# no ping after ppp VPN connection [solved]

## gr0x0rd

Since I prefer to work at home than having to drive to the office, VPN connections are great. Great, that is, unless you are connecting to a Microsoft software-based vpn with a linux box. I have a number of windows VMs that connect to the VPN just fine, but I'd really like to have the full functionality in my linux environment. 

After a great deal of trial and error following bits and pieces of the scattered and outdated pptp guides for gentoo, I've managed to authenticate with the vpn from gentoo, receive an IP address, and bring up the ppp0 adapter. 

```
gr0x0rd@teletran4 ~ $ sudo pppd call MYVPN logfd 2 nodetach debug dump

pppd options in effect:

debug      # (from command line)

nodetach      # (from command line)

logfd 2      # (from command line)

dump      # (from command line)

noauth      # (from /etc/ppp/options.MYVPN)

refuse-eap      # (from /etc/ppp/options.MYVPN)

name user@domain.ext      # (from /etc/ppp/peers/MYVPN)

      # (from /etc/ppp/options.MYVPN)

pty pptp vpn2.domain.ext --nolaunchpppd      # (from /etc/ppp/peers/MYVPN)

require-mppe-128      # (from /etc/ppp/peers/MYVPN)

using channel 4

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22697b04> <pcomp> <accomp>]

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22697b04> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x304b5ed1> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:51.7c.44.4e.54.ee.42.30.a9.fc.ff.17.8b.30.ef.ba.00.00.00.00]> < 17 04 00 2f>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 2f>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x22697b04> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x304b5ed1> <pcomp> <accomp> <endpoint [local:51.7c.44.4e.54.ee.42.30.a9.fc.ff.17.8b.30.ef.ba.00.00.00.00]>]

sent [LCP ConfNak id=0x1 <auth chap MD5>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x304b5ed1> <pcomp> <accomp> <endpoint [local:51.7c.44.4e.54.ee.42.30.a9.fc.ff.17.8b.30.ef.ba.00.00.00.00]>]

sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x304b5ed1> <pcomp> <accomp> <endpoint [local:51.7c.44.4e.54.ee.42.30.a9.fc.ff.17.8b.30.ef.ba.00.00.00.00]>]

rcvd [CHAP Challenge id=0x0 <6a4e540121e539c9bafa04afaca7eb0f>, name = "MYVPNDC2"]

sent [CHAP Response id=0x0 <928a9b883546f8c225fc9252ed95d678000000000000000026bbfa10950f2a4fe7a90d3ae8b9fa2a86fc11ea8583e56c00>, name = "user@domain.ext"]

rcvd [CHAP Success id=0x0 "S=442E7D545A0EEB7E877B97BDB7C1DC7A2E3FDF74"]

CHAP authentication succeeded

sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x4 <mppe +H -M +S -L -D +C>]

sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]

rcvd [IPCP ConfReq id=0x5 <addr 10.10.3.145>]

sent [IPCP TermAck id=0x5]

rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]

sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]

MPPE 128-bit stateless compression enabled

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.0.100>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 192.168.0.100>]

rcvd [IPCP ConfNak id=0x2 <addr 10.10.3.125>]

sent [IPCP ConfReq id=0x3 <addr 10.10.3.125>]

rcvd [IPCP ConfAck id=0x3 <addr 10.10.3.125>]

rcvd [IPCP ConfReq id=0x7 <addr 10.10.3.145>]

sent [IPCP ConfAck id=0x7 <addr 10.10.3.145>]

local  IP address 10.10.3.125

remote IP address 10.10.3.145

Script /etc/ppp/ip-up started (pid 9907)

Script /etc/ppp/ip-up finished (pid 9907), status = 0x0
```

Sweet ass, I'm connected.

```
gr0x0rd@teletran4 ~ $ sudo ifconfig

...

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:10.10.3.126  P-t-P:10.10.3.145  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1

          RX packets:8 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:80 (80.0 B)  TX bytes:80 (80.0 B)

...
```

Now I just need to add a route. The only guy at work who has ever managed to connect to the VPN using pptp has said, and I quote, "route looks good..."

```
sudo route add -net 10.10.0.0/24 dev ppp0
```

So now I should be able to ping my favorite machine the other side...

```
gr0x0rd@teletran4 ~ $ sudo ping -c 3 10.10.1.120 

PING 10.10.1.120 (10.10.1.120) 56(84) bytes of data.

--- 10.10.1.120 ping statistics ---

3 packets transmitted, 0 received, 100% packet loss, time 1999ms
```

Networking is not my strength, and I'm still learning as I go in regards to setting up networking using gentoo. And as I mentioned before, the vpn connection works fine from my windows VMs, so my networking hardware and infrastructure shouldn't be the problem. Does anyone have any advice as to how I should proceed with this? Thanks in advance, as always...

----------

## mr.sande

Im no expert, so Im going with the "how I got it working" theme  :Razz: 

When I set up my pptp vpn connection I run 

```
route add default ppp0
```

after the connection is established. There might be a better and more delicate way, but it has worked just fine for my use. If you have set pptp vpn to start via /etc/init.d/net.ppp0 you can just chuck it in postup() like this.

```
postup(){

        if [[ ${IFACE} = ppp0 ]]; then

                route add default ppp0

        fi

        return 0;

}

```

Have you checked if the right DNS entries are appended to /etc/resolv.conf? I have "usepeerdns" set in my /etc/ppp/peers/<connection>, so it appends the acquired DNS servers to resolv.conf by it self. Or you can add them in postup() in /etc/conf.d/net.

I hope some of it is of help  :Smile: 

----------

## gr0x0rd

Thanks for the tips mr.sande- the usepeerdns setting did add the nameservers nicely to my resolv.conf  :Smile:  But sadly, even with that route, I still can't ping anything on the other side.   :Sad: 

----------

## mr.sande

Maybe there are some problems with your routes. Some pptp howtos Iv read have said something about removing "wrong" routes to get it working. Could you post 

```
route -n
```

----------

## gr0x0rd

After bringing up vpn

```
gr0x0rd@teletran4 ~ $ sudo route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

<vpn ip ;)>     192.168.0.1     255.255.255.255 UGH   0      0        0 eth0

10.10.3.145     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.1.0     0.0.0.0         255.255.255.0   U     2000   0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

0.0.0.0         192.168.1.254   0.0.0.0         UG    2000   0        0 wlan0

```

After adding ppp0 default route as suggested

```
gr0x0rd@teletran4 ~ $ sudo route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

<vpn ip ;)>     192.168.0.1     255.255.255.255 UGH   0      0        0 eth0

10.10.3.145     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.1.0     0.0.0.0         255.255.255.0   U     2000   0        0 wlan0

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

0.0.0.0         192.168.1.254   0.0.0.0         UG    2000   0        0 wlan0
```

----------

## mr.sande

Well, I think the routes are all fine. But what about the DNS servers you are provided? Are the IPs private or public? If they are a part of the local network to where you are connecting, I think youll need to add them to your routes.

Your setup might differ from mine, since your connecting to a local network over the internet. And Im connection to the internet through a local network. But I think that is kinda weird, as I though that was supposed to be the beauty of using vpn.

Im on kind of shaky ground here myself, Iv only spent some hours trying to guess the best setup of the vpn Im provided myself. Maybe something here might help https://forums.gentoo.org/viewtopic-t-832531.html

Edit: I just noticed that you tried to ping a machine in the 10.10.1. segment, but you are on the 10.10.3. segment. Are you able to ping machines on the 10.10.3 segment?

----------

## gr0x0rd

Rather than add the route approved by my colleague I decided to try the one you mentioned above,

```
route add default ppp0
```

. I made it a bit further with this, as in it is able to resolve the ip of some of the internal servers- great! But, I'm still not able to ping anything  :Mad: 

Do I need to add the nameservers as routes as well? On that note,

```
sudo route add -net 10.10.50.0/24 dev ppp0
```

accomplishes the same thing. Networking isn't my strength (thanks captain obvious)... how do I enable traffic to 10.10.1.x etc? Adding

```
sudo route add -net 10.10.1.0/24 dev ppp0
```

didn't do the trick.

----------

## mr.sande

I afraid my vpn skills stop here, so these are only suggestions and thoughts.

I think that since your connecting through a WAN to a LAN that the 

```
route add default ppp0
```

is not the way to. I only suggested it because it worked for me. And that making ppp0 the default route is a catch-all solution that I used because I just wanted to get my internet working.

I think that because you are connecting to a LAN though a WAN you need to have a little more specific routes. Maybe, just maybe, making a route that looks like this (dont remember the route flags on the top of my head)

```

10.10.3.145     <vpn ip>        255.255.0.0  ppp0 
```

(removed the flags, metric, ref and use. Because I dont know what they are  :Razz: ) I dont know if it will work if its a valid route, but its what I can come up with from what I understand of the situation.

Hope its been of some help.

----------

## gr0x0rd

Progress has been made! I finally had some time to experiment with this, and here is the magic route:

```
route add -net 10.10.0.0 netmask 255.255.0.0 dev ppp0
```

So it would appear I had to specify the subnet mask for the routing to work correctly. Nice work mr.sande  :Smile:  I can now ping some of the machines on the network, but not others: they all resolve fine, so my nameservers are good, but I get a "Destination Host Unreachable" for machines connected to the same switches and on the same subnet. I know these machines are accessible over the VPN because I can reach them when I connect with a Windows VM  :Mad: 

Scratching head...

Update- this behavior turned out to be erratic, so I blamed Microsoft. This thread be closed.

----------

