[pptp-server] Local Network
Mark Horn
mhorn at intracom.com
Tue May 16 20:44:56 CDT 2000
On Tue, May 16, 2000 at 04:56:40PM -0400, chris wrote:
>So I've been working on VPN all day and although I made some significant
>progress... I am stuck.
I think the problem is IP forwarding. One way to prove it to yourself is
to open up two windows on the server. In one window start
tcpdump -i ppp0
and in the other window start
tcpdump -i eth1 host <IP address assigned to pptp client>
Then, start a ping to some machine on the local network other than the
PoPToP server. I'm betting that you'll see an ICMP echo on ppp0, but not
on eth1.
What this proves is that you're not doing IP forwarding, because the
packet is going in one interface, but not going out the other.
>I believe I have IPForwarding on... I followed the How-To and just rpm'd a
>new kernal... so if the HOW-To told me to just type 'rpm -Uvvh
>kernal-2.2.12-20' then shouldn't that kernal include IPForwarding?
IP forwarding is turned on after the kernel is running. This is done
by changing a file in /proc To verify that you don't have IP forwarding
turned on, do:
cat /proc/sys/net/ipv4/ip_forward
If outputs '0' then you have IP forwarding turned off. To turn it on, do:
echo 1 > /proc/sys/net/ipv4/ip_forward
Remember, you have to do this as root, and also remember that this will
have to be re-establised after every reboot. Right now I'm sitting in
front of a Debian box. Off the top of my head I don't remember how to
do that in Red Hat.
You might also want to make sure that pppd is setting up proxy arp for you
properly. Do:
/usr/sbin/arp -n
Make sure that you see something like:
Address HWtype HWaddress Flags Mask Iface
192.168.0.154 * * MP eth0
This will verify that you are in fact, doing proxy arp. Your config
says that you should be doing this, but it's always good to double check.
Good luck.
- Mark
More information about the pptp-server
mailing list