[pptp-server] pptpd routing issues

Christopher Aedo doc at aedo.net
Fri Jun 7 18:47:52 CDT 2002


Frank Cusack wrote:

>Meaning 192.168.0.81 and 192.168.0.80?
>
Correct, I can ping the VPN machine, and the IP address the VPN assigns 
to the client, FROM the client.

>I would expect that ppp on the VPN server side is not doing proxy arp.
>
>  enable proxy
>
>Does this enable proxy arp?  I am unable to find documentation for this
>flavor of ppp on www.openbsd.org.
>
According to the man pages for openbsd ppp, this is supposed to enable 
proxy arp.  

>Get on another machine on 192.168.0/23 and see if you can ping 192.168.0.81
>(or whatever IP the client gets).  Check the arp table after the ping to
>see what it says for 192.168.0.81.  If it looks like
>
>    ? (192.168.0.81) at <incomplete>
>
>then your VPN server is not doing proxy arp.
>
>If there is a MAC, verify that its the VPN server's MAC.  If not, you
>have an IP conflict.  If so, the pptp tunnel isn't working correctly.
>
>
Tried that, no good.  Other machines are not able to ping the 
VPN-assigned IP address (in this case .81).  There was one strange 
change between before connecting and after, when checking arp on the VPN 
server:

[BEFORE CONNECTION]
? (192.168.0.1) at 00:d0:b7:c7:23:22
? (192.168.0.5) at (incomplete)
? (192.168.1.4) at 00:b0:d0:41:ea:dc

[AFTER CONNECTION]
? (192.168.0.1) at 00:d0:b7:c7:23:22
? (192.168.0.5) at 00:03:6d:16:24:e6
? (192.168.1.4) at 00:b0:d0:41:ea:dc

192.168.0.5 is the DNS server that is being sent to the VPN client. 
 That IP is NOT in the pool of possible IPs.  It is not pingable from 
the client side after connecting.

-Christopher




More information about the pptp-server mailing list