Re: Question about networking and PPTP
From: Ludek Frybort (frybort_at_amit.cz)
Date: 03/11/04
- Next message: Tom Ryerson: "FreeBSD Single-Unix Conformant?"
- Previous message: Frank: "Re: Upgrade KDevelop 3.0.0 -> 3.0.2"
- In reply to: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Next in thread: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Reply: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 11 Mar 2004 13:07:59 +0100
Jean-Yves Avenard wrote:
>
> Alan Hicks wrote:
>
> >
> > Might want to track them down and ask them what they've done to resolve
> > this problem.
> >
>
> Well, installing NATd fixed the issue...
... which seems to prove that your VPN is working, just your network
layuout is a bit, erm, unfortunate.
> Don't see why it would have any
> influence on the VPN...
I can imagine a natd configuration that could partly solve the problems
resulting from the network layout (which I don't like).
Imagine that you don't have NAT running on 192.168.1.11. Ask yourself
the following question:
How is, a 192.168.1.1xx host supposed to know that packets for
192.168.1.22 need to be routed through 192.168.1.11? I suppose the
.1xx's netmask is 255.255.255.0, which (incorrectly) tells the .1xx host
that .22 is on the same network and no gateway is needed to reach it.
A NAT can partly solve it, for connections (pings, etc.) in the
.22->.1xx direction, because the .22->.1xx packets are translated by
natd, and arrive as .11->.1xx. Response packets (.1xx->.11) get back to
the gateway and are backtranslated to .1xx->.22, so it works.
The other direction remains a problem, though:
> I can't ping the VPN address from the internal network though.. I though
> this would have been possible.
It's the same as if you wanted to ping (or connect to) an internal host
on a natted network from the outside. Doesn't work, of course.
I suggest changing the address for VPN-access to 192.168.2.yy, so that
the 192.168.1.1xx hosts know that it's in a diferrent network and the
packets to the .yy host must be sent through a gateway.
Unless .11 is in the position of the default gateway for the .1xx hosts,
you'll additionally need to add a static route for 192.168.2/24 through
192.168.1.11 on either:
- each .1xx host, or
- their default gateway (.10, perhaps)
Ludek
- Next message: Tom Ryerson: "FreeBSD Single-Unix Conformant?"
- Previous message: Frank: "Re: Upgrade KDevelop 3.0.0 -> 3.0.2"
- In reply to: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Next in thread: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Reply: Jean-Yves Avenard: "Re: Question about networking and PPTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
