# rooting help needed [SOLVED]

## daniel1988

VPN is established ok, but I still can't access the internet.

```
gentoo daniel1988 # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:05:5D:7B:BF:59  

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:349 errors:0 dropped:0 overruns:0 frame:0

          TX packets:303 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:57053 (55.7 Kb)  TX bytes:39212 (38.2 Kb)

          Interrupt:11 Base address:0xe000 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:8 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:400 (400.0 b)  TX bytes:400 (400.0 b)

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:195.252.xxx.xxx  P-t-P:192.168.201.1  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric

          RX packets:83 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:9821 (9.5 Kb)  TX bytes:68 (68.0 b)

wlan0     Link encap:Ethernet  HWaddr 00:40:F4:9E:0D:F3  

          inet addr:172.16.xxx.xxx  Bcast:172.16.xxx.255  Mask:255.255.192.0

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Met

          RX packets:264 errors:0 dropped:0 overruns:0 frame:0

          TX packets:361 errors:13 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:29841 (29.1 Kb)  TX bytes:28769 (28.0 Kb)

          Interrupt:10 Memory:e081a000-e081a100 

```

Note: eth0 gets static IP adresses, wlan0 gets dinamic IP addresses from dhcp server

```
gentoo daniel1988 # route -nv

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 wlan0

```

As you can see from above, default route is set to wlan0.

Current situation:  link (one photo, 1000 words  :Smile: )

If you need any information more, ask!

Best regards,

DanielLast edited by daniel1988 on Sun Aug 12, 2007 4:02 pm; edited 3 times in total

----------

## aqu

which computers dont have web access?

server or lan network stations?

----------

## daniel1988

Gentoo box & computers from my lan can't access the internet. Connecting Gentoo box is the problem. I think that this iptables rules should share the connection throught lan after the connection is established:

```
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding 

iptables -F; iptables -t nat -F; iptables -t mangle -F 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 

iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT 

iptables -A INPUT -p icmp -j ACCEPT 

iptables -P INPUT DROP
```

--Daniel

----------

## aqu

on iptables rules -o must be interface connected to router. but those packets dont have anything to do with this connection.

are you sure that connection between you and router is vpn? if its do so you should emerge openvpn and configure it ;]

----------

## daniel1988

I don't have a router, I have rtl8180 based wireless PCI card (named wlan0 in ifconfig). VPN connection between me and ISP is up and running (ppp0 in ifconfig). The only thing that remains to be done is that to change the gateway so all internet traffic goes throught VPN tunnel.

In other topic (here)  two members told me to use pptp and in other forum one member told me to use openvpn, so I decided to take pptp.

----------

## aqu

default gateaway should be given by dhcp. 

try 

```
# route
```

when do you try to ping or something did you get 

```
ping: unknown host
```

or

```
ping: Network not available
```

?

----------

## daniel1988

Yes, it's given by DHCP. I can ping ISP's homepage & vpn1.centurion.co.yu. I think that DNS server comes before authentication server because www.google.com gets translated into 66.249.85.104 .

```
$ ping www.google.com

PING www.l.google.com (66.249.85.104) 56(84) bytes of data. 

--- www.l.google.com ping statistics --- 

13 packets transmitted, 0 received, 100% packet loss, time 12009ms
```

But all packets are lost. This happens (dns name resolvation) even when ppp0 is down.

That's all I can access (with ppp0 down as well ad ppp0 up): ISP's homepage, vpn1.centurion.co.yu and dns server.

---------------------------------------------------------------------------------------

This is written on other forum:

(will continue later)

Edit to continue:

 *Quote:*   

> #/sbin/ip route add [ip_of_dns_server] via [ip_router] dev eth0 src [ip_of_your_lan_card]
> 
> #ip route replace default dev 'ppp0'

 

In my case, I don't have router and lan card to connect it, first line should be:

#/sbin/ip route add [ip_of_dns_server] dev wlan0 src [ip_of_your_lan_card]    <<<  the ip of my wlan0 card is dynamic... how to make a script for it later (if this will be proved to be true)   :Mad: 

second line should be ok...

And I tried:

```
ip route add 192.168.200.6 dev wlan0 src 172.16.0.18

ip route replace default dev 'ppp0'

# route -ve

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.201.1   *               255.255.255.255 UH        0 0          0 ppp0

192.168.200.6   *               255.255.255.255 UH        0 0          0 wlan0

192.168.0.0     *               255.255.255.0   U         0 0          0 eth0

172.16.0.0      *               255.255.192.0   U         0 0          0 wlan0

loopback        *               255.0.0.0       U         0 0          0 lo

default         *               0.0.0.0         U         0 0          0 ppp0
```

routing table changes, but I still can't access the internet & connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one)

```
......

rcvd [LCP EchoReq id=0x6 magic=0x12fe7047]

sent [LCP EchoRep id=0x6 magic=0xd272f0ec]

sent [LCP EchoReq id=0xa magic=0xd272f0ec]

rcvd [LCP EchoRep id=0xa magic=0x12fe7047]

rcvd [LCP EchoReq id=0x7 magic=0x12fe7047]

sent [LCP EchoRep id=0x7 magic=0xd272f0ec]

sent [LCP EchoReq id=0xb magic=0xd272f0ec]

rcvd [LCP EchoRep id=0xb magic=0x12fe7047]

sent [LCP EchoReq id=0xc magic=0xd272f0ec]

sent [LCP EchoReq id=0xd magic=0xd272f0ec]

sent [LCP EchoReq id=0xe magic=0xd272f0ec]

sent [LCP EchoReq id=0xf magic=0xd272f0ec]

sent [LCP EchoReq id=0x10 magic=0xd272f0ec]

sent [LCP EchoReq id=0x11 magic=0xd272f0ec]

Script pptp vpn1.centurion.co.yu --nolaunchpppd  finished (pid 25670), status = 0x0

Modem hangup

Script /etc/ppp/ip-down started (pid 26090)

Connection terminated.

Connect time 3.1 minutes.

```

Later, I tried a several more combinations... link, but with no success  :Sad: Last edited by daniel1988 on Sun Aug 27, 2006 7:49 pm; edited 1 time in total

----------

## aqu

maybe try

```
ping -I ppp0 google.com
```

----------

## daniel1988

```
$ ping -I ppp0 www.google.com

PING www.l.google.com (66.249.85.104) from 172.16.0.18 ppp0: 56(84) bytes of data.

--- www.l.google.com ping statistics ---

11 packets transmitted, 0 received, 100% packet loss, time 10000ms
```

& take a look two posts up, the post was edited.

--Daniel

----------

## ova

Daniel.

Before trying to setup routes try to ping the other side of your VPN connection.

 *Quote:*   

> ppp0      Link encap:Point-to-Point Protocol 
> 
>           inet addr:195.252.xxx.xxx  P-t-P:192.168.201.1  Mask:255.255.255.255 

 

In your case:

```
ping 192.168.201.1
```

If you can than you should check that your VPN server is in the subnet which is accessible without default route. Just do `host vpn1.centurion.co.yo` to determine IP address of vpn1.centurion.co.yo and look at your `route -n`. If IP address is not among explicit routes then your guess

 *Quote:*   

> connection breakes after ~30 sec (most probably it can't reach vpn1.centurion.co.yu because default gateway was changed & it can't use the new one) 

 

may be right. Then you should add route to that server. Use default route you received from dhcp as a next hope router for this route:

```

route add vpn1.centurion.co.yo gw 172.16.0.1

```

and only now you should

```
ip route replace default dev 'ppp0' 
```

If nothing works try from the very begining and drop you local LAN from consideration while you do not have internet access from your gentoo box.

----------

## daniel1988

```
# ping 192.168.201.1

PING 192.168.201.1 (192.168.201.1) 56(84) bytes of data.

64 bytes from 192.168.201.1: icmp_seq=1 ttl=64 time=38.9 ms

64 bytes from 192.168.201.1: icmp_seq=2 ttl=64 time=19.0 ms

64 bytes from 192.168.201.1: icmp_seq=3 ttl=64 time=56.0 ms

64 bytes from 192.168.201.1: icmp_seq=4 ttl=64 time=5.57 ms

64 bytes from 192.168.201.1: icmp_seq=5 ttl=64 time=7.62 ms

64 bytes from 192.168.201.1: icmp_seq=6 ttl=64 time=87.3 ms

64 bytes from 192.168.201.1: icmp_seq=7 ttl=64 time=105 ms

64 bytes from 192.168.201.1: icmp_seq=8 ttl=64 time=38.5 ms

64 bytes from 192.168.201.1: icmp_seq=9 ttl=64 time=5.08 ms

64 bytes from 192.168.201.1: icmp_seq=10 ttl=64 time=121 ms

64 bytes from 192.168.201.1: icmp_seq=11 ttl=64 time=13.3 ms

--- 192.168.201.1 ping statistics ---

11 packets transmitted, 11 received, 0% packet loss, time 10002ms

rtt min/avg/max/mdev = 5.085/45.343/121.800/40.199 ms

```

```
# host vpn1.centurion.co.yu

bash: host: command not found
```

The IP of vpn1.centurion.co.yu could be found while pinging it.

```
$ ping vpn1.centurion.co.yu

PING ns1.centurion.co.yu (192.168.200.6) 56(84) bytes of data.

64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=1 ttl=62 time=8.19 ms

64 bytes from ns1.centurion.co.yu (192.168.200.6): icmp_seq=2 ttl=62 time=129 ms

--- ns1.centurion.co.yu ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 999ms

rtt min/avg/max/mdev = 8.193/68.971/129.749/60.778 ms
```

```
# route add vpn1.centurion.co.yu gw 172.16.0.1

# ip route replace default dev 'ppp0'

# route -nv

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
```

```
$ ping www.google.com

PING www.l.google.com (72.14.221.99) 56(84) bytes of data.

64 bytes from 72.14.221.99: icmp_seq=1 ttl=238 time=61.0 ms

64 bytes from 72.14.221.99: icmp_seq=2 ttl=238 time=59.4 ms

64 bytes from 72.14.221.99: icmp_seq=3 ttl=238 time=78.3 ms

64 bytes from 72.14.221.99: icmp_seq=4 ttl=238 time=94.7 ms

64 bytes from 72.14.221.99: icmp_seq=5 ttl=238 time=319 ms

64 bytes from 72.14.221.99: icmp_seq=6 ttl=238 time=53.1 ms

64 bytes from 72.14.221.99: icmp_seq=7 ttl=238 time=62.3 ms

64 bytes from 72.14.221.99: icmp_seq=8 ttl=238 time=38.5 ms

64 bytes from 72.14.221.99: icmp_seq=9 ttl=238 time=54.9 ms

64 bytes from 72.14.221.99: icmp_seq=10 ttl=238 time=39.8 ms

64 bytes from 72.14.221.99: icmp_seq=11 ttl=238 time=54.2 ms

64 bytes from 72.14.221.99: icmp_seq=12 ttl=238 time=31.7 ms

64 bytes from 72.14.221.99: icmp_seq=13 ttl=238 time=38.0 ms

64 bytes from 72.14.221.99: icmp_seq=14 ttl=238 time=43.8 ms

--- www.l.google.com ping statistics ---

14 packets transmitted, 14 received, 0% packet loss, time 13005ms

rtt min/avg/max/mdev = 31.718/73.531/319.178/70.038 ms

```

Ping works!

But there is almost no traffic throught ppp0. Afet 5 mins:

ppp0  RX bytes:529956 (517.5 Kb)  TX bytes:182401 (178.1 Kb)

Don't know why, only google works, I can search anything I wish on google. But when I want to open any other page Opera stucks at "Sending request to www.benchmark.co.yu" (as example), Firefox stucks at "Waiting for www.benchmark.co.yu"... tried about 10 most frequently accessed sites and noone worked (except google). Jabber couldn't connect too.

Any idea how to solve this?

Thank you for help!

Best regards,

Daniel

----------

## ova

Well. Looking at you vpn server IP address you definilty need to add it to your routing table.

Things you can try:

1. Disable completely firewall. You do not need it now. Output of

```

for table in nat filter mangle

do

  iptables -t $table -L -n

done

```

should be policy ACCEPT and no rules everywhere.

2. try to run `ip route replace default via IP_ADDRESS_OF_PPP_PEER dev 'ppp0'` or `ip route replace default via IP_ADDRESS_OF_PPP_PEER`. You can find IP_ADDRESS_OF_PPP_PEER in ifconfig output.

3. Try to ping www.gentoo.org and www.google.com and look with tcpdump -ni wlan0 and tcpdump -ni ppp0 where traffic actually is?

----------

## daniel1988

1.

```
$su

# /etc/init.d/iptables stop

# /etc/init.d/net.ppp0 start

# route add vpn1.centurion.co.yu gw 172.16.0.1

# ip route replace default dev 'ppp0'

# cd /usr/bin

# nano -w temp_exe_fw

# chmod +r temp_exe_fw

# chmod +x temp_exe_fw

# ./temp_exe_fw 

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination     

```

# cat temp_exe_fw

```
# /bin/bash

for table in nat filter mangle

do

        iptables -t $table -L -n

done

```

2.

```
# ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:195.252.74.99  P-t-P:192.168.201.1  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1

          RX packets:2145 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2164 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:500328 (488.6 Kb)  TX bytes:243519 (237.8 Kb)

```

IP_ADDRESS_OF_PPP_PEER is here 192.168.201.1, right? The other one (195.252.74.99) changes every time the ppp0 is established. And what about mask? Maybe there resides the problem...

And tried:

```
gentoo daniel1988 # ip route replace default via 192.168.201.1

gentoo daniel1988 # route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.201.1   0.0.0.0         UG    0      0        0 ppp0

```

ping works

```
gentoo daniel1988 # ip route replace default via 192.168.201.1 dev 'ppp0'

gentoo daniel1988 # route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.201.1   0.0.0.0         UG    0      0        0 ppp0
```

the same situation: ping works, but no major traffic (firefox still displays: waiting for [host])

```
gentoo daniel1988 # ip route replace default via 195.252.74.99

gentoo daniel1988 # route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.201.1   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.200.6   172.16.0.1      255.255.255.255 UGH   0      0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.0.0      0.0.0.0         255.255.192.0   U     0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         195.252.74.99   0.0.0.0         UG    0      0        0 ppp0

```

same as above, ping works, no traffic

```
gentoo daniel1988 # ip route replace default via 192.168.200.6

RTNETLINK answers: Network is unreachable
```

192.168.200.6 is the IP of DNS server & the IP of vpn1.centurion.co.yu

despite of that it is unreachable, I can ping it   :Confused: 

3.  wlan0 has tons of traffics: here are some of the last lines of

```
# tcpdump -ni wlan0

03:43:36.354953 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960226, length 1053: IP 70.53.194.87.60064 > 195.252.74.89.37276: P 154557:155545(988) ack 74992 win 4191 <nop,nop,timestamp 509217327[|tcp]>

03:43:36.356418 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, seq 960227, length 69: IP 84.137.28.110.61745 > 195.252.74.89.37276: P 4:8(4) ack 5 win 2715 <nop,nop,timestamp 509217857[|tcp]>

03:43:36.396605 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403498, ack 416034, length 72: IP 201.123.89.135.11113 > 195.252.74.109.20044: UDP, length 27

03:43:36.423963 IP 192.168.200.6 > 172.16.58.125: GREv1, call 256, ack 909659, no-payload, length 12

03:43:36.426463 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>

03:43:36.430549 IP 192.168.200.6 > 172.16.0.25: GREv1, call 32768, seq 403499, length 1413: IP 83.156.105.7.2520 > 195.252.74.109.37841: . 157010:158358(1348) ack 91854 win 6392 <nop,nop,timestamp 509209458[|tcp]>

12626 packets captured

25254 packets received by filter

0 packets dropped by kernel

```

Bigger part of the output of # tcpdump -ni wlan0 >> file is here (the whole file is bigger than 400KB).

And the same thing for ppp0, here < this one is much shorter

3:2.

And tcpdump while pinging and "accessing" pages via firefox

```
$ ping www.gentoo.org

PING www.gentoo.org (38.99.64.201) 56(84) bytes of data.

64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=1 ttl=31 time=247 ms

64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=2 ttl=31 time=247 ms

64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=3 ttl=31 time=268 ms

64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=4 ttl=31 time=220 ms

64 bytes from wren.gentoo.org (38.99.64.201): icmp_seq=5 ttl=31 time=281 ms

--- www.gentoo.org ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 3997ms

rtt min/avg/max/mdev = 220.729/253.079/281.233/20.647 ms

# tcpdump -ni ppp0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

03:45:49.369252 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 1, length 64

03:45:49.616738 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 1, length 64

03:45:50.368259 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 2, length 64

03:45:50.615751 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 2, length 64

03:45:51.367264 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 3, length 64

03:45:51.635463 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 3, length 64

03:45:52.367066 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 4, length 64

03:45:52.587699 IP 38.99.64.201 > 195.252.74.99: ICMP echo reply, id 22082, seq 4, length 64

03:45:53.367126 IP 195.252.74.99 > 38.99.64.201: ICMP echo request, id 22082, seq 5, length 64
```

and while trying to open www.gentoo.org in firefox

```
# tcpdump -ni ppp0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

04:16:56.951563 IP 195.252.74.99.48797 > 66.219.59.46.80: F 59344874:59344874(0) ack 1435234269 win 960 <nop,nop,timestamp 844758 514739596>

04:16:57.036462 IP 195.252.74.99.37184 > 66.219.59.46.80: S 152606809:152606809(0) win 3840 <mss 960,sackOK,timestamp 844781 0,nop,wscale 2>

04:16:57.217416 IP 66.219.59.46.80 > 195.252.74.99.48797: . ack 1 win 6432 <nop,nop,timestamp 514746828 844758>

04:16:57.227345 IP 66.219.59.46.80 > 195.252.74.99.37184: S 1525357612:1525357612(0) ack 152606810 win 5792 <mss 1460,sackOK,timestamp 514746834 844781,nop,wscale 0>

04:16:57.227436 IP 195.252.74.99.37184 > 66.219.59.46.80: . ack 1 win 960 <nop,nop,timestamp 844828 514746834>

04:16:57.227929 IP 195.252.74.99.37184 > 66.219.59.46.80: P 1:399(398) ack 1 win 960 <nop,nop,timestamp 844829 514746834>

04:16:57.397996 IP 66.219.59.46.80 > 195.252.74.99.37184: . ack 399 win 6432 <nop,nop,timestamp 514746851 844829>

7 packets captured

14 packets received by filter

0 packets dropped by kernel
```

This is the trickiest thing I've ever done in Gentoo until now.

--Daniel

----------

## ova

Good  :Smile: 

You can ping but firefox freeze? I think that's MTU problem. You should supply mtu and mru options to pppd. Something like

```

mtu 1440

mru 1440

```

Or may be lower. I've heard a lot of about this problem but never experienced it by myself. May be you'll manage to debug problem with `ping www.gentoo.org -s 1500`. May be that does not work, then you should lower `-s value` while it works and supply that ( value - 60 ) to mtu... I'm not sure about minus 60, but IIRC it's the size of ppp header and it should be subtracted.

HTH.

----------

## daniel1988

YAYAYAYYA, it works!!!!!

THANK YOU A LOT!!!!

mtu & mru solved the problem now. mtu & mru were set at 1000 in /etc/ppp/options.VPNNAME, as written on gentoo-wiki. With value of 1460 it works!

IP Forwarding is done with:

```
iptables --flush

iptables --table nat --flush

iptables --delete-chain

iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT
```

I think I need something much better than this, and the last thing for now, to secure my box with adequate iptables roules (google will help me for this  :Smile: )

Thank you once again!

Best regards,

Daniel   :Cool: 

----------

## daniel1988

One question more: how to configure /etc/ppp/ip-up file to execute those two lines:

```
route add vpn1.centurion.co.yo gw 172.16.0.1

ip route replace default dev 'ppp0'
```

?

TIA

----------

## mark_lagace

ip-up is a script file... you should be able to add those two lines to the end of the file and they will run each time ppp connects.  Or I suppose a more elegant way to do it would be to create an ip-up.local script (set to executable) that is called from the default ip-up script.

M.

----------

## daniel1988

ip-up.local works, thank you.

Time to add [solved] to the topic name

Thank you all once again.

--Daniel

----------

## daniel1988

My ISP switched from VPN to PPPoE. Internet connection works perfectly on Gentoo box, but with my local windows station experience problems with opening pages: ping works, opening google works, playing CS works, but everything else fails... like here:  https://forums.gentoo.org/viewtopic-p-3548043.html#3548043 < Waiting for {site}... stuff (just to mention one more time: on host machine (gentoo) everything works, the problem is only at other workstation on my lan)

LAN interfaces are ok, copy/paste files over samba works at >4MB/s

Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or?

(

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT

)

/etc/conf.d/net:

```
iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"

essid_wlan0="centurion"

config_centurion=( "dhcp" )

dhcp_wlan0="nogateway nosendhost"

config_ppp0=("ppp")

link_ppp0="wlan0"

plugins_ppp0=( "pppoe" )

username_ppp0="manesku"

password_ppp0="123456"

pppd_ppp0=(

        "noauth"

        "defaultroute"

        "usepeerdns"

        "default-asyncmap"

        "ipcp-accept-remote"

        "ipcp-accept-local"

        "lcp-echo-interval 15"

        "lcp-echo-failure 8"

        "persist"

        "holdoff 2"

        "mru 1460"

        "mtu 1460"

        "lock"

)

```

TIA,

Daniel

----------

## mrness

 *daniel1988 wrote:*   

> Is this mtu/mru problem one more time? And how to solve it (workstations are under windows....)? Something with iptables or?

 

Yes and yes.

Search for TCPMSS in this forum.

----------

## daniel1988

TY for the tip.

```
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
```

 done it all.

Multumesc mult. Salutari din Serbia  :Smile: 

[SOLVED] (2nd time)

----------

