[plug] Routing problem with PPTP VPN

Jeremy Malcolm Jeremy at Malcolm.wattle.id.au
Sun Feb 10 12:17:41 WST 2002 

Various people wrote:
> 
> You need to change the netmask on 192.168.0.0 to a class B then it should
> work.

Except that, on another network I've set up, it works fine as-is.  This is the
one that works:

Destination     Gateway         Genmask         Flags Iface
reception.priva *               255.255.255.255 UH    ppp1
akira.apana.org *               255.255.255.255 UH    ppp0
192.168.1.0     *               255.255.255.0   U     eth0
192.168.0.0     reception.priva 255.255.255.0   UG    ppp1
default         akira.apana.org 0.0.0.0         UG    ppp0

This is the one that doesn't work:

Destination     Gateway         Genmask         Flags Iface
192.168.0.1     *               255.255.255.255 UH    ppp1
terminus.net.au *               255.255.255.255 UH    ppp0
192.168.1.0     *               255.255.255.0   U     eth0
192.168.0.0     192.168.0.1     255.255.255.0   UG    ppp1
default         terminus.net.au 0.0.0.0         UG    ppp0

Identical.  Also, kernel versions are 2.2 series on all networks.

It *is* a supported configuration to use the remote internal LAN's network as
the PPTP VPN network, because that is most commonly what you want to do - to
"hook" the VPN into the remote wired network, rather than creating a third
independent network for the VPN.  It's documented that you can do it that way.

> You need to change you ppp1 device IP's to it own network, you can't
> route over an existing broadcast address, well you could but it will
> be a one way afair.
> This looks like Perth's route table? yes?
> If it is where is the route for 192.168.0.40 --> space....so your
> traffic disappears.

If you were right though then Perth gateway couldn't ping Kalgoorlie at all.  It
can.  It is only the rest of Perth's (masqueraded) network that can't ping
Kalgoorlie.

> Windows in particular gets confused if you have (for example) some of
> 192.168.0.* on a LAN and other parts non-local because it tries to
> take short-cuts and gets it wrong. 

Windows doesn't know about 192.168.0.*.  Windows just knows that its local
network is 192.168.1.0 and that its default gateway is 192.168.1.40 (which is
the same as 192.168.0.40, but Windows doesn't know that).  So AFAIK Windows
should be thinking "hmm, I'm being asked to ping 192.168.0.1, well that's
certainly not on my local network, so I'll just shove it down my default gateway
and see what happens".  The default gateway should be thinking "hmm, I'm being
asked to deliver a ping packet to 192.168.0.1.  Yup, I can do that.  Let me
masquerade it first and then shove it down my ppp1 link."

> A couple of questions, can the gateway machine ping all the kalgoolie
> machines or just the single machine at kalgoolie? I am assuming you 
> have network at kalgoolie. 

Yes it can ping all the Kalgoorlie machines.

> You need to change the netmask on 192.168.0.0 to a class B then it
> should work.

Er, that would overlap with the (separate) 192.168.1.0 network though, no?

Thanks for the various tips so far, it makes things more difficult that Perth
only have one Linux machine on the network so that I have to wait until there
are people there on Monday to do pings and traceroutes for me for testing! 
Meanwhile any additional ideas are appreciated.

-- 
JEREMY MALCOLM <Jeremy at Malcolm.wattle.id.au> http://malcolm.wattle.id.au
Providing online networks of Australian lawyers (http://www.ilaw.com.au)
and Linux experts (http://www.linuxconsultants.com.au) for instant help!
Disclaimer: http://www.terminus.net.au/disclaimer.html. GPG key: finger.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2071 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020210/1d0031da/attachment.bin>

More information about the plug mailing list