Hulver's site || Mind the Gap

Diaries
Everything
Who's Online?
FAQ / Help

linux networking

By theantix (Sun Jan 21, 2007 at 04:41:12 PM EST) (all tags)

Anyone here have some expertise in the world of linux networking? I'm having a hell of a time connecting to my work VPN using PPTP. Fun times with "route" ahead.

Update [2007-1-21 18:7:21 by theantix]: ni, ruler of the known universe, solved this problem for me. Did I mention he rules?

There are three ways that I know of to connect to a PPTP VPN from linux. One is using the pptp-linux programs manually, another is to use pptpconfig gui, and the other is to use the NetworkManger pptp plugin. I've had no luck with any of these, though with all three I've got most of the way there.

Before I connect to anything, I do a route:

ryan@homet0p:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 1.2.3.4 * 255.255.255.252 U 0 0 0 eth1 default 1-2-3-4.tuk 0.0.0.0 UG 0 0 0 eth1

I then connect to the work VPN via any of the three methods listed above. route now looks like this:

ryan@homet0p:~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface vpn2.domain 1-2-3-4.tuk 255.255.255.255 UGH 0 0 0 eth1 1.2.3.4 * 255.255.255.252 U 0 0 0 eth1 10.0.0.0 * 255.255.255.0 U 0 0 0 ppp0 default 1-2-3-4.tuk 0.0.0.0 UG 0 0 0 eth1

Now comes the fun part where I try to ping something inside the work intranet.

ryan@homet0p:~$ ping 1.2.3.4 PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data. From 1.2.3.4 icmp_seq=1 Destination Net Unreachable

ryan@homet0p:~$ ping 1.2.3.4 -I ppp0 PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 ppp0: 56(84) bytes of data. 64 bytes from 1.2.3.4: icmp_seq=1 ttl=59 time=86.7 ms

As you see from that example, I'm connected just fine to the VPN because when I specify the ppp0 interface I can ping just fine. Only when I leave out the interface specification am I unable to reach anything.

I think it has to do with the route specification, because the "From 1.2.3.4" in the failed example is somewhere in my ISP's network. I feel like I'm 99% of the way there, but I don't know enough about the route command to get to the finish line. I've tried adding a gateway to the 10.0.0.0 route, and messed around with the route default -- both with no success at all.

Any tips, advice, pointers... thanks!

< South West Trains | BBC White season: 'Rivers of Blood' >

Login

Related Links

- theantix's Diary

Google

Comment Controls

linux networking | 13 comments (13 topical, 0 hidden) | Trackback

YOUR POST IS BROADCASTING AN IP ADDRESS by joh3n (4.00 / 2) #1 Sun Jan 21, 2007 at 05:08:08 PM EST

(if only I could make this comment a pop-up ad that blinked)

----
I am a crime against humanity
-theantix

just what we need ... by BlueOregon (4.00 / 2) #2 Sun Jan 21, 2007 at 05:13:28 PM EST

... a pop-up j3

_
"The german quoting guy is a little bit out there." (fleece)
[ Parent ]

: I thought he did? by mrgoat (2.00 / 0) #11 Mon Jan 22, 2007 at 04:19:03 PM EST

Years pass, things change, you end up living in Kansas. But the bag of dicks never leaves your side... - blixco
--top hat--
[ Parent ]

... by theantix (4.00 / 2) #3 Sun Jan 21, 2007 at 05:14:02 PM EST

____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]

: Someone has waaaay too much free time [n/t] by Zoomzoom (2.00 / 0) #10 Mon Jan 22, 2007 at 08:52:14 AM EST

Not Timewasting

[ Parent ]

Netmask by ni (2.00 / 0) #4 Sun Jan 21, 2007 at 05:43:59 PM EST

It doesn't seem like the netmask on your 10.0.0.0 entry is right. Try changing it to 255.0.0.0.

256: What are you searching for? mx: Kaola penis. 256: Why aren't you using image search?

: I love you by theantix (2.00 / 0) #5 Sun Jan 21, 2007 at 06:06:42 PM EST

That totally worked, and now my traceroute paths for non 10.* address go locally while my 10.* go where they should.
On a scale from 1 to 10, you totally frigging rule.
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]

I see your problem by ucblockhead (2.00 / 0) #6 Sun Jan 21, 2007 at 11:30:38 PM EST

1.2.3.4 is a reserved IP.
----
_{ウセーバラケダ}

heh by theantix (2.00 / 0) #7 Mon Jan 22, 2007 at 12:25:51 AM EST

I used real ones until ni solved my problem, since they were potentially relevant to debugging.
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]

I was thinking to myself by MillMan (2.00 / 0) #8 Mon Jan 22, 2007 at 01:22:05 AM EST

what kind of omnipresent power does ni have where he can discern the actual IPs without you including them?

When I'm imprisoned as an enemy combatant, will you blog about it?
[ Parent ]

: Actually by theantix (2.00 / 0) #9 Mon Jan 22, 2007 at 03:00:42 AM EST

Given that the problem was with a faulty netmask, his correct solution would have worked even if I had provided fake IP addresses. Meh, at least I was right about being 90% of the way there... my networking skills are vastly superior to where they were just a few years ago. Obviously still not quite good enough though!
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]

i don't know shit by BuggEye (2.00 / 0) #12 Mon Jan 22, 2007 at 09:28:21 PM EST

but wanted to say hello.

so, hello.

: it's my fault, really by theantix (2.00 / 0) #13 Mon Jan 22, 2007 at 11:57:19 PM EST

I should have asked for help designing a .NET ASP microsoft thingie!
____________________________________
I'm sorry, but your facts disagree with my opinion.
[ Parent ]

linux networking | 13 comments (13 topical, 0 hidden) | Trackback