Re: Strange VPN problems

[Rick Jones <rick activeservice co uk>]

--On Thursday, November 06, 2008 16:49:29 +0000 Rick Jones <rick activeservice co uk> wrote:

¦ I take your point. In fact for my purpose I should really have a gateway route just to 192.168.7.* via the VPN server. Can this kind of routing policy be configured in NM?
¦ 
¦ However, there's still a strange problem with these routes. If the default route to the MB gateway on ppp0 is not present, then nothing will go over the VPN on ppp1, not even the echo packets. Successful echo depends _only_ on the existence of this route. Other communication over the VPN depends on both this _and_ an explicit route to the VPN server on ppp1.
¦ 
¦ I've tried all kinds of route permutations, and it won't work if the original MB default route is not there. It doesn't seem to make a lot of sense, but that's what's happening. Maybe you can figure it out?

Cracked it!

There must be at minimum a gateway route to the VPN host via ppp0, since pptp is using that to carry the VPN packets. By adding just that route, everything then works. The routing table ends up as:

82.153.174.82   10.44.200.0     255.255.255.255 UGH   0      0        0 ppp0
10.44.200.0     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp1

The first line is the route I manually added. 82.153.174.82 is the public address of my server, 10.44.200.0 is the MB gateway for the current session. If the original default route via the MB gateway is removed, then it must be replaced by this.

It would be nice to be able to set a policy of which addresses go via the VPN, but it's not critical so long as this routing fix is made.

(I'm sending this email logged into my IMAP server via VPN over MB, just to prove to myself it can be done!)

-- 
Cheers
Rick