[pptp-server] Local Network

Mark Horn mhorn at intracom.com
Tue May 16 20:44:56 CDT 2000

On Tue, May 16, 2000 at 04:56:40PM -0400, chris wrote:
>So I've been working on VPN all day and although I made some significant
>progress... I am stuck.

I think the problem is IP forwarding.  One way to prove it to yourself is
to open up two windows on the server.  In one window start 

	tcpdump -i ppp0

and in the other window start

	tcpdump -i eth1 host <IP address assigned to pptp client>

Then, start a ping to some machine on the local network other than the
PoPToP server.  I'm betting that you'll see an ICMP echo on ppp0, but not
on eth1.

What this proves is that you're not doing IP forwarding, because the
packet is going in one interface, but not going out the other.

>I believe I have IPForwarding on... I followed the How-To and just rpm'd a
>new kernal... so if the HOW-To told me to just type 'rpm -Uvvh
>kernal-2.2.12-20' then shouldn't that kernal include IPForwarding?

IP forwarding is turned on after the kernel is running.  This is done
by changing a file in /proc To verify that you don't have IP forwarding
turned on, do:

	cat /proc/sys/net/ipv4/ip_forward

If outputs '0' then you have IP forwarding turned off.  To turn it on, do:

	echo 1 > /proc/sys/net/ipv4/ip_forward

Remember, you have to do this as root, and also remember that this will
have to be re-establised after every reboot.  Right now I'm sitting in
front of a Debian box.  Off the top of my head I don't remember how to
do that in Red Hat.

You might also want to make sure that pppd is setting up proxy arp for you 
properly.  Do:

	/usr/sbin/arp -n

Make sure that you see something like:

Address                 HWtype  HWaddress           Flags Mask            Iface           *       *                   MP                    eth0

This will verify that you are in fact, doing proxy arp.  Your config
says that you should be doing this, but it's always good to double check.

Good luck.
- Mark

More information about the pptp-server mailing list