[pptp-server] pptpd routing issues [FIXED]
Christopher Aedo
doc at aedo.net
Wed Jun 12 13:46:57 CDT 2002
Well, fixed SORT of. Many great thanks to Niall Keegan who wrote the
OpenBSD/PoPToP howto that got me easily through at least the first
stages. He also helped track down at least part of what my problem was.
OpenBSD 3.1 has broken proxy-arp code, and was not responding to ARP
requests the way it should have been. The bug is known and the fix is
in CVS I believe. More information on this BSD specific issue can be
found at:
http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2635
I was able to get things working properly by manually adding static ARP
routes on our router, pointing the right way for the IP addresses PPP
serves out, on the VPN host machine. Not the best solution by a long
shot, but it got things working at least.
The REAL problem (and I wish I had realized this before) is the
netmask/multiple networks issue with PPP. Reading through the mailing
list archives indicates stumble against this nearly constantly. I am
able to route properly to all internal networks after establishing PPTP
connection only by adding a route on the windows client (i.e. "route add
192.168.0.0 mask 255.255.254.0 192.168.0.83" for instance.) While this
problem could easily be solved on the windows clients by either running
a post-connect script or using a wrapper that starts the connection then
runs the script, it doesn't solve the larger problem of allowing
multiple platforms to easily create a VPN connection to our network.
Though this question is off-topic for the list, does anyone have any
suggestions for a free open-source solution? Ideally I would like to
run VPN host software on an OpenBSD machine, and allow windows, linux,
mac and BSD machines to route to our network from the outside securely.
(It's such a shame that poptop might not be the answer -- in my few
days of working with it, I'm practically in love.) I'm still hoping to
come up with a server-side hack for this, but I'm afraid it may not be
possible. (The freeswan - windows solution is very low on my list of
alternate solutions due to a fairly unpleasant client side setup process...)
Ideas? This list is full of smart people who have dealt with this
before or at least thought about it. Technology is always changing, new
things always emerging -- what's the best way to solve this problem today?
-Christopher
p.s. Thanks also to all the people on this list who helped me get to
this point.
More information about the pptp-server
mailing list