Re: pptp Routing will nicht -> ZUSATZ

[Denny Schierz <linuxmail@4lin.net>]

hi,

bevor jemand fragt ;-) habe ich mal die Mail eingefügt, die ich an die
englishe pptp Mailingliste gesendet habe. System ist übrigens Woody mit
Kernel 2.4.20


#################################################
On Tue, 2003-04-29 at 11:17, Denny Schierz wrote:


Target Network 192.168.25.0/24

VPNClient get   192.168.25.124 
VPNServer get   192.168.25.100
VPNServer local ip 192.168.25.2

Route Table VPN Client:

C:\>route print
========================================================================
===
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 48 54 55 3c 59 ...... NDIS 5.0 driver

0x4000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
========================================================================
===
========================================================================
===
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway   Schnittstelle
Anzahl
          0.0.0.0          0.0.0.0      192.168.3.1    192.168.3.30
2
          0.0.0.0          0.0.0.0   192.168.25.124  192.168.25.124
1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
      192.168.3.0    255.255.255.0     192.168.3.30    192.168.3.30
1
     192.168.3.30  255.255.255.255        127.0.0.1       127.0.0.1
1
    192.168.3.255  255.255.255.255     192.168.3.30    192.168.3.30
1
   192.168.25.124  255.255.255.255        127.0.0.1       127.0.0.1
1
   192.168.25.255  255.255.255.255   192.168.25.124  192.168.25.124
1
   217.228.155.57  255.255.255.255      192.168.3.1    192.168.3.30
1
        224.0.0.0        224.0.0.0     192.168.3.30    192.168.3.30
1
        224.0.0.0        224.0.0.0   192.168.25.124  192.168.25.124
1
  255.255.255.255  255.255.255.255     192.168.3.30    192.168.3.30
1
Standardgateway:    192.168.25.124
========================================================================
===
Ständige Routen:
  Keine

Route Table VPN SVR:

router:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
217.5.98.93     0.0.0.0         255.255.255.255 UH    0      0        0
ppp0
192.168.25.124  0.0.0.0         255.255.255.255 UH    0      0        0
ppp1
192.168.25.0    0.0.0.0         255.255.255.0   U     0      0        0
eth1
0.0.0.0         217.5.98.93     0.0.0.0         UG    0      0        0
ppp0


The VPN Client can't ping the VPN SVR and other clients in the target
network.
IP-Forwarding is active: 
(and the VPN SVR can't ping the VPN Client)

router:~# cat /proc/sys/net/ipv4/ip_forward
1

My firewall rules:

IPTABLES="/sbin/iptables"

/sbin/iptables -t nat -A PREROUTING -i ppp0 -p TCP --sport 1024:65535
--dport 1723 -j ACCEPT
/sbin/iptables -t nat -A OUTPUT -o ppp0 -p 47 -j ACCEPT
/sbin/iptables -A OUTPUT -o ppp0 -p 47 -j ACCEPT
/sbin/iptables -A INPUT  -i ppp0 -p 47 -j ACCEPT
/sbin/iptables -A INPUT  -i ppp+ -s 192.168.25.0 -d 192.168.25.0 -j
ACCEPT
/sbin/iptables -A OUTPUT -o ppp+ -s 192.168.25.0 -d 192.168.25.0 -j
ACCEPT
/sbin/iptables -A FORWARD -i ppp+ -o ppp0 -p 47 -s 192.168.25.0 -d
192.168.25.0 -j ACCEPT
/sbin/iptables -A FORWARD -o ppp+ -i ppp0 -p 47 -s 192.168.25.0 -d
192.168.25.0 -j ACCEPT
#Rules to allow surfing
/sbin/iptables -A FORWARD -i ppp+ -o ppp0 -s 192.168.25.0 -j ACCEPT
/sbin/iptables -A FORWARD -o ppp+ -i ppp0 -d 192.168.25.0 -j ACCEPT

# man kann auch -s/d 192.168.25.0/24 schreiben, hat aber den selben
Erfolg


If i tried to ping from the client, i saw in iptraf, that the ping is
there (icmp requests on ppp1), but there are no icmp replys, and i don't
know why.

router:~# cat /etc/ppp/pptp.options
name *
lock
mtu 1490
mru 1490
noauth
proxyarp
+chap
+chapms-v2
#mppe-40
mppe-128
mppe-stateless
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
ms-wins 192.168.25.1
ms-dns 192.168.25.1

####################################################################

Attachment: signature.asc
Description: This is a digitally signed message part