[pptp-server] Can't Ping a Thing
Jerry Vonau
jvonau at home.com
Tue Jan 30 20:03:57 CST 2001
Michael:
If you a wins server on the network then use it, add:
ms-wins xxx.xxx.xxx.xxx
to your options file for the vpn.
Michael Ward wrote:
> Good news to report -
>
> Thanks to all the help from this group I now can ping (and therefore have
> access to) resources on my private network from remotely connected pptp
> clients.
>
> I've seen that other folks are having the same trouble so I'm going to tell
> you what is in place to make my connection work. It's basically a
> compilation of replies from contributors to this list. I will not be
> detailed, being a beginner with all this, but I think it will be helpful for
> other beginners.
>
> 1. I've got the ppptp daemon running (per how-to at poptop.lineo.com,
> including pptpd.conf and chap-secrets)
> 2. Win98 client configured - tcp/ip properties are set to let server assign
> ip address
> 3. ipforwarding enabled in linux kernel (it was enabled by default on my
> redhat 7.0 box)
> To check if IP_FORWARDING is currently enabled, type (as root):
> cat /proc/sys/net/ipv4/ip_forward
> If it returns 0, then IP_FORWARDING is disabled.
> To enable IP_FORWARDING (without re-booting), type (as root):
> echo "1" >/proc/sys/net/ipv4/ip_forward
> To ensure that IP_FORWARDING will be enabled at system boot-up,
> edit:
> /etc/sysconfig/network
> and ensure that the FORWARD_IPV4 variable is set to "yes".
> 4. PPTP server's LAN Ethernet interface *MUST* be known as the proxy arp
> check /var/log/messaging for a proxyarp entry.
> check /etc/ppp/options add proxyarp if missing
> (see Steve Cowles post, 1/23/01)
> 5. IPChains - I have *No* rules setup in my ipchains and my connection works
> perfectly. This is because, in the absence rules, the built-in chains
> (input, output & forward) use their respective 'policy' to decide the fate
> of any packet. The default policy for all chains is ACCEPT, therefore all
> packets are accepted. This is obviously not a secure state to leave your
> server in. I personally like to get new services like pptp running without
> complication, then add things like encryption and ipchains one at a time to
> ease resolution of problems that may occur.
> 6. Samba - While trying to figure out how to fix my lack of ping problem it
> was suggested to me that Samba would help me out. It turns out that Samba
> is not required at all for pptp clients to access resources on my private
> network
> 7. Default route - This also is not required
>
> In my configuration clients are assigned addresses from the same subnet as
> my private network.
>
> BTW - If anyone cares to know, here's what was wrong with my setup that
> prevented me from pinging private network resources from a connected pptp
> client (if I was the type to get embarrassed this would do it)....
>
> I had initially configured my win98 client to use a particular IP address,
> instead of letting the server assign it. I guess I was thinking I'd know
> exactly what IP address I should be able to ping when it connected. This
> was before I understood that an address would be assigned from the
> pptpd.conf file. The first 'localip' address available (per my pptpd.conf
> file) was the exact same ip address that I had statically assigned to my
> remote win98 client (see where we're going here?) so....
>
> As I followed through on the many suggestions I received from this list, it
> turned into a process of elimination. i.e. ipforwarding was indeed enabled
> on my box, proxyarp was in my /etc/ppp/options file. So as I went through
> suggestions I eliminated them as the potential problem UNTIL - I checked
> /var/log/messages and saw that both ends of my tunnel had the same ip
> address. I reconfigured my win98 client to let the server assign an address
> and that was it. Lesson learned.
>
> **************************
> Michael Ward
> Global Water Technologies, Inc.
> email: mward at gwtr.com
> (303) 215-1100
> **************************
>
> -----Original Message-----
> From: Jerry Vonau [mailto:jvonau at home.com]
> Sent: Tuesday, January 23, 2001 5:44 PM
> To: Michael Ward
> Subject: Re: [pptp-server] Can't Ping a Thing
>
> Hows the battle going??
>
> Jerry
>
> Jerry Vonau wrote:
>
> > Michael:
> > check /var/log/messaging for a proxyarp entry.
> > check /etc/ppp/options add proxyarp if missing.
> > Are you using the same network addressing on the
> > remote client as on the lan? How about some snips?
> >
> > Jerry Vonau
> >
> > Michael Ward wrote:
> >
> > > Hey all -
> > > I installed redhat linux 7 last week for the first time. Until now I've
> > > only known windows. I'm the IT Manager for a company in Golden, CO and
> want
> > > to do vpn on a linux box instead of microsoft.
> > >
> > > I have searched archives of this mailing list and found several
> suggestions
> > > for fixing the problem I'm having.... Call me a little slow, but it
> ain't
> > > workin'! (more accurately, I'm not workin' it.)
> > >
> > > I've got pptp setup and working (I can connect with win98 clients) and
> have
> > > not setup encryption yet in an effort to keep it simple while I try to
> get
> > > basic functionality.
> > >
> > > I have setup Samba and have it running (though I'm not sure if it's
> > > required, different sources have pointed me in different directions).
> Samba
> > > is aware of my WINS server on my internal network (how cool is that? I
> bow
> > > down to Samba)
> > >
> > > I just read the ipchains how to. I've tried specifically allowing
> > > forwarding with a rule pulled from the PoPToP faq.
> > >
> > > The Problem (note capital P): I can not see (browse nor ping) from a
> > > connected win98 client *anything* on my network. I have a connection
> but
> > > can't play. Where's the fun?
> > >
> > > Questions:
> > > 1. What is the total equation to make this whole deal work (clients
> should
> > > be able to browse to resources on internal servers)? i.e. Is it pptpd +
> > > samba + ipchains? If these three are configured correctly am I set? Is
> > > there another piece of the puzzle? I've read about and tried messing
> around
> > > with default routes/routing tables to no avail. What's the skinny on
> the
> > > 'ideal setup', the basics that have to be there?
> > >
> > > 2. *If* I leave ipchains with *no rules* set up at all, the default
> policy
> > > (confirmed with ./ipchains -L) for all rules is ACCEPT. Should my box
> be
> > > forwarding all packets in this scenario? It doesn't, nor can I get it
> to
> > > forward packets to the private network by using rules pulled from the
> poptop
> > > faq.
> > >
> > > 3. Any specifics in implementing the 'ideal setup' are greatly
> appreciated.
> > >
> > > Anyone feeling really generous is invited to give my dumb ass a call.
> I'm
> > > sure I could learn a great deal in a few minutes of brain picking.
> > >
> > > Thank you all for your help (couldn't have gotten this far in a week
> without
> > > it).
> > >
> > > Michael Ward
> > > mward at gwtr.com
> > > (303) 215-1100 (m-f 9-5 mst)
> > > _______________________________________________
> > > pptp-server maillist - pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list