[pptp-server] Newbie question

Cowles, Steve Steve.Cowles at gte.net
Tue Feb 29 13:44:31 CST 2000 

 

-----Original Message-----
From: Jose Miguel Varet [mailto:varet at esatt.com]
Sent: Tuesday, February 29, 2000 10:08 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Newbie question


Hello all,
 
I'm fairly new to PopTop/VPNs, and I must say that I've found the VPN
technical concept to be a fascinating one. Right now I'm finishing a PopTop
installation on a linuxbox which has a permanent connection via cablemodem,
trying to emulate the pptd posibilities of a Win2000 server; that includes
the ability to assign local IP addresses to incoming clients from a specific
range. In fact, my case is a simple one, with no masq'ing/firewalling issues
:
 
 
 
    Private Subnet   <------>             Eth0                Eth1
<-------->              PPTP Client
   192.168.1.2-128                 192.168.1.1        212.79.128.150
xxx.yyy.www.zzz
 
------------------------------------------
--------------------------------------------
                                                       LINUXBOX / PopTop
Internet
 
 
Althought this is a very simple configuration, I've got some newbie/dumb
questions about this story... perhaps some of you would find five minutes to
drop me a few lines about them :
 
a) IP assignment to remote clients : AFAIK, this is controlled via the
"remoteip" directive in /etc/pptpd.conf. In my config example, this would be
"remoteip 192.168.1.129-150" to allow a maximum of 21 concurrent incoming
clients. 'till now, allright. But, what in the heavens is the "localip"
directive used for ? Specifing the local interface in which poptop is
listening for the incoming pptp connections? (if so, this would be eth1,
212.79.128.150) or perhaps the interface which is gonna be used for talking
to the private subnet ? (in this case, 192.168.1.2).  Sorry, but I cannot
figure out what this directive means. And what's more arcane for me :-) ,
what does a "localip" diretive with a range do? ("localip a.b.c.1-20", for
example). 
 
I use the internal address for the local IP. That way when you establish a
pptp connection (like over the internet to the external address) the
internal interface will act as a proxy for arps for your remote IP address.
e.g.. the proxyarp directive in /etc/ppp/options.
 
To be honest, I have never configured the localip directive for multiple
IP's. Just the remote IP.
 
b) Netbios broadcasts not travelling down a ppp link : Ok, we all knew that
netbios is a non-routable protocol, so this is no surprise... instead of
installing a samba as a master domain controller, there's a "real" NT server
inside the private subnet (192.168.1.2). Could I log onto that machine in
order to take advantage of its WINS server and shares ? 
 
To me... netbios is "routable" if bound to TCP/IP, netbui is NOT. What I do
is specify a "ms-wins" directive in my /etc/ppp/options file at the PopTop
server. That way, browsing and domain logins will occur across the pptp
link. When I'm out of town, I connect into a local ISP provider (using NT
Workstation on my laptop) then I create a pptp connection to the external
address of my linux based firewall which is also running PopTop. BTW: My
internal network is 192.168.9.0/24. On the internal network is a NT PDC
which is also running Exchange Server, WINS, etc.... When the pptp link is
brought up, the WINS server is set (at the remote side) and then my system
will login to my NT Domain. This allows me to run apps like MS Outlook
(exchange server), Server Manager, DHCP manager, WINS manager and properly
authenticate for network resources such as printer/shares on my internal
network. In short, its as if my laptop was directly connected to the LAN
(using a ethernet NIC). All of this is possible, because the WINS server
returns the PDC record when queried by the remote and is also the "master
browser".
 
The odd part that I have not figured out... is when I use "network
neighborhood" on my laptop, I see all systems on the remote network
(including mine). But users on the local network cannot see my laptop when
they use "network neighborhood". But they can attach shares on my laptop (by
name). In fact, when I used WINS admin, I saw that my laptop had properly
registered with the WINS server. e.g.. show database. Furthermore, NT's
server manager shows that my workstation is active (lit up). When I select
my workstation, it shows the open resources that are currently in use.
 
c) For the last one, the $1M question (at least for me... I've found no info
about this anywhere). While netbios broadcasts won't travel down... will
TCP/IP broadcasts travel "up" from my pptp client to the private subnet ?
The best example I can think of is some of those network-oriented deathmatch
games, like Quake. When you look for game servers, the game client issues a
tcp/ip broadcast to the local subnet. All servers which receive such a
broadcast will answer to the client, so it knows what copmuters are hosting
a game. Let's suppose I want to find a game server from my pptp client. Will
a server placed in, let's say, 192.168.1.30, "listen" that broadcast, and
thus reply to my client ?
 
I don't know. I would have to turn on a packet sniffer to verify.
 
Yes, you'll think these are rather dumb questions, but hey, I'm new to
this... take mercy at me :-)
Many thanks in advance,
 
There is no dumb question when it comes to MS Networking. <grin>
 
                Jose Miguel Varet
                System Administrator - Tech. Dept.
                ATT, Sevilla
    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000229/39ae7e58/attachment.html>

More information about the pptp-server mailing list