Can connect but cannot access any hosts inside the vpn
Rick Sewill
rsewill at cableone.net
Wed Jan 24 21:30:46 UTC 2007
On Wed, 2007-01-24 at 12:20 -0700, Kevin Kempter wrote:
> Hi LIst;
>
> I have a vpn connection setup (via linux PPTP client) and I can connect.
> However once connected I cannot ping, telnet, ssh, etc to any hosts in the
> remote vpn network.
>
I cannot give a specific answer. I have several, separate guesses:
1) When you say, you can connect, is the connection fully up?
PPTP encapsulates the ppp protocol inside something called GRE
packets. PPTP was defined by Microsoft. I am asking if the
ppp protocol successfully negotiated IP.
One way to find out is to see if certain IP things are set up.
Is an interface created? Are entries added to the routing table?
Please do the following for interfaces: ifconfig
Please do the following for the routing table: netstat -rn
Can you ping the IP address of the remote ppp link.
I think the remote IP address should show up in the routing table.
If you can ping the remote ppp link, IP is negotiated.
2) Is a route being added to the routing table for the network on the
other side of the PPTP VPN tunnel?
You might get the IP address of the remote ppp link added.
You will need to have the remote network added to your routing table
to ping any other IP addresses in the remote network.
Any of the following commands should show the routing table:
netstat -rn
route
ip route show
You may have to add a network route to the routing table.
More than one command can do it...
ip route add ...
route add ...
3) When you try to ping, telnet, ssh, etc through the VPN tunnel,
is the source IP address, in the packet correct?
Devices on the remote end need a way to get a reply packet back.
You might run wireshark (new name for ethereal) to examine
packets you send to the other side.
The person who controls the remote network might expect the
source IP address to be the one assigned to your end of the
ppp link or he might expect you to use a specific subnet he
assigned.
A "good" guess is to assume you can use the IP address assigned
to your end of the PPP link, but this is not always the case.
Whatever the person who controls the remote network expects,
you must do.
4) Is the peer PPTP VPN, perhaps setting firewall rules to
control access?
A security person might set firewall rules to control what
a VPN client IP address can and cannot access. They will
try to restrict a VPN client to a demilitarized zone and
not let the VPN client access the internal LAN.
You may need to ask the person who administers the remote network.
In summary,
1) Is IP actually up?
2) Do you have a route in your routing table to the remote network?
3) Does the remote network have a route back to the IP address you use?
4) Are there firewall rules on the remote side blocking you?
> Can anyone help me debug this?
>
> Thanks in advance
>
More information about the fedora-list
mailing list