[pptp-server] pptpd connection established - ping not working!
Ron Cresswell
cresswell at comcen.com.au
Sat Nov 4 18:32:24 CST 2000
Hi Folks, sorry about the length of this email but I figured it was
preferable to have too much info than too little.
Two things (at least) not working on my connection at the moment. Doubt
if they are related, but they might be.
Once the connection is established, I can't ping a machine behind the
server, although I can ping the server quite happily (this is my current
main concern)
Second, I am (for the moment) adding the routing tables by hand after
the connection comes up, because the server end doesn't seem to be
executing /etc/ppp/ip-up.local after the ppp link is established, even
though that's what RedHat is supposed to do.
my connection is VPN-client (jabba) -> firewall (hades) -> internet ->
firewall (cerberus) -> VPN-server (ghost). I am trying to ping from the
VPN client to a machine in the subnet of the VPN server.
IP-forwarding is switched on on both VPN-client and VPN-Server, both of
which are running a "server" install of RedHat 6.2. I am trying to
connect two subnets (203.7.194.0/25 and 203.7.194.128/26) via the pptp link.
Now the routing tables look symmetric (see below), but if I try a
traceroute from client machine to "machine in subnet of server" I get:
traceroute to zaphod.compumod.com.au (203.7.194.169), 30 hops max, 38
byte packets
1 ghost-VPN.compumod.com.au (203.7.194.159) 451.431 ms 333.927 ms
369.523 ms
2 * * *
3 * * *
Whereas, if I try a traceroute from the server machine to "machine in
subnet of client" I get this:
traceroute to swami.compumod.com.au (203.7.194.30), 30 hops max, 38 byte
packets
1 * * *
Does this make sense to anyone? It sounds as though the routing tables
aren't right, but see below -
Once the link is up, my routing tables look like this:
On Jabba (the client):
Destination Gateway Genmask Flags Metric Ref Use
Iface
ghost-VPN.compu * 255.255.255.255 UH 0 0 0 ppp0
jabba * 255.255.255.255 UH 0 0 0 eth0
ghost.compumod. hades.syd.compu 255.255.255.255 UGH 0 0 0 eth0
203.7.194.0 * 255.255.255.128 U 0 0 0 eth0
203.7.194.128 * 255.255.255.128 U 0 0 0 ppp0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default hades.syd.compu 0.0.0.0 UG 0 0 0 eth0
On Ghost (the server), the routing table looks like this:
Destination Gateway Genmask Flags Metric Ref Use
Iface
jabba.compumod. cerberus.compum 255.255.255.255 UGH 0 0 0 eth0
jabba-VPN.compu * 255.255.255.255 UH 0 0 0 ppp0
ghost.compumod. * 255.255.255.255 UH 0 0 0 eth0
203.7.194.0 * 255.255.255.128 U 0 0 0 ppp0
203.7.194.128 * 255.255.255.128 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default cerberus.compum 0.0.0.0 UG 0 0 0 eth0
So my pptp IP addresses are on the local subnet (as recommended to get
around the proxyarp problem, which I don't understand anyway so
allocated ips on the local subnets) - jabba has an IP address of
203.7.194.33 and its VPN ip address is 203.7.194.34. Simliar with ghost
and ghost-VPN - 203.7.194.163 and 203.7.193.159.
an "ifconfig" on each box shows the following for the ppp0 connection:
on ghost
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.7.194.159 P-t-P:203.7.194.34 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:114 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
on jabba:
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.7.194.34 P-t-P:203.7.194.159 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
I'm getting very close to abandoning pptp in favour of starting from
scratch with another approach (although I don't really have time to do
that either!). Any thoughts?
Ron
More information about the pptp-server
mailing list