Pptp Vpn

Printable View

07-11-2003, 12:16 PM
Raz316

Pptp Vpn

Mornin :)

Anyone upto scratch wtih PPTP VPN connections? If so, any idea why I would be able to connect to the server, ping the server, and its internal IP address, but not be able to ping any of the remote network machines?

The only suggestion I have found so far, is make sure the clients lan is a different IP range to the server's lan, which it is, but no luck.

Any clues? thanks!
07-11-2003, 12:28 PM
Moby-Dick

you'll need to make sure that remote subnet and local subnets dont clash ie if you use 192.168.0.x , make the remote one 10.0.0.x

what are you hosting the vpn with ?
07-11-2003, 12:30 PM
Jiff Lemon

the remote machines sat in the same subnet?

/edit: bah! Beaten to it by Moby
07-11-2003, 12:32 PM
Raz316

sorry, you two, that is what I meant about the IP ranges, they are different
07-11-2003, 01:11 PM
Moby-Dick

ok , you can ping the VPn host machine , but no further......

you might need to add a statis route from a command prompt
something like route add <remote ip range and subnet > gateway < remote vpn host ip > etc
07-11-2003, 01:19 PM
Raz316

Thanks for the replies. :)

Yeah, already got that :/ im pretty certain it has to be a server routing issue, but I cannot think where else to look expect the routing table.
07-11-2003, 01:23 PM
Moby-Dick

are you hosting it on a windows 2000 server ?
07-11-2003, 01:27 PM
Raz316

Client (windows 98)

Dialup ISP FreeUK

T'internet

Aramiska Arc (like a cable modem, set to bridge pptp traffic)

SME Server 6.0b3 - PPTP Server

Local Area Network including a windows 2000 server

Tis like that, using SME for the PPTP server because it is more efficient than the windows 2000 one. However, thats an idea, i'll try the windows 2000 server again :)
07-11-2003, 01:29 PM
Moby-Dick

m'afraid I dont know much about the SME server. Perhaps its doing some dodgy routing :)

make sure you have a DHCP relay agent on the VPN server and assign your VPN ip's that way , should help forward WINS/DNS requests too.
07-11-2003, 06:31 PM
ingouk

can you login to the sme server and do a route -n ? or /sbin/route -n? that output might be helpful.

ingo
07-11-2003, 08:39 PM
Raz316

not at the mo ingo, but im pretty sure it is right, its been the place I have been mucking around with the most because I cannot think of anywhere else that would stop it.
11-11-2003, 05:16 PM
c0w

it's all to do with ROUTES mate,

quick test,

see one of the boxes you can ping, check if you can connect to one of the services it's running, ftp, ssh, http etc.

now 9/10 times u ping a box and it will reply, even if the route are not properly setup,

i woulda advice that you sit down draw a diagram of how you are working connecting from the dailup end to work and vice versa this will give you an idea of the routes, they DO NOT have to be on the same subnet only the the default gateway to work need to know where to go (since the dialup end it working), so that when your sending things from work it automatically works its way to the default gw, then from there it's passed onto what ever type of kit your using to send to the dialup user,

c0w
14-11-2003, 11:41 PM
ingouk

is the sme server ur default gateway on the network? or another pc or router?
If it isnt ur default gateway, you get problems pinging the other machines, cause they wont know that they have to reply to ur sme server. they will send all answers to the default gateway.
had the same today while connecting 3 different networks via vpns. after playing around with routing tables for a few hours and drawing some network diagrams i finally managed it.
Could u somehow let us know what ur network looks like? which is the default gateway, etc? That way we might eb able to help u a bit more.
15-11-2003, 12:03 AM
Raz316

Heya, and sorry C0w, i didnt realise you replied!

Got it working in the end, it was routing, I had to route the internal addresses I was after, through the external device, still not sure why, but it seems to work (which takes the p1$$ in a way ;))

Thanks to everyone who replied!