[pptp-server] a Cosmetic problem

Jerry Vonau jvonau at home.com
Thu Dec 6 21:51:20 CST 2001


Joe:

Well I'll try to explain..

The web server on the lan see the pptp server's lan card has
a mtu of 1500,
but if it sends the max of 1500 then it will not fit into
the ppp frame. 
There is overhead involved with the encapsulation, as a
result it has to 
fragment the frame. If it has the "don't fragment bit" set
then it can't 
go any farther down the pipe....

Found this at :
http://feenix.burgiss.net/ldp/adsl/configure.html 
  
----quote------

Note: PPPoE adds 8 bytes of extra overhead to the ethernet
frames 
and the correct maximum setting for the ppp0 interface MTU
is
1492. If the MTU is set too high, it may cause failure of
some web 
pages to load properly, and possibly other annoying problems
related 
to Path MTU Discovery. You may need to also set the MTU for
interfaces 
on any masqueraded LAN connections MTU to 1452. This does
not apply to
PPPoA, or bridged configurations, just PPPoE! 
----------------

Since both PPPoE and PPTP run on PPPD this may be the same
type of problem.

Just a shot in the dark, but it fits what your are
describing


Jerry 














Joe Polcari wrote:
> 
> No, I haven't. Can you explain why that might make a difference
> based on the address of the web page???
> 
> Jerry Vonau wrote:
> 
> > Joe:
> >
> > Have you tried playing with the mtu settings on either the ppp link or the
> > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar
> > to some PPPoE problems loading web pages.
> >
> > Jerry Vonau
> >
> > Joe Polcari wrote:
> >
> > > Nope. That's not it.
> > > I can go to http://www.vibrationresearch.com or
> > > http://www.vibrationresearch.com/
> > > but not to
> > > http://www.vibrationresearch.com/pptpd or
> > > http://www.vibrationresearch.com/pptpd/
> > >
> > > Jason Staudenmayer wrote:
> > >
> > > > That a web server/DNS problem
> > > > I have several systems running that are not
> > > > in my local DNS and if I don't use the last slash
> > > > I times out or tells me it can't find my S: drive.
> > > > I think it has to do with reverse lookups to the
> > > > webserver or client. Just always remember to add the last slash
> > > > it ain't that hard.
> > > >
> > > > -----Original Message-----
> > > > From: Joe Polcari [mailto:Joe at Polcari.com]
> > > > Sent: Wednesday, December 05, 2001 1:43 AM
> > > > To: mattgav at tempo.com.au
> > > > Cc: Robert Dege; pptp-server at lists.schulte.org
> > > > Subject: Re: [pptp-server] a Cosmetic problem
> > > >
> > > > Matt,
> > > >
> > > > With or without proxy doesn't matter.
> > > > I'm sure my problem is in the options files.
> > > > First let me give you what I sent before so can see the setup
> > > > and I'll add my option files.
> > > >
> > > > corporate remote net=192.168.0/24
> > > > vpn remote IP=192.168.2.3 (wierd, huh?)
> > > > vpn local ip=192.168.0.xxx
> > > > nat to my local home net on 192.168.1.xxx
> > > > all this happens on my dual if local machine 192.168.1.4 (eth0)
> > > > which gateways the my local 192.168.1/24 home net to the pptp vpn
> > > > and to the internet through a second if 192.168.2.100 (eth1) connected
> > > > through
> > > > a
> > > > router/cable modem.
> > > >
> > > > normal default static route is to the 192.168.2.100 which gets replaced with
> > > > 192.168.2.3 during pptp connection.
> > > >
> > > > Everything works fine except this:
> > > > when I browse (http) through the vpn it works fine unless the ip is in the
> > > > 192.168.0 net.
> > > > In this case I can get and "/" url, but if I try anything else other than /,
> > > > the
> > > > connection times out.
> > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but
> > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same
> > > > results.
> > > > All hostnames, local and remote, resolve on my local home net.
> > > >
> > > > I am using pptp-command start to bring up the tunnel.
> > > >
> > > > ====================================
> > > > #/etc/pppd.conf
> > > > persist
> > > > noauth
> > > > lock
> > > > debug
> > > > multi-link
> > > > proxyarp
> > > > mppe-128
> > > > mppe-40
> > > > mppe-stateless
> > > > lcp-echo-failure 1000
> > > > lcp-echo-interval 1000
> > > > ipcp-accept-local
> > > > ipcp-accept-remote
> > > > defaultroute
> > > > -am
> > > > kdebug 7
> > > > ktune
> > > > bsdcomp 15
> > > > deflate 15
> > > > ms-wins 192.168.0.xxx
> > > > =====================================
> > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options)
> > > > noccp
> > > > persist
> > > > noauth
> > > > lock
> > > > #debug
> > > > proxyarp
> > > > #chap
> > > > #chapms
> > > > #chapms-v2
> > > > mppe-128
> > > > mppe-40
> > > > mppe-stateless
> > > > lcp-echo-failure 1000
> > > > lcp-echo-interval 1000
> > > > ipcp-accept-local
> > > > ipcp-accept-remote
> > > > defaultroute
> > > > #noipdefault
> > > > #kdebug 7
> > > > name jpolcari
> > > > remotename PPTP
> > > > -am
> > > > ms-dns 192.168.0.xxx
> > > > ms-wins 192.168.0.xxx
> > > > ==============================
> > > >
> > > > What other information can I give you?
> > > >
> > > > Joe
> > > >
> > > > Matt Gavin wrote:
> > > >
> > > > > This is not a PoPToP problem. The fact that it works for the index page
> > > > > means that it is working and PoPToP is not failing for you, remember
> > > > PoPToP
> > > > > simply provides a tunnel... to the private/your network. This will be
> > > > > Apache/IIS and/or your Proxy settings.
> > > > >
> > > > > What is your Web Server for Intranet? Do you have a proxy server? When you
> > > > > visit another page on the Intranet, are you maintaining the domain? Do you
> > > > > have a Proxy Server enabled for your Internet Access even before you reach
> > > > > the VPN?
> > > > >
> > > > > Matt
> > > > >
> > > > > Full domain name matters not.
> > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere
> > > > > and iptables -L shows no dropped/rejected packets.
> > > > >
> > > > > Matt Gavin wrote:
> > > > >
> > > > > > What do you get if you use the full domain ie:
> > > > http://intranet.amherst.com
> > > > > > It would be beneficial to know what version of Windows your client is.
> > > > Can
> > > > > > you ping "intranet", if so check your proxy settings... This will more
> > > > > than
> > > > > > likely be an issue on your client rather than PoPToP.
> > > > > >
> > > > > > Matt
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: pptp-server-admin at lists.schulte.org
> > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege
> > > > > > Sent: Wednesday, 5 December 2001 9:47 AM
> > > > > > To: pptp-server at lists.schulte.org
> > > > > > Subject: [pptp-server] a Cosmetic problem
> > > > > >
> > > > > > I am able to make a successful PPTP connection.  I know that it
> > > > > > works, because I am able to view certain Network Neighborhood
> > > > > > folders, & FTP to inside machines.  However, when I attempt to access
> > > > > > certain web ages, instead of loading the web page, I get a server not
> > > > > > found error.
> > > > > >
> > > > > > ie:  http://intranet yields not found
> > > > > >      http://192.168.1.1 yieldls site found
> > > > > >
> > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if
> > > > > > the web browser times out prior to checking the VPN connection for the
> > > > web
> > > > > > site.
> > > > > >
> > > > > > I also have the Windows client setup so that "Use degault gateway on
> > > > > > remote network" is NOT checked.
> > > > > >
> > > > > > Anybody have some insight on this?
> > > > > >
> > > > > > --
> > > > > >
> > > > > > -Rob
> > > > > >
> > > >
> > > > _______________________________________________
> > > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > --- To unsubscribe, go to the url just above this line. --
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --



More information about the pptp-server mailing list