[pptp-server] PoPToP wins! (routing issues resolved)

Frank Cusack fcusack at fcusack.com
Thu Jun 13 20:26:20 CDT 2002 

On Thu, Jun 13, 2002 at 09:32:15AM -0500, Chris Tooley wrote:
> On Wed, 2002-06-12 at 22:31, Frank Cusack wrote:
> > On Wed, Jun 12, 2002 at 03:14:30PM -0700, Christopher Aedo wrote:
> > > I realized the sensible way to deal with the routing issues I discuss 
> > > (routing over diverse networks) was just to allow the new PPP connection 
> > > to be the default gateway.  It does introduce the issue of potentially 
> > > routing ALL internet traffic through the VPN connection, but that is 
> > > something that we can overcome easily.  This allows us to have routes as 
> > > wacky as we like on our internal side, and not have to try pushing this 
> > > out through PPP.
> > 
> > Well, not potentially.  You WILL route all internet traffic through the
> > VPN.  I'm not sure what you mean by "overcome", but if you mean "avoid" I
> > for one would love to hear about it if you get a solution.
> 
> Having two default routes (or really two routes to 0.0.0.0/0) is not
> that big of an issue.  If you have the VPN Server be a default route and
> don't want all of your internet traffic going through it, you set your
> other gateway (or real gateway) up as a route to 0.0.0.0/0 as well, and
> make rules on your VPN Server to only route the traffic you want
> routed.  For instance, if the traffic is to yahoo you drop the packet. 
> That way the client rolls over to their "other route" to the internet.

No it doesn't.  If it does, you STILL incur the extra round trip penalty.
That's based on unix with equal cost multiple default routes.

With 'use remote default', windows does not add an equal cost default, it
changes the old default to a high metric and so what it SHOULD do is send
all traffic to the vpn server.  ICMP network unreachable should NOT cause
it to then try the other default (but it may if Windows routing is broken).
I wouldn't expect it to be broken in this way, but I haven't actually
verified it.

I do know that when I had this setup, folks didn't like it.

/fc

More information about the pptp-server mailing list