[pptp-server] One last problem...

David Bebout db at dataengines.com
Fri Jul 14 02:33:56 CDT 2000 

"Use default gateway on remote network" in the TCP/IP Settings menu under
Properties of your VPN connection is checked.  This option adds a new
default route, metric 1, with your VPN server as the gateway when you make
the VPN connection. Windows then lowers the ISP default route to metric 2.

The "Use default gateway" option is advantageous if the VPN connects you to
multiple remote networks.  Without it you're only connected to the VPN
subnet.  With the correct firewall rules, the VPN server can allow regular
Internet traffic while allowing access to multiple remote networks.

> Connect to VPN, can no longer connect to web, can ping firewall but not
any
> other hosts on the LAN.

Check that you can still ping other hosts on the LAN.  Usually the new
default route messes up Windows networking browse list in Network
Neighborhood, but I suspect that your actual LAN access was never
interrupted.

> #mppe-40        # Deny 40 bit security
> mppe-128

Does this setup show actual mppe 128 connections in your syslog, and if so,
how?

David Bebout
db at dataengines.com

----- Original Message -----
From: "Colin Coe" <Colinc at method.com.au>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, July 13, 2000 10:37 PM
Subject: [pptp-server] One last problem...


>
> Ok, so we're almost all the way there.  Here is my problem.
>
> Setup laptop with win98.  Configure to laptop to logon to domain.  Install
> modem, dialup adapter, VPN, and dialup adapter #2.
> Create dialup networking entry to connect to ISP, and another for
connecting
> to firewall with PoPToP configured.
> Connect to ISP, can now access web
> Connect to VPN, can no longer connect to web, can ping firewall but not
any
> other hosts on the LAN.
>
> I suspect the problem is the routing table in Win98.  Interestingly
though,
> once VPN is up I can ping the PC's VPN IP (ie 192.168.8.101) but not the
> server's VPN IP (ie 192.168.8.1).  Even though I have specified in
> /etc/ppp/options that the netmask is 255.255.0.0, Win98 always uses a mask
> of 255.255.255.0
>
> Any ideas?
>
> Win98 routing table (connected to ISP and VPN):
> Network Address Subnet Mask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.8.102 192.168.8.102 1
> 0.0.0.0 0.0.0.0 202.61.239.232 202.61.239.232 2
> 127.0.0.0 255.0.0.0 127.0.0.1
> 127.0.0.1 1
> 192.168.8.0 255.255.255.0 192.168.8.102 192.168.8.102 1
> 192.168.8.102 255.255.255.255 202.61.239.232 202.61.239.232 1
> 202.61.239.0 255.255.255.0 202.61.239.232 202.61.239.232 2
> 202.61.239.232 255.255.255.0 127.0.0.1 127.0.0.1
> 1
> 202.61.239.255 255.255.255.255 202.61.239.232 202.61.239.232 1
> 203.59.136.94 255.255.255.255 202.61.239.232 202.61.239.232 1
> 224.0.0.0 244.0.0.0 192.168.8.102
> 192.168.8.102 1
> 224.0.0.0 244.0.0.0 202.61.239.232
> 202.61.239.232 1
>
> Firewall routing table (when laptop connected via VPN):
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 192.168.0.1     0.0.0.0         255.255.255.255 UH        0 0          0
> eth1
> 203.59.136.94   0.0.0.0         255.255.255.255 UH        0 0          0
> eth0
> 192.168.8.102   0.0.0.0         255.255.255.255 UH        0 0          0
> ppp0
> 203.59.136.92   0.0.0.0         255.255.255.252 U         0 0          0
> eth0
> 192.168.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth1
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0
lo
> 0.0.0.0         203.59.136.93   0.0.0.0         UG        0 0          0
> eth0
>
> /etc/pptpd.conf:
> speed 115200
> option /etc/ppp/options
> debug
> localip 192.168.8.1-20
> remoteip 192.168.8.101-120
> listen 203.59.136.94
> pidfile /var/run/pptpd.pid
>
> /etc/ppp/options:
> lock
> netmask 255.255.0.0
> debug
> auth
> -chap           # Deny standard CHAP - unsecure
> proxyarp
> -chapms         # Deny standard MS-CHAP - unsecure
> +chapms-v2
> #mppe-40        # Deny 40 bit security
> mppe-128
> mppe-stateless
>
> Colin Coe
> Systems Administrator
>
> M E T H O D  +  M A D N E S S
> ........................................www.method.com.au
>
> 1st Flr Churchill Court               Ph: +(08) 9388 6100
> 331 Hay Street                        Fx: +(08) 9380 6537
> Subiaco, WA 6008
>
> Disclaimer...............................................
>
> E-mail is not secure and there is a risk that messages
> may be corrupted in transmission. We will send you a
> written confirmation of this message, if you send us a
> specific written request for such confirmation.
>
> This e-mail is intended only for the use of the
> individual or entity named above and may contain
> information that is confidential or privileged. If you
> are not the intended recipient, you are hereby notified
> that any dissemination, distribution or copying of this
> e-mail is strictly prohibited. If you have received this
> e-mail in error, please notify us immediately by return
> e-mail or telephone (08) 9388 6100 and destroy the
> original message. Thank you.
>
> .........................................................
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>

More information about the pptp-server mailing list