[pptp-server] network neighborhood HELP!!!

Adam Lang aalang at rutgersinsurance.com
Wed Oct 11 09:10:15 CDT 2000 

As for the IPChains... I don't know... I'm far from an expert... as for the
routing... Your client and your VPN don't need anything specific added to
the routing (that is if your ipchains are setup correctly).  It is the
computers on the other side of the VPN server that need routing... your
internal network.

Here is an example...

Internal network has a VPN server with address 10.10.10.2.  You also have
another computer on that network with address 10.10.10.3.  When your client
connects to the VPN, you set up a network of 192.168.0.200 (server) and
192.168.0.201 (client).

When the client pings 10.10.10.3 or .2, it knows how to talk to it because
your VPN Server knows how to route to those address.  The problem is, the
computer 10.10.10.3 does not know that packets from 192.168.0.x have to be
sent to the VPN server at 10.10.10.3 (because then the VPN server forwards
them to the 192.168.0.x network).

So, for your 10.10.10.3 type computer, you'll add a route that tells it that
192.168.0.0 network packets are forwarded to 10.10.10.2 (the internal IP of
the VPN server).

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
----- Original Message -----
From: "Alan Chung" <alan at silveregg.co.jp>
To: "Adam Lang" <aalang at rutgersinsurance.com>
Sent: Wednesday, October 11, 2000 3:15 AM
Subject: Re: [pptp-server] network neighborhood HELP!!!


> Thanks for your help.
>
> As you mentioned, do I have to add routes on both VPN clients and pptp
> server for them to know each other?  It seems that pptp server alread know
> where client is (since I can ping it) but client doesn't.  I am not sure
> how to add a route on window platform  but it looks like this,
>
> route add [ip] mask [netmask] [gateway]
>
> I have tried this but it doesn't work.
>
> Also I have ipchains rules setup as following,
>
> $REMOTENET = 0/0
> $OUTERIP = IP address of external interface on firewall
> $OUTERNET = $OUTERIP/netmask
> $OUTERIF = external interface of firewall
> $pptp_interip = internal IP address of pptp server
>
>
> #--------------------------
> # port forwarding for 1723
> #--------------------------
> ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723
>
>
> #----------------------
> # redirect protocol 47
> #----------------------
> /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 &
>
>
> #-----------------------
> # ipchains part for VPN
> #-----------------------
>
>
> ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j
ACCEPT
> ipchains -A input -p 47  -s $REMOTENET -d $OUTERNET        -i $OUTERIF -j
> ACCEPT
>
>
> ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j
ACCEPT
> ipchains -A output -p 47  -s $OUTERNET -d $REMOTENET        -i $OUTERIF -j
> ACCEPT
>
>
> Do you have any idea what could be wrong?
>
> Thanks.
>
> Alan
>
> At 午前 09:22 00/10/06 -0400, you wrote:
> >You need to add a route on the internal computers that points to the VPN
> >server fo ryour 192.168.0.0 network.
> >
> >By default, I believe your VPN server should know how to talk to the PPTP
> >client.
> >
> >Also, do you have ipchains setup in your ip-up.local file on the server?
> >
> >Adam Lang
> >Systems Engineer
> >Rutgers Casualty Insurance Company
> >----- Original Message -----
> >From: "Alan Chung" <alan at silveregg.co.jp>
> >To: <pptp-server at lists.schulte.org>
> >Sent: Friday, October 06, 2000 4:28 AM
> >Subject: [pptp-server] network neighborhood HELP!!!
> >
> >
> > > I think I got so close but there was still a bit (big?) problem.
> > >
> > > Now I can dial up to my internal VPN server (running PopTop server on
a
> > > Linux box) from a EXTERNAL window 98 client without any problem, the
> > > connection seems there (ppp0 connection showed by ifconfig with a
remote
> > > IP, let's say 192.168.0.10), and I can ping from any internal machine
to
> > > 192.168.0.10.  But now I have two major problems:
> > >
> > > 1. I can't ping from that win98 VPN  client to any remote internal
> >machine.
> > > (I even tried to add a route for 192.168.0.10 on VPN server). Does it
> > > mean that the ipchains firewalling rules is not correctly setup yet?
But
> > > pinging is not a problem except this though.  I can ping to/from
anywhere
> > > except this.
> > >
> > > 2. I am not able to see/browse any internal machine in network
> > > neighbothood.  (I have set up /etc/ppp/options with ms-wins and ms-dns
in
> > > it to specify WINS server, which is also a NT PDC internally).
> > >
> > > Please give me some advice if anybody knows or has the same
experience.
> > >
> > > Thanks in advance.
> > >
> > > Alan
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list