[pptp-server] Can't Ping a Thing

Jerry Vonau jvonau at home.com
Tue Jan 30 20:03:57 CST 2001 

Michael:

If you a wins server on the network then use it, add:
ms-wins  xxx.xxx.xxx.xxx
to your options file for the vpn.



Michael Ward wrote:

> Good news to report -
>
> Thanks to all the help from this group I now can ping (and therefore have
> access to) resources on my private network from remotely connected pptp
> clients.
>
> I've seen that other folks are having the same trouble so I'm going to tell
> you what is in place to make my connection work.  It's basically a
> compilation of replies from contributors to this list.  I will not be
> detailed, being a beginner with all this, but I think it will be helpful for
> other beginners.
>
> 1.  I've got the ppptp daemon running (per how-to at poptop.lineo.com,
> including pptpd.conf and chap-secrets)
> 2.  Win98 client configured - tcp/ip properties are set to let server assign
> ip address
> 3.  ipforwarding enabled in linux kernel (it was enabled by default on my
> redhat 7.0 box)
>         To check if IP_FORWARDING is currently enabled, type (as root):
>         cat /proc/sys/net/ipv4/ip_forward
>         If it returns 0, then IP_FORWARDING is disabled.
>         To enable IP_FORWARDING (without re-booting), type (as root):
>         echo "1" >/proc/sys/net/ipv4/ip_forward
>         To ensure that IP_FORWARDING will be enabled at system boot-up,
> edit:
>         /etc/sysconfig/network
>         and ensure that the FORWARD_IPV4 variable is set to "yes".
> 4. PPTP server's LAN Ethernet interface *MUST* be known as the proxy arp
>         check /var/log/messaging for a proxyarp entry.
>         check /etc/ppp/options add proxyarp if missing
>         (see Steve Cowles post, 1/23/01)
> 5. IPChains - I have *No* rules setup in my ipchains and my connection works
> perfectly.  This is because, in the absence rules, the built-in chains
> (input, output & forward) use their respective 'policy' to decide the fate
> of any packet.  The default policy for all chains is ACCEPT, therefore all
> packets are accepted.  This is obviously not a secure state to leave your
> server in.  I personally like to get new services like pptp running without
> complication, then add things like encryption and ipchains one at a time to
> ease resolution of problems that may occur.
> 6.  Samba - While trying to figure out how to fix my lack of ping problem it
> was suggested to me that Samba would help me out.  It turns out that Samba
> is not required at all for pptp clients to access resources on my private
> network
> 7. Default route - This also is not required
>
> In my configuration clients are assigned addresses from the same subnet as
> my private network.
>
> BTW - If anyone cares to know, here's what was wrong with my setup that
> prevented me from pinging private network resources from a connected pptp
> client (if I was the type to get embarrassed this would do it)....
>
> I had initially configured my win98 client to use a particular IP address,
> instead of letting the server assign it.  I guess I was thinking I'd know
> exactly what IP address I should be able to ping when it connected.  This
> was before I understood that an address would be assigned from the
> pptpd.conf file.  The first 'localip' address available (per my pptpd.conf
> file) was the exact same ip address that I had statically assigned to my
> remote win98 client (see where we're going here?) so....
>
> As I followed through on the many suggestions I received from this list, it
> turned into a process of elimination.  i.e. ipforwarding was indeed enabled
> on my box, proxyarp was in my /etc/ppp/options file.  So as I went through
> suggestions I eliminated them as the potential problem UNTIL - I checked
> /var/log/messages and saw that both ends of my tunnel had the same ip
> address.  I reconfigured my win98 client to let the server assign an address
> and that was it.  Lesson learned.
>
> **************************
> Michael Ward
> Global Water Technologies, Inc.
> email: mward at gwtr.com
> (303) 215-1100
> **************************
>
> -----Original Message-----
> From: Jerry Vonau [mailto:jvonau at home.com]
> Sent: Tuesday, January 23, 2001 5:44 PM
> To: Michael Ward
> Subject: Re: [pptp-server] Can't Ping a Thing
>
> Hows the battle going??
>
> Jerry
>
> Jerry Vonau wrote:
>
> > Michael:
> > check /var/log/messaging for a proxyarp entry.
> > check /etc/ppp/options add proxyarp if missing.
> > Are you using the same network addressing on the
> > remote client  as on the lan? How about some snips?
> >
> > Jerry Vonau
> >
> > Michael Ward wrote:
> >
> > > Hey all -
> > > I installed redhat linux 7 last week for the first time.  Until now I've
> > > only known windows.  I'm the IT Manager for a company in Golden, CO and
> want
> > > to do vpn on a linux box instead of microsoft.
> > >
> > > I have searched archives of this mailing list and found several
> suggestions
> > > for fixing the problem I'm having.... Call me a little slow, but it
> ain't
> > > workin'! (more accurately, I'm not workin' it.)
> > >
> > > I've got pptp setup and working (I can connect with win98 clients) and
> have
> > > not setup encryption yet in an effort to keep it simple while I try to
> get
> > > basic functionality.
> > >
> > > I have setup Samba and have it running (though I'm not sure if it's
> > > required, different sources have pointed me in different directions).
> Samba
> > > is aware of my WINS server on my internal network (how cool is that? I
> bow
> > > down to Samba)
> > >
> > > I just read the ipchains how to.  I've tried specifically allowing
> > > forwarding with a rule pulled from the PoPToP faq.
> > >
> > > The Problem (note capital P): I can not see (browse nor ping) from a
> > > connected win98 client *anything* on my network.  I have a connection
> but
> > > can't play.  Where's the fun?
> > >
> > > Questions:
> > > 1.  What is the total equation to make this whole deal work (clients
> should
> > > be able to browse to resources on internal servers)?  i.e. Is it pptpd +
> > > samba + ipchains?  If these three are configured correctly am I set?  Is
> > > there another piece of the puzzle?  I've read about and tried messing
> around
> > > with default routes/routing tables to no avail.  What's the skinny on
> the
> > > 'ideal setup', the basics that have to be there?
> > >
> > > 2.  *If* I leave ipchains with *no rules* set up at all, the default
> policy
> > > (confirmed with ./ipchains -L) for all rules is ACCEPT.  Should my box
> be
> > > forwarding all packets in this scenario?  It doesn't, nor can I get it
> to
> > > forward packets to the private network by using rules pulled from the
> poptop
> > > faq.
> > >
> > > 3.  Any specifics in implementing the 'ideal setup' are greatly
> appreciated.
> > >
> > > Anyone feeling really generous is invited to give my dumb ass a call.
> I'm
> > > sure I could learn a great deal in a few minutes of brain picking.
> > >
> > > Thank you all for your help (couldn't have gotten this far in a week
> without
> > > it).
> > >
> > > Michael Ward
> > > mward at gwtr.com
> > > (303) 215-1100 (m-f 9-5 mst)
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list