Re: Still VPN routing problems

From: Dan Williams <dcbw redhat com>
To: Rick Jones <rick activeservice co uk>
Cc: networkmanager-list gnome org
Subject: Re: Still VPN routing problems
Date: Tue, 09 Dec 2008 13:58:56 -0500
On Wed, 2008-11-26 at 20:18 +0000, Rick Jones wrote:
> I posted a while back about routing problems when using a VPN over
> mobile broadband. I've just been trying the most recent builds on
> launchpad (two of them), and the routing setup has changed, but it's
> still not quite right.
> 
> Both builds do the same thing - here are the routes for the PPP
> connection, and then PPTP over PPP.
> 
> PPP only:
> Destination     Gateway         Genmask         Flags Metric
> Ref    Use Iface
> 10.37.79.0      0.0.0.0         255.255.255.255
> UH    0      0        0 ppp0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 ppp0
> 0.0.0.0         10.37.79.0      0.0.0.0         UG    0      0        0 ppp0
> 
> PPTP over PPP
> Destination     Gateway         Genmask         Flags Metric
> Ref    Use Iface
> 192.168.7.128   10.37.69.0      255.255.255.255
> UGH   0      0        0 ppp0
> 10.37.69.0      0.0.0.0         255.255.255.255
> UH    0      0        0 ppp0
> 82.153.174.82   10.37.69.0      255.255.255.255
> UGH   0      0        0 ppp0
> 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp1
> 
> 10.37.79.0 is the PPP peer for the session, 82.153.174.82 is the
> public address of the VPN host, and 192.168.7.128 is its internal
> address within the VPN. The 3rd route entry above in PPTP mode was
> previously missing (provides the route for PPTP to send its packets to
> the server), so this is good.
> 
> However, the first entry is wrong, and should not be there. The
> address 192.168.7.128 only exists within the VPN, so can't possibly be
> routed over the PPP gateway. With this route present, the VPN won't
> work, but if this route is deleted after the VPN is established, all
> hosts on the VPN can be contacted as expected.

I can't see where the pptp plugin even cares about internal vs. external
gateways.  Can you grab some log output from NM when it brings up the
VPN?  It'll look something like this:

NetworkManager: <info>  VPN connection 'My VPN' (IP Config Get) reply received. 
NetworkManager: <info>  VPN Gateway: 1.1.1.1 
NetworkManager: <info>  Tunnel Device: tun0 
NetworkManager: <info>  Internal IP4 Address: 10.0.0.2
NetworkManager: <info>  Internal IP4 Prefix: 23 
NetworkManager: <info>  Internal IP4 Point-to-Point Address: 10.0.0.2
NetworkManager: <info>  Maximum Segment Size (MSS): 0 
NetworkManager: <info>  Static Route: 10.0.0.0/8   Next Hop: 10.0.0.0 
NetworkManager: <info>  Static Route: 172.16.0.0/17   Next Hop: 172.16.0.0 
NetworkManager: <info>  Static Route: 192.168.0.0/17   Next Hop: 192.168.0.0 
NetworkManager: <info>  Internal IP4 DNS: 10.0.0.1
NetworkManager: <info>  DNS Domain: '(none)' 

Does your route dump mean that the local PTP address for 'ppp1' is
192.168.7.128 and the remote PTP address is 10.37.79.0?

'ifconfig ppp1' might help here too.

Dan
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]