[pptp-server] One last problem...

Phil Verghese philv at ridgerun.com
Fri Jul 14 10:17:44 CDT 2000


Make sure that /proc/sys/net/ipv4/ipforward contains a 1 on the server
machine.  If it doesn't, change it, and put this line in your rc.local
echo 1 > /proc/sys/net/ipv4/ipforward

Phil

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Colin Coe
> Sent: Friday, July 14, 2000 2:32 AM
> To: 'pptp-server at lists.schulte.org'
> Subject: RE: [pptp-server] One last problem...
>
>
>
> Maybe the last post was misleading...  this laptop has no network
> card.  It
> has a modem which is used to dial to an ISP, from the ISP a VPN connection
> is made to the office firewall.  Once the laptop has connected to the
> firewall using VPN, we can ping the firewall but nothing else.
>
> The thing that confuses me is that our internal LAN is
> essentially class B,
> and I can not get Win98 to start up with any netmask other than
> 255.255.255.0 (class C).
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of David Bebout
> Sent: Friday, July 14, 2000 3:34 PM
> To: Colin Coe; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] One last problem...
>
> "Use default gateway on remote network" in the TCP/IP Settings menu under
> Properties of your VPN connection is checked.  This option adds a new
> default route, metric 1, with your VPN server as the gateway when you make
> the VPN connection. Windows then lowers the ISP default route to metric 2.
>
> The "Use default gateway" option is advantageous if the VPN
> connects you to
> multiple remote networks.  Without it you're only connected to the VPN
> subnet.  With the correct firewall rules, the VPN server can allow regular
> Internet traffic while allowing access to multiple remote networks.
>
> > Connect to VPN, can no longer connect to web, can ping firewall but not
> any
> > other hosts on the LAN.
>
> Check that you can still ping other hosts on the LAN.  Usually the new
> default route messes up Windows networking browse list in Network
> Neighborhood, but I suspect that your actual LAN access was never
> interrupted.
>
> > #mppe-40        # Deny 40 bit security
> > mppe-128
>
> Does this setup show actual mppe 128 connections in your syslog,
> and if so,
> how?
>
> David Bebout
> db at dataengines.com
>
> ----- Original Message -----
> From: "Colin Coe" <Colinc at method.com.au>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, July 13, 2000 10:37 PM
> Subject: [pptp-server] One last problem...
>
>
> >
> > Ok, so we're almost all the way there.  Here is my problem.
> >
> > Setup laptop with win98.  Configure to laptop to logon to
> domain.  Install
> > modem, dialup adapter, VPN, and dialup adapter #2.
> > Create dialup networking entry to connect to ISP, and another for
> connecting
> > to firewall with PoPToP configured.
> > Connect to ISP, can now access web
> > Connect to VPN, can no longer connect to web, can ping firewall but not
> any
> > other hosts on the LAN.
> >
> > I suspect the problem is the routing table in Win98.  Interestingly
> though,
> > once VPN is up I can ping the PC's VPN IP (ie 192.168.8.101) but not the
> > server's VPN IP (ie 192.168.8.1).  Even though I have specified in
> > /etc/ppp/options that the netmask is 255.255.0.0, Win98 always
> uses a mask
> > of 255.255.255.0
> >
> > Any ideas?
> >
> > Win98 routing table (connected to ISP and VPN):
> > Network Address Subnet Mask Gateway Interface
> > Metric
> > 0.0.0.0 0.0.0.0 192.168.8.102 192.168.8.102 1
> > 0.0.0.0 0.0.0.0 202.61.239.232 202.61.239.232 2
> > 127.0.0.0 255.0.0.0 127.0.0.1
> > 127.0.0.1 1
> > 192.168.8.0 255.255.255.0 192.168.8.102 192.168.8.102 1
> > 192.168.8.102 255.255.255.255 202.61.239.232 202.61.239.232 1
> > 202.61.239.0 255.255.255.0 202.61.239.232 202.61.239.232 2
> > 202.61.239.232 255.255.255.0 127.0.0.1 127.0.0.1
> > 1
> > 202.61.239.255 255.255.255.255 202.61.239.232 202.61.239.232 1
> > 203.59.136.94 255.255.255.255 202.61.239.232 202.61.239.232 1
> > 224.0.0.0 244.0.0.0 192.168.8.102
> > 192.168.8.102 1
> > 224.0.0.0 244.0.0.0 202.61.239.232
> > 202.61.239.232 1
> >
> > Firewall routing table (when laptop connected via VPN):
> > Destination     Gateway         Genmask         Flags   MSS Window  irtt
> > Iface
> > 192.168.0.1     0.0.0.0         255.255.255.255 UH        0 0          0
> > eth1
> > 203.59.136.94   0.0.0.0         255.255.255.255 UH        0 0          0
> > eth0
> > 192.168.8.102   0.0.0.0         255.255.255.255 UH        0 0          0
> > ppp0
> > 203.59.136.92   0.0.0.0         255.255.255.252 U         0 0          0
> > eth0
> > 192.168.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> > eth1
> > 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0
> lo
> > 0.0.0.0         203.59.136.93   0.0.0.0         UG        0 0          0
> > eth0
> >
> > /etc/pptpd.conf:
> > speed 115200
> > option /etc/ppp/options
> > debug
> > localip 192.168.8.1-20
> > remoteip 192.168.8.101-120
> > listen 203.59.136.94
> > pidfile /var/run/pptpd.pid
> >
> > /etc/ppp/options:
> > lock
> > netmask 255.255.0.0
> > debug
> > auth
> > -chap           # Deny standard CHAP - unsecure
> > proxyarp
> > -chapms         # Deny standard MS-CHAP - unsecure
> > +chapms-v2
> > #mppe-40        # Deny 40 bit security
> > mppe-128
> > mppe-stateless
> >
> > Colin Coe
> > Systems Administrator
> >
> > M E T H O D  +  M A D N E S S
> > ........................................www.method.com.au
> >
> > 1st Flr Churchill Court               Ph: +(08) 9388 6100
> > 331 Hay Street                        Fx: +(08) 9380 6537
> > Subiaco, WA 6008
> >
> > Disclaimer...............................................
> >
> > E-mail is not secure and there is a risk that messages
> > may be corrupted in transmission. We will send you a
> > written confirmation of this message, if you send us a
> > specific written request for such confirmation.
> >
> > This e-mail is intended only for the use of the
> > individual or entity named above and may contain
> > information that is confidential or privileged. If you
> > are not the intended recipient, you are hereby notified
> > that any dissemination, distribution or copying of this
> > e-mail is strictly prohibited. If you have received this
> > e-mail in error, please notify us immediately by return
> > e-mail or telephone (08) 9388 6100 and destroy the
> > original message. Thank you.
> >
> > .........................................................
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>




More information about the pptp-server mailing list