[pptp-server] Can't see anything at the other end of the tunn el!

[Cowles, Steve]

> -----Original Message-----
> From: Bob Horton [mailto:bhorton at pneumasoft.com]
> Sent: Sunday, March 12, 2000 4:57 PM
> To: Pptp-Server Mailing List
> Subject: [pptp-server] Can't see anything at the other end of the
> tunnel!
> 
> 
> I'm trying to set up PoPToP to allow me to get from my 
> machine (Win 9x)
> connected to the Internet via cable modem to a Linux box 
> (RedHat 6.1) with
> PoPToP that will allow me to then connect to and use 
> resources on the Lan on
> the other side ("internal") of the Linux box.
> 
> 
> Win 9x --> Internet --> RedHat 6.1 w/ PoPToP --> Destination Lan
> 
> I have gotten it working well enough to allow me to ping the 
> ethernet card
> connected to the destination Lan but I can't seem to go beyond that.
> 
> I have set the IP address of my VPN connection on Win 9x to 
> be in the same
> subnet as the Destination LAN (I hope that was correct).
> 
> IP Addresses are as follows:
> 
> Win 9x          RedHat External    RedHat Internal      LAN
> 24.72.xx.xx     24.72.yy.yy         192.68.0.230         192.68.0.xxx
> 
> VPN "Connector" on Win 9x box
> 192.68.0.231

If I understand the above... your assigning your IP address (statically).
You should set this "server assigned". Let the PopTop server assign the
"remote" IP address. 

> 
> As stated, I can ping 192.68.0.230 but nothing else inside the LAN.
> 
> I have my config file set up with
> speed 115200
> localip 24.72.3.37
> remoteip 192.68.0.230

In order for the remote to be able to communicate with other resources
(PC's/Servers/Printers) on your internal network, pppd must be configured to
do a "proxyarp" on the internal interface. e.g. It must answer arp requests
on behalf of the remote. 

Plus, is the above a type-o?? Is your internal really 192.68 or is it the
standard un-assigned 192.168.x.x??? If the above LAN is masq'd it does not
really matter, until you try to access a "real" WEB site that has a
192.68.x.x address. Just a consistency concern.

Using the above information from your post, your pptp.conf should be set to
the following to allow the internal interface to proxyarp.

speed 115200
localip 192.68.0.230
remoteip 192.68.0.231

When you connect to your PoptTop/pppd server you should see a "similar"
entry as follows... NOTE: Eth0 is my internal interface. Without the "proxy
arp" entry, you will not be able to communicate with the other servers on
your local LAN.

Mar  7 15:35:21 voyager pppd[14442]: found interface eth0 for proxy arp
Mar  7 15:35:21 voyager pppd[14442]: local  IP address 192.168.9.3
Mar  7 15:35:21 voyager pppd[14442]: remote IP address 192.168.9.101

Also, if your server infrastructure is all MS based, then you
/etc/ppp/options file will need to contain the "ms-wins" directive that
points to the IP address of the your WINS server. type: man pppd   for more
info. Without a WINS server, "Network Neighborhood" will be useless at the
remote.

For reference... my /etc/ppp/options is setup like this. Make the
appropriate changes to fit your environment.

lock
auth
ms-dns 192.168.9.3
ms-dns 192.168.9.2
ms-wins 192.168.9.2
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
 
> 
> I also keep getting an error message on the display for the 
> Linux box every
> time I try and connect after the first time saying there are 
> no more ports
> available ... again, I'm not sure why.

This is a "warning" only. Your pptp.conf file is "currently" configured to
only handout 1 IP address, the next person trying to connect to your server
will NOT be assigned an IP address, which is what the warning message is
stating. This is easily fixed by specifying a range of IP's in your
pptp.conf file for the remotes. e.g. 192.168.0.231-235
 
> 
> Any help would be much appreciated.
> 
> Thanks.
> 
> Bob Horton.

Also, if your linux box is a firewall and the PopTop server... you will need
to ACCEPT protocol 47 (gre) and port 1723 on your external interface. If you
have not already done so.

Steve Cowles