Print Story linux networking
Software
By theantix (Sun Jan 21, 2007 at 11:41:12 AM EST) (all tags)
Anyone here have some expertise in the world of linux networking?  I'm having a hell of a time connecting to my work VPN using PPTP.  Fun times with "route" ahead.

Update [2007-1-21 18:7:21 by theantix]: ni, ruler of the known universe, solved this problem for me. Did I mention he rules?



There are three ways that I know of to connect to a PPTP VPN from linux.  One is using the pptp-linux programs manually, another is to use pptpconfig gui, and the other is to use the NetworkManger pptp plugin.  I've had no luck with any of these, though with all three I've got most of the way there.

Before I connect to anything, I do a route:

ryan@homet0p:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
1.2.3.4     *               255.255.255.252 U     0      0        0 eth1
default         1-2-3-4.tuk 0.0.0.0         UG    0      0        0 eth1

I then connect to the work VPN via any of the three methods listed above.  route now looks like this:

ryan@homet0p:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
vpn2.domain     1-2-3-4.tuk 255.255.255.255 UGH   0      0        0 eth1
1.2.3.4     *               255.255.255.252 U     0      0        0 eth1
10.0.0.0        *               255.255.255.0   U     0      0        0 ppp0
default         1-2-3-4.tuk 0.0.0.0         UG    0      0        0 eth1

Now comes the fun part where I try to ping something inside the work intranet.

ryan@homet0p:~$ ping 1.2.3.4
PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data.
From 1.2.3.4 icmp_seq=1 Destination Net Unreachable

ryan@homet0p:~$ ping 1.2.3.4 -I ppp0
PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 ppp0: 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=59 time=86.7 ms

As you see from that example, I'm connected just fine to the VPN because when I specify the ppp0 interface I can ping just fine.  Only when I leave out the interface specification am I unable to reach anything.

I think it has to do with the route specification, because the "From 1.2.3.4" in the failed example is somewhere in my ISP's network.  I feel like I'm 99% of the way there, but I don't know enough about the route command to get to the finish line.  I've tried adding a gateway to the 10.0.0.0 route, and messed around with the route default -- both with no success at all.

Any tips, advice, pointers... thanks!

< South West Trains | BBC White season: 'Rivers of Blood' >
linux networking | 13 comments (13 topical, 0 hidden) | Trackback
YOUR POST IS BROADCASTING AN IP ADDRESS by joh3n (4.00 / 2) #1 Sun Jan 21, 2007 at 12:08:08 PM EST
(if only I could make this comment a pop-up ad that blinked)

----
I am a crime against humanity
-theantix

just what we need ... by BlueOregon (4.00 / 2) #2 Sun Jan 21, 2007 at 12:13:28 PM EST

... a pop-up j3

[ Parent ]
I thought he did? by mrgoat (2.00 / 0) #11 Mon Jan 22, 2007 at 11:19:03 AM EST


--top hat--
[ Parent ]
... by theantix (4.00 / 2) #3 Sun Jan 21, 2007 at 12:14:02 PM EST

____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]
Someone has waaaay too much free time [n/t] by Zoomzoom (2.00 / 0) #10 Mon Jan 22, 2007 at 03:52:14 AM EST
Not Timewasting

[ Parent ]
Netmask by ni (2.00 / 0) #4 Sun Jan 21, 2007 at 12:43:59 PM EST
It doesn't seem like the netmask on your 10.0.0.0 entry is right. Try changing it to 255.0.0.0.


256: What are you searching for? mx: Kaola penis. 256: Why aren't you using image search?
I love you by theantix (2.00 / 0) #5 Sun Jan 21, 2007 at 01:06:42 PM EST
That totally worked, and now my traceroute paths for non 10.* address go locally while my 10.* go where they should.

On a scale from 1 to 10, you totally frigging rule.
____________________________________
I'm sorry, but your facts disagree with my opinion.

[ Parent ]
I see your problem by ucblockhead (2.00 / 0) #6 Sun Jan 21, 2007 at 06:30:38 PM EST
1.2.3.4 is a reserved IP.
---
[ucblockhead is] useless and subhuman
heh by theantix (2.00 / 0) #7 Sun Jan 21, 2007 at 07:25:51 PM EST
I used real ones until ni solved my problem, since they were potentially relevant to debugging.
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]
I was thinking to myself by MillMan (2.00 / 0) #8 Sun Jan 21, 2007 at 08:22:05 PM EST
what kind of omnipresent power does ni have where he can discern the actual IPs without you including them?

When I'm imprisoned as an enemy combatant, will you blog about it?

[ Parent ]
Actually by theantix (2.00 / 0) #9 Sun Jan 21, 2007 at 10:00:42 PM EST
Given that the problem was with a faulty netmask, his correct solution would have worked even if I had provided fake IP addresses.  Meh, at least I was right about being 90% of the way there... my networking skills are vastly superior to where they were just a few years ago.  Obviously still not quite good enough though!
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]
i don't know shit by BuggEye (2.00 / 0) #12 Mon Jan 22, 2007 at 04:28:21 PM EST
but wanted to say hello.

so, hello.

it's my fault, really by theantix (2.00 / 0) #13 Mon Jan 22, 2007 at 06:57:19 PM EST
I should have asked for help designing a .NET ASP microsoft thingie!
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]
linux networking | 13 comments (13 topical, 0 hidden) | Trackback