anything beyond that is pretty flakey. I.e. stuff like
> telnet works somewhat, but for the most part, I can establish a
> connection, but as soon as I try anything that transfers much data
> (like even doing an "ls" in ftp), the connection dies, and ftp or
> telnet exit.
> 
> I somehow think this is related to my firewall rules for Masquerading
> and forwarding.  If I look at the active masquerading connections here
> at home, using "ipchains -M -L", it shows the ftp or telnet connection
> - whereas I would think that should not be masquerading.  I have setup
> routes to the 2 networks manually, if that matters.  My goal is to
> write some kind of script that will automate this on both ends
> somehow. I.e. the client side connects to the PPTPD server system on
> the Internet by running a script that sets up the routes, etc, for
> both ends (possibly using rcmd or something to do the server side
> route).
> 
> Has anyone set anything like this up?  If so, I would be interesting
> in seeing how you setup the firewall/masquerading rules using ipchains
> or ipfwadm (I have Linux 2.2 at home, but Linux 2.0.36 at work).
> 
> If this is impossible, I would like to know that too! ;-)
> 
> Thanks!  And I can provide more info if need be.
> 
> 
>  --
> A nuclear war can ruin your whole day.
>  --
>  --
> /------------------------------------------------\
> | Jim Morris  | Business:  jmorris at rtc-group.com |
> |             | Personal:  Jim at Morris.net        |
> |------------------------------------------------|
> |    World Wide Web:  http://Jim.Morris.net      |
> |       AOL Instant Messenger:  JFM2001          |
> \------------------------------------------------/
> 
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 





More information about the pptp-server mailing list