Re: PoPToP and... routing?
From: Archevis (archevis_at_hotmail.com)
Date: 08/28/04
- Previous message: Archevis: "PoPToP and... routing?"
- In reply to: Archevis: "PoPToP and... routing?"
- Next in thread: Archevis: "Re: PoPToP and... routing? - SOLVED!"
- Reply: Archevis: "Re: PoPToP and... routing? - SOLVED!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 28 Aug 2004 18:48:45 +0200
Oooops..... Sorry, folks!
I forgot to mention that I have even removed the third network interface and
turned off named and dhcpd, just to get the pptpd VPN functional again. I
thought I had restored the system to it's previously working state, but
obviously something went bad along the way.
Also, I should probably state explicitly that having had a working PoPToP
installation also implies that yes, I have followed the advice of
recompiling the kernel without GRE support... :)
- 4rch3v15
"Archevis" <archevis@hotmail.com> wrote in message
news:d99f9148.0408280601.5d81b006@posting.google.com...
> I'm at a complete loss here... I had PoPToP VPN up and running on my
> OpenBSD 3.5 firewall before installing a third network card for an
> "external" IP zone. After setting up dhcpd and named on the firewall
> for the new nic (rl1) I discovered that I could still connect and
> login on the firewall/VPN server, but all of a sudden I was unable to
> ping anything behind the firewall.
>
> To be as specific as I can: I can ping the firewall's local IP from
> the Windows XP (built-in VPN) client, and also ping both the XP client
> and all machines on the local network ("behind" the firewall) from the
> firewall/VPN server. But I'm unable to ping machines behind the
> firewall from the XP client, and the XP client is also unreachable
> from machines behind the firewall/VPN server.
>
> Aside from the above problems everything works like a charm. The
> web/mail server (behind the firewall) is accessible through ordinary
> access over the Internet. Similarly, the Internet is accessible from
> every machine behind the firewall (I'm using packet filter NAT).
>
> My first thought was: Check, double check and then triple check
> pf.conf, in case the firewall is accidentally blocking traffic. But
> the problem persists even if i add "pass in quick all" and "pass out
> quick all" as the first filtering lines in pf.conf. So I'm assuming
> that the firewall is innocent...
>
> Which leads me to suspect routing to be my cause of grief. Which gives
> me the shivers, since I'm by far no qualified system administrator. ;)
>
> Output from "route show" yields (my external IP shown as
> <A>.<B>.<C>.<D>):
>
> Internet:
> Destination Gateway Flags
> default <A>.<B>.<C>.<D> UG
> <A>.<B>.<C>.<D-2> link#2 U
> <A>.<B>.<C>.<D-1> <a MAC address> UH
> localhost localhost UG
> localhost localhost UH
> 192.168.0.0 link#1 U
> gate localhost UGH
> euclid <a MAC address> UH
> galileo <a MAC address> UH
> 192.168.0.145 <a MAC address> UH
> BASE-ADDRESS.MCA localhost U
>
> Line 3 is my ISP's gateway for my external nic, with last IP byte a
> value of 1 less than on my IP. Knowing less than little of the inner
> workings of routing, I'm still a little surprised by line 2 where the
> last of the four IP bytes is 2 less than on my external nic. This
> being link#2 and all...
>
> From my XP client (at 192.168.0.145) I'm able to tracert machines
> behind the firewall to my firewall/VPN server at 192.168.0.1, but no
> further.
>
> Anyone have any idea what I'm up against? Is there some setting in the
> PoPToP or PPP config files reagrding routing? Or is this perhaps noe a
> routing problem at all? How can I figure out if it is?
>
> All suggestions appriciated :)
>
> - 4rch3v15
- Previous message: Archevis: "PoPToP and... routing?"
- In reply to: Archevis: "PoPToP and... routing?"
- Next in thread: Archevis: "Re: PoPToP and... routing? - SOLVED!"
- Reply: Archevis: "Re: PoPToP and... routing? - SOLVED!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
