[pptp-server] a Cosmetic problem

Fri Dec 7 23:12:07 CST 2001

Robert,

I don't think so. It makes sense and worked for the http problems.

Outlook/Exchange are a different story though, I think.
I now have my MTU on the PPP interface (ppp options file)
set to 1452 per the web page mentioned below but I still have one
last problem of connecting Outlook to the exchange server.

I posted about 45 seconds, pertinent I hope, of tcpdump trace info at
http://www.Polcari.com/trace.html

Could someone, hint hint - Jerry, look at it and see if anything pops
out at you. I don't have anything to compare it to and I'm not too
familiar with the exchange that happens between the two.
Wildcat is the server so I only have the packets between it
and my LAN in the trace file.

Thanks, Joe

Robert Dege wrote:

> I have a router connected to a DSL connection via PPoE.  From there, it
> ip masquerades, and acts as a firewall.  I plan on having PPTPd running
> eventually, but my question is more geared towards the MTU parameter.
>
> If I have my ppp0 set to 1492, and then my eth0 that masq's set to 1500
> (on the same machine) does that cause internal ip fragmentation?  Would
> it be better to set eth0 & all the Windows clients to 1492 for faster
> data transport, thus eliminating data fragmentation?
>
> Or am I reading too much into this whole MTU thing?
>
> -Rob
>
> > Well I'll try to explain..
> >
> > The web server on the lan see the pptp server's lan card has
> > a mtu of 1500,
> > but if it sends the max of 1500 then it will not fit into
> > the ppp frame.
> > There is overhead involved with the encapsulation, as a
> > result it has to
> > fragment the frame. If it has the "don't fragment bit" set
> > then it can't
> > go any farther down the pipe....
> >
> > Found this at :
> > http://feenix.burgiss.net/ldp/adsl/configure.html
> >
> > ----quote------
> >
> > Note: PPPoE adds 8 bytes of extra overhead to the ethernet
> > frames
> > and the correct maximum setting for the ppp0 interface MTU
> > is
> > 1492. If the MTU is set too high, it may cause failure of
> > some web
> > pages to load properly, and possibly other annoying problems
> > related
> > to Path MTU Discovery. You may need to also set the MTU for
> > interfaces
> > on any masqueraded LAN connections MTU to 1452. This does
> > not apply to
> > PPPoA, or bridged configurations, just PPPoE!
> > ----------------
> >
> > Since both PPPoE and PPTP run on PPPD this may be the same
> > type of problem.
> >
> > Just a shot in the dark, but it fits what your are
> > describing
> >
> >
> > Jerry
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Joe Polcari wrote:
> > >
> > > No, I haven't. Can you explain why that might make a difference
> > > based on the address of the web page???
> > >
> > > Jerry Vonau wrote:
> > >
> > > > Joe:
> > > >
> > > > Have you tried playing with the mtu settings on either the ppp link or the
> > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar
> > > > to some PPPoE problems loading web pages.
> > > >
> > > > Jerry Vonau
> > > >
> > > > Joe Polcari wrote:
> > > >
> > > > > Nope. That's not it.
> > > > > I can go to http://www.vibrationresearch.com or
> > > > > http://www.vibrationresearch.com/
> > > > > but not to
> > > > > http://www.vibrationresearch.com/pptpd or
> > > > > http://www.vibrationresearch.com/pptpd/
> > > > >
> > > > > Jason Staudenmayer wrote:
> > > > >
> > > > > > That a web server/DNS problem
> > > > > > I have several systems running that are not
> > > > > > in my local DNS and if I don't use the last slash
> > > > > > I times out or tells me it can't find my S: drive.
> > > > > > I think it has to do with reverse lookups to the
> > > > > > webserver or client. Just always remember to add the last slash
> > > > > > it ain't that hard.
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Joe Polcari [mailto:Joe at Polcari.com]
> > > > > > Sent: Wednesday, December 05, 2001 1:43 AM
> > > > > > To: mattgav at tempo.com.au
> > > > > > Cc: Robert Dege; pptp-server at lists.schulte.org
> > > > > > Subject: Re: [pptp-server] a Cosmetic problem
> > > > > >
> > > > > > Matt,
> > > > > >
> > > > > > With or without proxy doesn't matter.
> > > > > > I'm sure my problem is in the options files.
> > > > > > First let me give you what I sent before so can see the setup
> > > > > > and I'll add my option files.
> > > > > >
> > > > > > corporate remote net=192.168.0/24
> > > > > > vpn remote IP=192.168.2.3 (wierd, huh?)
> > > > > > vpn local ip=192.168.0.xxx
> > > > > > nat to my local home net on 192.168.1.xxx
> > > > > > all this happens on my dual if local machine 192.168.1.4 (eth0)
> > > > > > which gateways the my local 192.168.1/24 home net to the pptp vpn
> > > > > > and to the internet through a second if 192.168.2.100 (eth1) connected
> > > > > > through
> > > > > > a
> > > > > > router/cable modem.
> > > > > >
> > > > > > normal default static route is to the 192.168.2.100 which gets replaced with
> > > > > > 192.168.2.3 during pptp connection.
> > > > > >
> > > > > > Everything works fine except this:
> > > > > > when I browse (http) through the vpn it works fine unless the ip is in the
> > > > > > 192.168.0 net.
> > > > > > In this case I can get and "/" url, but if I try anything else other than /,
> > > > > > the
> > > > > > connection times out.
> > > > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but
> > > > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same
> > > > > > results.
> > > > > > All hostnames, local and remote, resolve on my local home net.
> > > > > >
> > > > > > I am using pptp-command start to bring up the tunnel.
> > > > > >
> > > > > > ====================================
> > > > > > #/etc/pppd.conf
> > > > > > persist
> > > > > > noauth
> > > > > > lock
> > > > > > debug
> > > > > > multi-link
> > > > > > proxyarp
> > > > > > mppe-128
> > > > > > mppe-40
> > > > > > mppe-stateless
> > > > > > lcp-echo-failure 1000
> > > > > > lcp-echo-interval 1000
> > > > > > ipcp-accept-local
> > > > > > ipcp-accept-remote
> > > > > > defaultroute
> > > > > > -am
> > > > > > kdebug 7
> > > > > > ktune
> > > > > > bsdcomp 15
> > > > > > deflate 15
> > > > > > ms-wins 192.168.0.xxx
> > > > > > =====================================
> > > > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options)
> > > > > > noccp
> > > > > > persist
> > > > > > noauth
> > > > > > lock
> > > > > > #debug
> > > > > > proxyarp
> > > > > > #chap
> > > > > > #chapms
> > > > > > #chapms-v2
> > > > > > mppe-128
> > > > > > mppe-40
> > > > > > mppe-stateless
> > > > > > lcp-echo-failure 1000
> > > > > > lcp-echo-interval 1000
> > > > > > ipcp-accept-local
> > > > > > ipcp-accept-remote
> > > > > > defaultroute
> > > > > > #noipdefault
> > > > > > #kdebug 7
> > > > > > name jpolcari
> > > > > > remotename PPTP
> > > > > > -am
> > > > > > ms-dns 192.168.0.xxx
> > > > > > ms-wins 192.168.0.xxx
> > > > > > ==============================
> > > > > >
> > > > > > What other information can I give you?
> > > > > >
> > > > > > Joe
> > > > > >
> > > > > > Matt Gavin wrote:
> > > > > >
> > > > > > > This is not a PoPToP problem. The fact that it works for the index page
> > > > > > > means that it is working and PoPToP is not failing for you, remember
> > > > > > PoPToP
> > > > > > > simply provides a tunnel... to the private/your network. This will be
> > > > > > > Apache/IIS and/or your Proxy settings.
> > > > > > >
> > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you
> > > > > > > visit another page on the Intranet, are you maintaining the domain? Do you
> > > > > > > have a Proxy Server enabled for your Internet Access even before you reach
> > > > > > > the VPN?
> > > > > > >
> > > > > > > Matt
> > > > > > >
> > > > > > > Full domain name matters not.
> > > > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere
> > > > > > > and iptables -L shows no dropped/rejected packets.
> > > > > > >
> > > > > > > Matt Gavin wrote:
> > > > > > >
> > > > > > > > What do you get if you use the full domain ie:
> > > > > > http://intranet.amherst.com
> > > > > > > > It would be beneficial to know what version of Windows your client is.
> > > > > > Can
> > > > > > > > you ping "intranet", if so check your proxy settings... This will more
> > > > > > > than
> > > > > > > > likely be an issue on your client rather than PoPToP.
> > > > > > > >
> > > > > > > > Matt
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: pptp-server-admin at lists.schulte.org
> > > > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege
> > > > > > > > Sent: Wednesday, 5 December 2001 9:47 AM
> > > > > > > > To: pptp-server at lists.schulte.org
> > > > > > > > Subject: [pptp-server] a Cosmetic problem
> > > > > > > >
> > > > > > > > I am able to make a successful PPTP connection.  I know that it
> > > > > > > > works, because I am able to view certain Network Neighborhood
> > > > > > > > folders, & FTP to inside machines.  However, when I attempt to access
> > > > > > > > certain web ages, instead of loading the web page, I get a server not
> > > > > > > > found error.
> > > > > > > >
> > > > > > > > ie:  http://intranet yields not found
> > > > > > > >      http://192.168.1.1 yieldls site found
> > > > > > > >
> > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if
> > > > > > > > the web browser times out prior to checking the VPN connection for the
> > > > > > web
> > > > > > > > site.
> > > > > > > >
> > > > > > > > I also have the Windows client setup so that "Use degault gateway on
> > > > > > > > remote network" is NOT checked.
> > > > > > > >
> > > > > > > > Anybody have some insight on this?
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > > -Rob
> > > > > > > >
> > > > > >