Re: PoPToP and... routing? - SOLVED!

From: Archevis (archevis_at_hotmail.com)
Date: 08/29/04

• Next message: Dave Uhring: "Re: OpenBSD stole code from SCO (for real!)"
• Previous message: lysol: "OpenBSD stole code from SCO (for real!)"
• In reply to: Archevis: "Re: PoPToP and... routing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 29 Aug 2004 15:16:12 +0200

Hi all,

The solution proved to be a couple of errors sneaking into in the config
files for PoPToP. To save others from wasting a week of their time trying to
get a pptpd up and running in OpenBSD I should probably write a full howto
now... :) See if I get the time in a few weeks.

For now, here are my working config files for poptop-1.1.4.b4 with a Windows
XP built-in VPN client:

--------------------
/etc/pptpd.conf:
--------------------
option /etc/ppp/options.pptpd
localip 192.168.0.1
remoteip 192.168.0.200-192.168.0.249

--------------------
/etc/ppp/ppp:
--------------------
pptp:
 enable proxy
 set dns 192.168.0.2
 set ifaddr 192.168.0.1 192.168.0.200-192.168.0.249
 set timeout 0
 enable mschapv2
 disable ipv6cp
 accept dns

--------------------
/etc/ppp/options.pptpd:
--------------------
proxyarp
+MSChap-V2
mppe-128
mppe-stateless

Aside from this I leave "/etc/ppp/options" empty, just in case.

If you decide to use these, please make sure to alter all IP adresses to
suit your network... :)

- 4rch3v15

"Archevis" <archevis@hotmail.com> wrote in message
news:MH2Yc.41488$Vf.2186830@news000.worldonline.dk...
> Oooops..... Sorry, folks!
>
> I forgot to mention that I have even removed the third network interface
and
> turned off named and dhcpd, just to get the pptpd VPN functional again. I
> thought I had restored the system to it's previously working state, but
> obviously something went bad along the way.
>
> Also, I should probably state explicitly that having had a working PoPToP
> installation also implies that yes, I have followed the advice of
> recompiling the kernel without GRE support... :)
>
> - 4rch3v15
>
>
> "Archevis" <archevis@hotmail.com> wrote in message
> news:d99f9148.0408280601.5d81b006@posting.google.com...
> > I'm at a complete loss here... I had PoPToP VPN up and running on my
> > OpenBSD 3.5 firewall before installing a third network card for an
> > "external" IP zone. After setting up dhcpd and named on the firewall
> > for the new nic (rl1) I discovered that I could still connect and
> > login on the firewall/VPN server, but all of a sudden I was unable to
> > ping anything behind the firewall.
> >
> > To be as specific as I can: I can ping the firewall's local IP from
> > the Windows XP (built-in VPN) client, and also ping both the XP client
> > and all machines on the local network ("behind" the firewall) from the
> > firewall/VPN server. But I'm unable to ping machines behind the
> > firewall from the XP client, and the XP client is also unreachable
> > from machines behind the firewall/VPN server.
> >
> > Aside from the above problems everything works like a charm. The
> > web/mail server (behind the firewall) is accessible through ordinary
> > access over the Internet. Similarly, the Internet is accessible from
> > every machine behind the firewall (I'm using packet filter NAT).
> >
> > My first thought was: Check, double check and then triple check
> > pf.conf, in case the firewall is accidentally blocking traffic. But
> > the problem persists even if i add "pass in quick all" and "pass out
> > quick all" as the first filtering lines in pf.conf. So I'm assuming
> > that the firewall is innocent...
> >
> > Which leads me to suspect routing to be my cause of grief. Which gives
> > me the shivers, since I'm by far no qualified system administrator. ;)
> >
> > Output from "route show" yields (my external IP shown as
> > <A>.<B>.<C>.<D>):
> >
> > Internet:
> > Destination Gateway Flags
> > default <A>.<B>.<C>.<D> UG
> > <A>.<B>.<C>.<D-2> link#2 U
> > <A>.<B>.<C>.<D-1> <a MAC address> UH
> > localhost localhost UG
> > localhost localhost UH
> > 192.168.0.0 link#1 U
> > gate localhost UGH
> > euclid <a MAC address> UH
> > galileo <a MAC address> UH
> > 192.168.0.145 <a MAC address> UH
> > BASE-ADDRESS.MCA localhost U
> >
> > Line 3 is my ISP's gateway for my external nic, with last IP byte a
> > value of 1 less than on my IP. Knowing less than little of the inner
> > workings of routing, I'm still a little surprised by line 2 where the
> > last of the four IP bytes is 2 less than on my external nic. This
> > being link#2 and all...
> >
> > From my XP client (at 192.168.0.145) I'm able to tracert machines
> > behind the firewall to my firewall/VPN server at 192.168.0.1, but no
> > further.
> >
> > Anyone have any idea what I'm up against? Is there some setting in the
> > PoPToP or PPP config files reagrding routing? Or is this perhaps noe a
> > routing problem at all? How can I figure out if it is?
> >
> > All suggestions appriciated :)
> >
> > - 4rch3v15
>
>

• Next message: Dave Uhring: "Re: OpenBSD stole code from SCO (for real!)"
• Previous message: lysol: "OpenBSD stole code from SCO (for real!)"
• In reply to: Archevis: "Re: PoPToP and... routing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint