[pptp-server] a Cosmetic problem

Joe Polcari Joe at Polcari.com
Wed Dec 5 23:19:39 CST 2001 

Ok, maybe I'm not explaining this clearly.
It looks as though all of you are using your linux firewalls to not only
establish a VPN,
but then allow your windows laptops to make a ppp connection to the firewall
and
magically connect to the VPN. With what you call PopTop?
I think I am doing something different.

I am using my linux firewall also to establish the VPN BUT then I connect the
VPN
to my local network. It looks just like a subnet, thanks to NAT.
My firewall then becomes a gateway to the VPN network in
the same way as it would normally be a gateway to the internet.
I change routes and local nameserver configuration as well so that any
system on my home network can connect to any system, either on my home
network, or the corporate network, simultaneously using hostname or IP address.

This works great except for the http thing, and the fact that I can't browse
the
corporate network, which I don't care about anyway since I can still connect
to any system via ssh and via a \\host\share on windows and any other way you
can think of except http to any url other than the root of the web server and
to the MS Exchange server using Outlook.


"Cowles, Steve" wrote:

> > -----Original Message-----
> > From: Robert Dege [mailto:rcd at amherst.com]
> > Sent: Wednesday, December 05, 2001 9:03 AM
> > To: mattgav at tempo.com.au
> > Cc: pptp-server at lists.schulte.org
> > Subject: RE: [pptp-server] a Cosmetic problem
> >
> >
> > I am not disputing that it is a client problem.  I don't
> > think that it's entirely PopTop's fault.  I guess my question
> > was more geared as this:
> >
> > Is there some way so that when the PPTP connection is made, that the
> > ms-dns entry in my options file is queried first by the client machine
> > instead of the default internet connection DNS servers?
>
> This is not a problem with PPTP, but more with your PPTP clients OS resolver
> libs and how it configures its nameserver search order when the tunnel is
> brought up.
>
> On my Win98 laptop, I have noticed that once I establish a PPTP tunnel and
> then issue a winipcfg, I see that my internal DNS server (the one listed
> with ms-dns) is added to the list of name servers. The odd part is that
> winipcfg shows my ISP's DNS servers *first* and then my internal DNS server.
> Magically though, Win98's resolver libs seem to query  my internal DNS
> server first because when I ping www.mydomain.com, the internal IP address
> is returned, not the external IP address.
> This holds true for WEB access to my intranet servers.
>
> Because I also run a WINS server, I have not had any problems with MS
> Networking related access. Once my laptop finally authenticates against the
> PDC and the browser list is updated to the PPTP client (usually takes about
> 1-2 minutes after I bring up the PPTP tunnel), Outlook properly connects to
> my Exchange server without prompting me to first login.
>
> >
> > Or, can I add a seach domain (search amherst.com) field to the options
> > field to force a local reverse lookup?
>
> I always set the domain search order to include mydomain.com on the PPTP
> clients. Don't really know if this really helps, I just don't like to type
> the FQDN.
>
> >
> > My interpretation is that Windows (98 for this example) queries for
> > intranet.amherst.com on the real world DNS server.... then times out.
> > If I specify the VPN IP, then it works fine.
>
> I have seen this behavior before. Seems like the Windows resolver libs are
> doing a round-robin between all the name servers. i.e. ping www.mydomain.com
> The first ping will return the internal address, then the next ping will
> return the external address. Very irritating!!!
>
> >
> > Joe, why would adding an extra forward slash to the end of a URL make
> > the web browser access the page correctly.  I didn't think that the
> > extra slash at the end had any significance... please elaborate.
>
> I have never had to add a trailing slash to any URL's. If I (or any of my
> customers using PPTP) had to add a trailing slash, they would probably fire
> me for not adhering to the KISS methodology when deploying PPTP
> functionality. i.e. Keep It Simple Stupid! There is something else wrong if
> your having to add a trailing slash to any URL.
>
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list