[pptp-server] VPN from Win98SE/Cable modem to pptpd/RH6.1/Internet problem
Nathan Meyers
nmeyers at javalinux.net
Mon Feb 7 10:10:27 CST 2000
Samu Mielonen wrote:
>
> I have a very basic question (?) about pptp daemon setup that I've
> been wrestling with for over a week now.
A bit of additional info would help. While connected through the VPN,
could you capture output from the following 3 commands on the Linux
side:
/sbin/ifconfig
/sbin/route -n
/sbin/arp -a
You don't need to be root to run any of them.
Nathan
>
> My apologies if this is a FAQ - I have ready through most of the
> list archives, but couldn't find (or couldn't understand) a reply
> to my question.
>
> My setup is as follows:
>
> Remote machine: Win98se with cable modem dedicated connection to Internet
> It has dynamic IP (actual non-NAT IP) through DHCP
> from my cable modem isp. Let's call it r.r.r.r.
>
> Local machine: RH6.1 box with pptpd 1.0 on a workplace LAN with direct
> connection to Internet through it's eth0 Interface
> This box has a dedicated (non-NAT IP) l.l.l.l.
>
> What I'm trying to achieve is to have my Win98SE connect to the RH6.1
> pptpd via the cable modem connection, establish a tunnel and route
> ALL (at least initially) IP traffic to that tunnel and then route that
> IP traffic into our workplace network and to the global Internet from
> there.
>
> You might wonder why I want another tunneled IP access, when
> I already have a non-tunneled one through my cable modem, but lets just
> say I have my reasons :)
>
> Currently I can establish the connection to my pptpd (via the cable
> modem) from my Win98se box with the Dial-Up Network connection (through
> the VPN adapter). I'm able to log in to the pptp server and establish the
> connection.
>
> All of my setups have been exactly as guided in the pptp general
> setup and the RH specific setup guide (I'm not using encryption).
> My kernel is compiled and configured to use PPP, but not firewall or
> router specific functions (i.e. in the kernel config).
>
> The only thing I have set up differently is the:
>
> Use default gateway on remote network
>
> Setting that is now ON, so that my all IP traffic goes to the
> tunnel when the tunnel is established. I have also tried
> manual routing from DOS window with the route command and
> problems are the same.
>
> When I have established the Win98SE->PPTPD connection I can see
> from the Win98 VPN adapter dialog that packets go into the tunnel
> (bytes sent increases), but nothing comes back (no bytes received).
>
> I don't know what I'm doing wrong and I'm a TOTAL newbie in
> regards to routing, proxy arp, etc.
>
> I've read in many places that I should have the remote machine's
> address within the same subnet as the eth0 interface IP my local
> (pptp server) machine has.
>
> I've tried both of the following settings in /etc/pptpd.conf
>
> remoteip 192.168.1.234-238 # As described in the pptpd HOWTO
> localip 192.168.0.234-238 # As described in the pptpd HOWTO
>
> remoteip l.l.l.l+1 # A free IP from my local network
> localip l.l.l.l # my RH6.1 box's actual dedicated IP
>
> Neither set up works.
>
> Here is part of a log from an example session (using the first of
> the above two remoteip/localip setups).
>
> This below /var/log/pptpd is actually part of a debug I did
> with a client machine within our workplace LAN network along with
> the pptp server on the same network (thus now cable connection
> in this setup). The log is the same when I try the cable modem
> machine (just one ip changes).
>
> In the below log, my Win98 box is 128.214.124.181 and the
> server is samu1 (128.214.132.154). These both are the actual
> (non-tunnel) IP addresses of the specific machines.
>
> Feb 7 15:24:56 localhost pptpd[2829]: CTRL: Client 128.214.124.181
> control connection started
>
> Feb 7 15:24:56 localhost pptpd[2829]: CTRL: Starting call (launching
> pppd, opening GRE)
>
> Feb 7 15:24:56 localhost modprobe: can't locate module char-major-108
>
> Feb 7 15:24:56 localhost pppd[2830]: pppd 2.3.10 started by root, uid 0
>
> Feb 7 15:24:56 localhost pppd[2830]: Using interface ppp0
>
> Feb 7 15:24:56 localhost pppd[2830]: Connect: ppp0 <--> /dev/pts/1
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap MD5> <magic 0x6091fb6e> <pcomp> <accomp>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [LCP ConfReq id=0x1 <asyncmap
> 0xa0000> <magic 0xd5a5b9> <pcomp> <accomp> <callback CBCP>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [LCP ConfRej id=0x1 <callback
> CBCP>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [LCP ConfAck id=0x1 <asyncmap
> 0x0> <auth chap MD5> <magic 0x6091fb6e> <pcomp> <accomp>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [LCP ConfReq id=0x2 <asyncmap
> 0xa0000> <magic 0xd5a5b9> <pcomp> <accomp>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [LCP ConfAck id=0x2 <asyncmap
> 0xa0000> <magic 0xd5a5b9> <pcomp> <accomp>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CHAP Challenge id=0x1
> <0546ce70f2deb27f6a4683873817d134988d77ae1e0c52e1c78c0b92e3c2a0c3cbdcb6edc7898b17f1>,
> name = "servername"]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CHAP Response id=0x1
> <bacd954f722779103df6007e0b49d645>, name = "samu"]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CHAP Success id=0x1 "Welcome
> to samu1."]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [IPCP ConfReq id=0x1 <addr
> 192.168.0.235> <compress VJ 0f 01>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CCP ConfReq id=0x1 <deflate
> 15> <deflate(old#) 15> <bsd v1 15>]
>
> Feb 7 15:24:56 localhost pppd[2830]: CHAP peer authentication succeeded
> for samu
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [IPCP ConfReq id=0x1 <addr
> 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
> 0.0.0.0>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [IPCP ConfRej id=0x1 <ms-dns1
> 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CCP ConfReq id=0x1 < 12 06 01
> 00 00 01> < 11 05 00 01 04>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CCP ConfRej id=0x1 < 12 06 01
> 00 00 01> < 11 05 00 01 04>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [IPCP ConfRej id=0x1 <compress
> VJ 0f 01>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [IPCP ConfReq id=0x2 <addr
> 192.168.0.235>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CCP ConfRej id=0x1 <deflate
> 15> <deflate(old#) 15> <bsd v1 15>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CCP ConfReq id=0x2]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [IPCP ConfReq id=0x2 <addr
> 0.0.0.0>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [IPCP ConfNak id=0x2 <addr
> 192.168.1.235>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CCP ConfReq id=0x2]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CCP ConfAck id=0x2]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [IPCP ConfAck id=0x2 <addr
> 192.168.0.235>]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CCP ConfAck id=0x2]
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [IPCP ConfReq id=0x3 <addr
> 192.168.1.235>]
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [IPCP ConfAck id=0x3 <addr
> 192.168.1.235>]
>
> Feb 7 15:24:56 localhost pppd[2830]: Cannot determine ethernet address
> for proxy ARP
>
> Feb 7 15:24:56 localhost pppd[2830]: local IP address 192.168.0.235
>
> Feb 7 15:24:56 localhost pppd[2830]: remote IP address 192.168.1.235
>
> Feb 7 15:24:56 localhost pppd[2830]: Script /etc/ppp/ip-up started (pid
> 2832)
>
> Feb 7 15:24:56 localhost pppd[2830]: rcvd [CCP TermReq id=0x3]
>
> Feb 7 15:24:56 localhost pppd[2830]: CCP terminated by peer
>
> Feb 7 15:24:56 localhost pppd[2830]: sent [CCP TermAck id=0x3]
>
> Feb 7 15:24:56 localhost pppd[2830]: Compression disabled by peer.
>
> Feb 7 15:24:56 localhost pppd[2830]: Script /etc/ppp/ip-up finished (pid
> 2832), status = 0x0
>
> Feb 7 15:26:30 localhost pppd[2830]: rcvd [LCP TermReq id=0x3]
>
> Feb 7 15:26:30 localhost pppd[2830]: LCP terminated by peer
>
> Feb 7 15:26:30 localhost pppd[2830]: Script /etc/ppp/ip-down started (pid
> 2862)Feb 7 15:26:30 localhost pppd[2830]: sent [LCP TermAck id=0x3]
>
> Feb 7 15:26:30 localhost pptpd[2829]: CTRL: Error with select(), quitting
>
> Feb 7 15:26:30 localhost pptpd[2829]: CTRL: Client 128.214.124.181
> control connection finished
>
> Feb 7 15:26:30 localhost pppd[2830]: Modem hangup
>
> Feb 7 15:26:30 localhost pppd[2830]: Connection terminated.
>
> Feb 7 15:26:30 localhost pppd[2830]: Connect time 1.6 minutes.
>
> Feb 7 15:26:30 localhost pppd[2830]: Sent 378 bytes, received 4251 bytes.
>
> Feb 7 15:26:30 localhost pppd[2830]: Waiting for 1 child processes...
>
> Feb 7 15:26:30 localhost pppd[2830]: script /etc/ppp/ip-down, pid 2862
>
> Feb 7 15:26:30 localhost pppd[2830]: Script /etc/ppp/ip-down finished
> (pid 2862), status = 0x0
>
> Feb 7 15:26:30 localhost pppd[2830]: Exit.
>
> In the local LAN example (above) I'm able to ping all local
> 128.214.x.x addresses successfully once the tunnel is up, but any
> outside network ip address gives me "Request timed out" in DOS ping.
>
> Likewise, if I use a web browser, I can browse our local LAN
> www-server, but any outside link does not work.
>
> Can anybody from the above script tell me why I can't get my
> connection up in such a manner that it sends/receives ip-packets
> properly and reroutes them to our workplace LAN and the outside
> Internet via the pptpd tunnel?
>
> If this indeed is a FAQ, I would appreciate pointers to earliers
> answers or some documents a mere layman could understand. I've
> been trying to educate myself on this matter myself, but it seems
> I've ran out of steam on my own.
>
> Any help would be appreciated.
>
> Best regards,
> Samu Mielonen
>
> PS Just for the sake of completeness, my ppp/options and pptpd.conf files:
>
> /etc/ppp/options
> ================
> lock
> debug
> name servername
> auth
> require-chap
> proxyarp
>
> # Please don't tell me that I don't need to use proxyarp. I have no
> # idea what that means - I don't know what else to use and HOW to use it
>
> /etc/pptpd.conf
> ===============
> localip 192.168.0.234-238
> remoteip 192.168.1.234-238
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
More information about the pptp-server
mailing list