[pptp-server] pptpd routing issues

Christopher Aedo doc at aedo.net
Thu Jun 6 22:15:11 CDT 2002


Hello, I recently installed poptop on an openBSD 3.1 machine (which has 
net.inet.ip.forwarding=1 in sysctl.conf.)  I looked through the mailing 
list archive and could not find an answer to my problem.  Please excuse 
me if this comes up frequently, I really have tried to solve this via 
google searches, honest!

Everything seems to have gone as smooth as possible, and I am able to 
connect to this machine from a client machine (my home pc running 
windows XP.)  I connect to the internet on a DSL behind a NAT gateway. 
 The VPN server is behind a firewall/NAT gateway, which is actually 
port-forwarding gre and rcp/1723.  From the VPN server, I am able to 
connect to anything on the internet network as expected (so at least 
from the console, routing on the VPN box seems fine.)

Connecting and authenticating work prefectly.  Once connected I am able 
to ping the VPN IP and the tunnel IP from the client machine.

The two route tables are:
[CLIENT]
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.0.81    192.168.0.81      1
          0.0.0.0          0.0.0.0  192.168.123.254  192.168.123.167      21
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
     192.168.0.81  255.255.255.255        127.0.0.1       127.0.0.1      50
    192.168.0.255  255.255.255.255     192.168.0.81    192.168.0.81      50
    192.168.123.0    255.255.255.0  192.168.123.167  192.168.123.167      20
  192.168.123.167  255.255.255.255        127.0.0.1       127.0.0.1      20
  192.168.123.255  255.255.255.255  192.168.123.167  192.168.123.167      20
   207.136.138.29  255.255.255.255  192.168.123.254  192.168.123.167      20
        224.0.0.0        240.0.0.0  192.168.123.167  192.168.123.167      20
        224.0.0.0        240.0.0.0     192.168.0.81    192.168.0.81      1
  255.255.255.255  255.255.255.255  192.168.123.167  192.168.123.167      1
Default Gateway:      192.168.0.81

[VPN SERVER]
Destination        Gateway            Flags     Refs     Use    Mtu  
Interface
default            192.168.0.1        UGS         3      452   1500   dc0
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          1        8  33224   lo0
192.168.0/23       link#1             UC          0        0   1500   dc0
192.168.0.1        0:d0:b7:c7:23:22   UHL         2     1240   1500   dc0
192.168.0.10       0:b0:d0:21:3f:63   UHL         1       33   1500   dc0
192.168.0.80       127.0.0.1          UH          0        0  33224   lo0
192.168.0.81       192.168.0.80       UH          0       87   1398   tun0
224/4              127.0.0.1          URS         0        3  33224   lo0

However, I can not ping PAST the VPN FROM the client machine.  (i.e. 
timeout when pinging 192.168.0.1, which is the NAT machine gateway.) 
 Pinging any other IP on the remote network also fails from the client 
machine.

This seems to me like a very simple routing issue, or maybe a ppp.conf 
or pptpd.conf config issue?  Also below you will find these files, in 
case they can help figure out what has gone wrong here.  (I feel like 
it's SOOOO close, it's just killing me!!)

pptpd.conf:
option /etc/ppp/ppp.conf

localip 192.168.0.80
remoteip 192.168.0.81-83
pidfile /var/run/pptpd.pid
=================================
ppp.conf:
loop:
  set timeout 0
  set log phase chat connect lcp ipcp command
  set device localhost:pptp
  set dial
  set login
  set mppe * stateful
  set ifaddr 192.168.0.80 192.168.0.81-192.168.0.83 255.255.255.255
  set server /tmp/loop "" 0177

loop-in:
  set timeout 0
  set log phase lcp ipcp command
  allow mode direct

pptp:
  load loop
  disable pap
  disable chap
  enable mschapv2
  disable deflate pred1
  deny deflate pred1

  accept mppe
  enable proxy
  accept dns

  set dns 192.168.0.5
  set nbns 192.168.0.10
  set device !/etc/ppp/secure
=================================

Any and all help will be greatly appreciated.  Thanks in advance!

-Christopher





More information about the pptp-server mailing list