PPTP

[Craig Graham]

I have installed PPTP-Linux from pptp-linux-1.3.1-1mdk onto my Mandrake9.2
box and can establish a link to the office server, running Win2003. All
machines at home and office can see the Linux box, but they cannot see each
other. The office machines have addresses on 192.168.0.x, and the home
machines have addresses on 10.1.1.x. On establishing the tunnel, the Linux
box adds a route to all 192.168.0.x via the tunnel and can then ping all
those addresses.

Perhaps significantly, the Linux box can ping all the work addresses-
including all the different addresses of the server- but the Win server is
unable to ping any 10.1.1.x address, not even 10.1.1.1 which is the Linux
box. The server can only ping the 192.168 address that is the endpoint of
the tunnel.

My suspicion is that the problem lies at the Windows end. I've tried using
the various GUI admin tools but they only list the physical ethernet
interface as an endpoint for any route. I've also tried adding the route
manually from the commandline, specifying both the local and remote endpoint
addresses of the tunnel as the gateway, and although there are no errors I
can get neither case to work.

I had a similar problem last year when I did this in reverse; a pptp server
on Linux and pptp client on Windows. In that case, again, all the machines
on the same side of the tunnel as the pptp server could see the pptp client,
but none of the other machines on the client side could see any of the
server side machines. At that time I was told it was a limitation of the
Windows client.

Is there some fundamental limitation in pptp that means a tunnel is routable
from only one side? This doesn't make sense to me. On linux, I see a ppp
interface in both the linux client and linux server cases and would seem to
be able to route to the interface no problem. There is mention of using a
tunnel to join two LANs in the Linux pptp docs, and no mention there of
having to run a client and server on each machine and set up two parallel
tunnels. Is it again a Windows limitation and I should give up unless we get
a Linux box in the office to handle pptp? Or is there something else I can
do on the Windows box to get routing? Or something I can do to determine
which end of the tunnel the problem is at? Traceroute doesn't help

 

[jazz]

you will need either run a wins server they log into (see samba howto) or
manually populate an lmhosts file with the ip adresses and server names.
you might also be able to loginto a domain controler too if one is up and
running. things get a little tricky there but, with a little work it should
be possible.

 

[Craig Graham]

you will need either run a wins server they log into (see samba
howto) or manually populate an lmhosts file with the ip adresses and
server names. you might also be able to loginto a domain controler
too if one is up and running. things get a little tricky there but,
with a little work it should be possible.

I'm not quite sure what you mean, having always left WINS switched off.

At this stage I'm still at the level of pinging numeric IP addresses. No
Windows filesharing or authentication; if pings don't work then nothing else
will. As far as I'm aware, WINS and lmhosts are irrelevant when using
numeric addresses.

Thanks for replying though- nothing else has come through so far.

 

[jazz]

ok, i was a little confused to what your attempting to do here. after
re-reading the first post i saw that the linux pptp client was at home and
trying to conect to the office win2003 vpn server. if i'm reading it right
this time, you want to conect the 2 different networks together seamlessly.
first, the package you listed before is only the client package for
mandrake. this package will only conect the computer it is installed on.

you will need to install the server portion and configure that. as root try
urpmi poptop and install what is listed if it doesn't do it for you. (it may
also be urpmi pptpd ) look at poptop.org for some howto's on this subject.
you might need to write some routing rules for iptables but the poptop
config should take care of most of that.

you will probally still need to run a wins server for name translation once
the vpn network is established. also make sure that any firwall rules arent
blobking the conections to the vpn adapter for the services your needing to
use.