Linode.com Forum

[mdavid8421]

I have installed pptpd on debian and configured it. For both the remote as well as the localips I used the same IPs 67.18.187.102 (my server's IP). I can connect from my Windows XP laptop fine to the PPTP server. However, I cannot access any site after that. Nothing at all.

I have set the DNS and IP address settings for the PPTP connection in XP to automatic. What am I doing wrong here? Some guidance will be very helpful.

XP is taking the gateway as my server's ip (67.18.187.102) when it should take the server's gateway, no . Please help.
-------------------------------------------------------------------------------------
http://www.technichristian.net/intro/pptpd-options

[anderiv]

Hello there...I can't speak specifically to your PPTP question, but I thought I'd throw this into the pot. It sounds like you're perhaps just looking for a way to have a secure proxy through which you can browse the web? If this is incorrect, my apologies, but if it *is* correct, a much easier solution is to just use a dynamic ssh tunnel back to your linode. That doesn't involve any of the complicated VPN stuff.

-erik

[Internat]

XP's gateway should be your servers address, however you just need to add the iptables rules to your allow it to route from whatever ip you are to your gateway..

I dont have my examples with me but i can get them for you after on how i set mine up.
_________________
ServerAdmin - www.our-lan.com
"Diplomacy is the art of saying nice doggy whilst looking for a really big stick"
"In my experiece, any attempt to make any system idiot proof will only challenge God to make a better idiot"

[nabber00]

I did that setup a while ago, I can't really remember the details now, but here it goes:

First of all it looks like you need to set your ms-dns options to the same DNS servers your linode is using. The DNS servers your Windows XP is using my not be accessible from outside of your network (which is what would happen when you bring up the tunnel).

Make sure IP Forwarding is enabled.

I don't think I ever got it working where remoteip and localip are the same value, it causes routing issues. I think you are best off using a private IP address range for localip. On my system these values are in the file /etc/pptpd.conf. And then I think you need to setup iptables to NAT that. See "ROUTING CHECKLIST - MASQUERADE" in man pptpd.conf.

Does your PPTP connection timeout after a few minutes or continue to stay up? If it times out you may need to allow PPTP traffic through iptables if you haven't already. (GRE protocol 47)

Any log info from the linux side? Can you post what you are getting on the windows client side? "ipconfig /all"

[mdavid8421]

Try as I might, I could not get PPTP to work.

Erik's solution works well.

What I have done is to install Squid on the server and then use putty to open a tunnel into the server and then onto squid like this:

"C:\Program Files\PuTTY\putty.exe" -ssh -L 8080:xxx:8080 -l yyy -i "C:\Program Files\PuTTY\private-key.ppk" -2 -4 -N -a xxx

where xxx is the server's IP and yyy is the SSH acct name on the server.

It all works now.

Thanks again.

[taewoo]

Hi everyone.

I have the same problem.
I actually followed this instruction set: http://forums.bit-tech.net/showthread.php?t=132029

For both local and remoteip, i used the IP of my slice. 64.62.190.xxx

I can connect via Windows XP VPN connection manager (authentication works fine). It says it's connected but I can't seem to get any traffic in or out of it.

Here are some symptoms:

1) my slice locks up (can't connect via SSH or HTTP)
2) the IP on the windows machine says:

IP: 144.198.182.10
Subnet: 255.255.255.255
Def. Gateway: 144.198.182.10

Any thoughts on this?

PS: The reason I am VPN'ing over proxy is b/c of windows app that has no proxy capability[/url]

[tinono]

hi there taewoo!

you seem confused about how pptpd really works, so i'll try to help you out a little.

You need to create a local network for your vpn clients to use. Using your linode's public IP for both localip and remoteip is never gonna work.

For instance, let's say your linode's ip 64.62.190.xxx

we need to choose a range of ip for the virtual network. let it be
10.60.60.0 for instance.

localip 10.60.60.1
remoteip 10.60.60.50-150

clients connecting to the vpn will recieve and ip in the 10.60.60.50-10.60.60.150 range.

you then need an iptables rules to masquerade this traffic (so they can actualy use the internet)

/sbin/iptables -t nat -A POSTROUTING -s 10.60.60.0/24 -o eth0 -j MASQUERADE

also make sure net.ipv4.ip_forward is set to 1 in /etc/sysctl.conf

that's all there is to it.

[taewoo]

Hi tinono.

Thanks for the reply.
I did EXACTLY as you said... and now my SSH console window doesn't freeze up.

Though.. I still can't seem to get data in and out of this PPTP connection when using XP as client. When I do "ipconfig /all", i get this for the PPTP conncetion:

DHCP Enabled: no
IP: 10.60.60.50
Subnet: 255.255.255.255
Gateway: 10.60.60.50

Is this incorrect? gateway = ip..?

[tinono]

ip = gateway
netmask = 255.255.255.255

Looks strange, but that's indeed how it's supposed to be. Your connection to the vpn server is all good.

Now about your inability to get data in or out of this, I must say it's pretty hard to guess what may be wrong.

Are you absolutely positive that the iptables command was run? What is the output of '/sbin/iptables -t nat -L -n' ? Also make sure IP forwarding is enabled. Check it with 'cat /proc/sys/net/ipv4/ip_forward'.

Hope it helps...

[taewoo]

Thanks as always, Tinono:


=================================
output of "/sbin/iptables -t nat -L -n"
=================================

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.60.60.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


=================================
output of "cat /proc/sys/net/ipv4/ip_forward"
=================================

1




I've restarted the pptpd server with " /etc/init.d/pptpd restart". Do I need to do any service restarting for IP forward?

[tinono]

After you've established the vpn connection, can you try pinging a few hosts? for instance 10.60.60.1, 67.18.186.61 and www.linode.com

[taewoo]

Hey Tinono.
Turns out it was the corporate network i was in. At home, it was working just fine and dandy.

Thanks a bunch! You're the man!

[taewoo]

Actually Tinono...
is there a way to make this work with additional IP? I recently added it to my slice and would like to have a "second" VPN service using this IP...

Meaning my client would connect via the second IP i purchased.. the client receives a different "localip" (i.e. with different range) and his outbound IP would be that of the newly bought IP.

[Outlet]

Hello,

I'm having problems with poptop (pptpd) also. I followed all of the configuration steps, and am still having problems.

The connections are failing, and I get the following in my /var/log/debug


Dec 9 08:18:33 o-linode pptpd[1234]: CTRL: Reaping child PPP[1235]

There are no other debug messages, that is the only message I get whenever I try to connect.

Thanks!