[pptp-server] pptpd routing issues [FIXED]

Christopher Aedo doc at aedo.net
Wed Jun 12 13:46:57 CDT 2002

Well, fixed SORT of.  Many great thanks to Niall Keegan who wrote the 
OpenBSD/PoPToP howto that got me easily through at least the first 
stages.  He also helped track down at least part of what my problem was.

OpenBSD 3.1 has broken proxy-arp code, and was not responding to ARP 
requests the way it should have been.  The bug is known and the fix is 
in CVS I believe.  More information on this BSD specific issue can be 
found at:


I was able to get things working properly by manually adding static ARP 
routes on our router, pointing the right way for the IP addresses PPP 
serves out, on the VPN host machine.  Not the best solution by a long 
shot, but it got things working at least.

The REAL problem (and I wish I had realized this before) is the 
netmask/multiple networks issue with PPP.  Reading through the mailing 
list archives indicates stumble against this nearly constantly.  I am 
able to route properly to all internal networks after establishing PPTP 
connection only by adding a route on the windows client (i.e. "route add mask" for instance.)  While this 
problem could easily be solved on the windows clients by either running 
a post-connect script or using a wrapper that starts the connection then 
runs the script, it doesn't solve the larger problem of allowing 
multiple platforms to easily create a VPN connection to our network.

Though this question is off-topic for the list, does anyone have any 
suggestions for a free open-source solution?  Ideally I would like to 
run VPN host software on an OpenBSD machine, and allow windows, linux, 
mac and BSD machines to route to our network from the outside securely. 
 (It's such a shame that poptop might not be the answer -- in my few 
days of working with it, I'm practically in love.)  I'm still hoping to 
come up with a server-side hack for this, but I'm afraid it may not be 
possible.  (The freeswan - windows solution is very low on my list of 
alternate solutions due to a fairly unpleasant client side setup process...)

Ideas?  This list is full of smart people who have dealt with this 
before or at least thought about it.  Technology is always changing, new 
things always emerging -- what's the best way to solve this problem today?

p.s. Thanks also to all the people on this list who helped me get to 
this point.

More information about the pptp-server mailing list