[pptp-server] I think I have arouting problem - can you help

Cowles, Steve Steve.Cowles at gte.net
Wed Jun 28 18:10:50 CDT 2000 

The problem your describing is usually related to the PPTP/pppd server not
setting its ethernet interface (x.x.x.4) to act as a "proxyarp" for the
remote client, not a routing problem. Although, this problem could be as
simple as IP_FORWARDING not being enabled in the linux kernel. IP_FORWARDING
needs to be enabled to route packets between eth(x) and the ppp devices. 

When you connect from the remote, do the logfiles indicate that pppd found
eth0 or eth1 as a proxyarp for the connection??? 

On my system, a standard client connection generates the following entries
in /var/log/messages. NOTE that line 8  states eth0 will answer arp requests
on behalf of the client at 192.168.9.100. e.g. proxyarp. Without this entry,
you can forget about other nodes on the same network being able to send data
to the remote client.

Jun 28 17:21:29 voyager pppd[6793]: pppd 2.3.10 started by root, uid 0
Jun 28 17:21:29 voyager pppd[6793]: Using interface ppp0
Jun 28 17:21:29 voyager pppd[6793]: Connect: ppp0 <--> /dev/pts/2
Jun 28 17:21:31 voyager kernel: PPP BSD Compression module registered 
Jun 28 17:21:31 voyager kernel: PPP MPPE compression module registered 
Jun 28 17:21:31 voyager kernel: PPP Deflate Compression module registered 
Jun 28 17:21:31 voyager pppd[6793]: MSCHAP-v2 peer authentication succeeded
for COWLES\\scowles
Jun 28 17:21:31 voyager pppd[6793]: found interface eth0 for proxy arp
Jun 28 17:21:31 voyager pppd[6793]: local  IP address 192.168.9.3
Jun 28 17:21:31 voyager pppd[6793]: remote IP address 192.168.9.100
Jun 28 17:21:38 voyager pppd[6793]: MPPE 128 bit, stateless compression
enabled 

The "No Domain Controller Found" error is always due to no WINS server being
specified in your /etc/ppp/options file (ms-wins). FWIW: Your WINS server
should contain the PDC/BDC records so when the client tries to authenticate,
it knows who to ask. e.g. The Domain Controller. If your not running a WINS
server (and you should be!) you will need to construct this PDC/BDC record
in the clients LMHOSTS files. 

Steve Cowles

> -----Original Message-----
> From: Greg Kopp [mailto:gkopp at gregkopp.com]
> Sent: Wednesday, June 28, 2000 10:07 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] I think I have arouting problem - can you help
> 
> 
> I have PoPToP working on my linux box - sort of.
> 
> Here is my configuration:
> 
> We have a class C connect to the internet. I have the Class C 
> routed into a firewall.
> 
> I have one subnet (x.x.x.0/255.255.255.128, hosts 1-126, 
> gw=.1) routed to a Lan network.
> 
> I have another subnet (x.x.x.128/255.255.255.192, hosts 
> 129-190, gw=.129) routed to a DMZ network for web servers
> and such.
> 
> I want to use another subnet (x.x.x.192/255.255.255.248, 
> hosts 193-198) for my remote IP addresses.
> 
> My PPTP server is x.x.x.4
> 
> My /etc/pptp.conf file is:
> 
> localip x.x.x.5
> remoteip x.x.x.193-197
> 
> My /etc/ppp/options file is:
> 
> lock
> debug
> auth
> +chap
> proxyarp
> 
> My /etc/ppp/chap-secrets file is:
> 
> # Secrets for authentication using CHAP
> # client        server  secret  IP addresses
> user   *       pass  *
> 
> I can connect to the PPTP server using my Win98 box and it's 
> built in VPN support. But... When it tries to log me into the
> network (the NT domain) I get an error that it cannot find a
> domain controller. Also, from the remote client, if I ping
> x.x.x.5 (the remote IP) it replies. if I ping x.x.x.4 (the
> PPTP server) it replies. If I ping x.x.x.64 (a server on the 
> LAN) I get no reply. I'm thinking it's a routing issue. So I
> added a manual route to the firewall (route add -net x.x.x.192
> netmask 255.255.255.248 gw x.x.x.4). My assumption is that
> x.x.x.64 could not find a path to the remote host x.x.x.193
> (the remote IP of my VPN client). It should send that packet
> to the firewall, which should (I think?) forward the packet
> back to the LAN, but to x.x.x.4, the PPTP server. I have 
> routing enable on the PPTP server.
> 
> I'm not sure what's holding it up. Any help you could be 
> would be greatly appreciated.
> 
> Greg
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>

More information about the pptp-server mailing list