Re: Strange VPN problems

From: Dan Williams <dcbw redhat com>
To: Rick Jones <rick activeservice co uk>
Cc: networkmanager-list gnome org
Subject: Re: Strange VPN problems
Date: Thu, 06 Nov 2008 16:38:48 -0500

On Thu, 2008-11-06 at 18:24 +0000, Rick Jones wrote:
> --On Thursday, November 06, 2008 16:49:29 +0000 Rick Jones
> <rick activeservice co uk> wrote:
> 
> ¦ I take your point. In fact for my purpose I should really have a
> gateway route just to 192.168.7.* via the VPN server. Can this kind of
> routing policy be configured in NM?
> ¦ 
> ¦ However, there's still a strange problem with these routes. If the
> default route to the MB gateway on ppp0 is not present, then nothing
> will go over the VPN on ppp1, not even the echo packets. Successful
> echo depends _only_ on the existence of this route. Other
> communication over the VPN depends on both this _and_ an explicit
> route to the VPN server on ppp1.
> ¦ 
> ¦ I've tried all kinds of route permutations, and it won't work if the
> original MB default route is not there. It doesn't seem to make a lot
> of sense, but that's what's happening. Maybe you can figure it out?
> 
> Cracked it!
> 
> There must be at minimum a gateway route to the VPN host via ppp0,
> since pptp is using that to carry the VPN packets. By adding just that
> route, everything then works. The routing table ends up as:
> 
> 82.153.174.82   10.44.200.0     255.255.255.255
> UGH   0      0        0 ppp0
> 10.44.200.0     0.0.0.0         255.255.255.255
> UH    0      0        0 ppp0
> 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp1
> 
> The first line is the route I manually added. 82.153.174.82 is the
> public address of my server, 10.44.200.0 is the MB gateway for the
> current session. If the original default route via the MB gateway is
> removed, then it must be replaced by this.

This is how it should already work with recent VPN and PPTP fixes; I
fixed a few PPTP things the other day.  If it doesn't do this with
latest SVN then it's a bug.

> It would be nice to be able to set a policy of which addresses go via
> the VPN, but it's not critical so long as this routing fix is made.

You do this from the Routes dialog in the IPv4 tab of the connection
editor

Dan

Follow-Ups:
- Re: Strange VPN problems
  - From: Rick Jones

References:
- Re: Strange VPN problems
  - From: Rick Jones
- Re: Strange VPN problems
  - From: Rick Jones

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]