# PPTP problem!

## XiNoID

I have set up pptp vpn server

I can connect to it with windows client

but I cant ping any pc in protected internal network! and pc's from network just cant see the windows client

here are my configs

############################################################################### 

# $Id: pptpd.conf,v 1.10 2006/09/04 23:30:57 quozl Exp $ 

# 

# Sample Poptop configuration file /etc/pptpd.conf 

# 

# Changes are effective when pptpd is restarted. 

############################################################################### 

# TAG: ppp 

#    Path to the pppd program, default '/usr/sbin/pppd' on Linux 

# 

ppp /usr/sbin/pppd 

# TAG: option 

#    Specifies the location of the PPP options file. 

#    By default PPP looks in '/etc/ppp/options' 

# 

option /etc/ppp/options.pptpd 

# TAG: debug 

#    Turns on (more) debugging to syslog 

# 

debug 

# TAG: stimeout 

#    Specifies timeout (in seconds) on starting ctrl connection 

# 

# stimeout 10 

# TAG: noipparam 

#       Suppress the passing of the client's IP address to PPP, which is 

#       done by default otherwise. 

# 

#noipparam 

# TAG: logwtmp 

#    Use wtmp(5) to record client connections and disconnections. 

# 

logwtmp 

# TAG: bcrelay <if> 

#    Turns on broadcast relay to clients from interface <if> 

# 

bcrelay eth1 

# TAG: delegate 

#    Delegates the allocation of client IP addresses to pppd. 

# 

#       Without this option, which is the default, pptpd manages the list of 

#       IP addresses for clients and passes the next free address to pppd. 

#       With this option, pptpd does not pass an address, and so pppd may use 

#       radius or chap-secrets to allocate an address. 

# 

#delegate 

# TAG: connections 

#       Limits the number of client connections that may be accepted. 

# 

#       If pptpd is allocating IP addresses (e.g. delegate is not 

#       used) then the number of connections is also limited by the 

#       remoteip option.  The default is 100. 

#connections 100 

# TAG: localip 

# TAG: remoteip 

#    Specifies the local and remote IP address ranges. 

# 

#    These options are ignored if delegate option is set. 

# 

#       Any addresses work as long as the local machine takes care of the 

#       routing.  But if you want to use MS-Windows networking, you should 

#       use IP addresses out of the LAN address space and use the proxyarp 

#       option in the pppd options file, or run bcrelay. 

# 

#    You can specify single IP addresses seperated by commas or you can 

#    specify ranges, or both. For example: 

# 

#        192.168.0.234,192.168.0.245-249,192.168.0.254 

# 

#    IMPORTANT RESTRICTIONS: 

# 

#    1. No spaces are permitted between commas or within addresses. 

# 

#    2. If you give more IP addresses than the value of connections, 

#       it will start at the beginning of the list and go until it 

#       gets connections IPs.  Others will be ignored. 

# 

#    3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, 

#       you must type 234-238 if you mean this. 

# 

#    4. If you give a single localIP, that's ok - all local IPs will 

#       be set to the given one. You MUST still give at least one remote 

#       IP for each simultaneous client. 

# 

# (Recommended) 

localip 192.168.1.253 

remoteip 192.168.0.203-245 

# or 

#localip 192.168.0.203-238,192.168.0.245 

#remoteip 192.168.1.234-238,192.168.1.245 

############################################################################### 

# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $ 

# 

# Sample Poptop PPP options file /etc/ppp/options.pptpd 

# Options used by PPP when a connection arrives from a client. 

# This file is pointed to by /etc/pptpd.conf option keyword. 

# Changes are effective on the next connection.  See "man pppd". 

# 

# You are expected to change this file to suit your system.  As 

# packaged, it requires PPP 2.4.2 and the kernel MPPE module. 

############################################################################### 

# Authentication 

# Name of the local system for authentication purposes  

# (must match the second field in /etc/ppp/chap-secrets entries) 

name pptpd 

# Strip the domain prefix from the username before authentication. 

# (applies if you use pppd with chapms-strip-domain patch) 

#chapms-strip-domain 

# Encryption 

# (There have been multiple versions of PPP with encryption support, 

# choose with of the following sections you will use.) 

# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o 

# {{{ 

refuse-pap 

refuse-mschap 

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft 

# Challenge Handshake Authentication Protocol, Version 2] authentication. 

require-mschap-v2 

# Require MPPE 128-bit encryption 

# (note that MPPE requires the use of MSCHAP-V2 during authentication) 

#require-mppe-128 

# }}} 

# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o 

# {{{ 

#-chap 

#-chapms 

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft 

# Challenge Handshake Authentication Protocol, Version 2] authentication. 

#爖ꦚv2 

# Require MPPE encryption 

# (note that MPPE requires the use of MSCHAP-V2 during authentication) 

#mppe-40    # enable either 40-bit or 128-bit, not both 

#mppe-128 

#mppe-stateless 

# }}} 

# Network and Routing 

# If pppd is acting as a server for Microsoft Windows clients, this 

# option allows pppd to supply one or two DNS (Domain Name Server) 

# addresses to the clients.  The first instance of this option 

# specifies the primary DNS address; the second instance (if given) 

# specifies the secondary DNS address. 

ms-dns 192.168.0.1 

ms-dns 192.168.0.127 

# If pppd is acting as a server for Microsoft Windows or "Samba" 

# clients, this option allows pppd to supply one or two WINS (Windows 

# Internet Name Services) server addresses to the clients.  The first 

# instance of this option specifies the primary WINS address; the 

# second instance (if given) specifies the secondary WINS address. 

#ms-wins 10.0.0.3 

#ms-wins 10.0.0.4 

# Add an entry to this system's ARP [Address Resolution Protocol] 

# table with the IP address of the peer and the Ethernet address of this 

# system.  This will have the effect of making the peer appear to other 

# systems to be on the local ethernet. 

# (you do not need this if your PPTP server is responsible for routing 

# packets to the clients -- James Cameron) 

#proxyarp 

# Normally pptpd passes the IP address to pppd, but if pptpd has been 

# given the delegate option in pptpd.conf or the --delegate command line 

# option, then pppd will use chap-secrets or radius to allocate the 

# client IP address.  The default local IP address used at the server 

# end is often the same as the address of the server.  To override this, 

# specify the local IP address here. 

# (you must not use this unless you have used the delegate option) 

#10.8.0.100 

# Logging 

# Enable connection debugging facilities. 

# (see your syslog configuration for where pppd sends to) 

#debug 

# Print out all the option values which have been set. 

# (often requested by mailing list to verify options) 

#dump 

# Miscellaneous 

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive 

# access. 

#lock 

# Disable BSD-Compress compression 

nobsdcomp  

# Disable Van Jacobson compression  

# (needed on some networks with Windows 9x/ME/XP clients, see posting to 

# poptop-server on 14th April 2005 by Pawel Pokrywka and followups, 

# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 ) 

novj 

novjccomp 

# turn off logging to stderr, since this may be redirected to pptpd,  

# which may trigger a loopback 

#nologfd 

# put plugins here  

# (putting them higher up may cause them to sent messages to the pty) 

and here is route/ifconfig/ipconfig when windows client is connected

Kernel IP routing table 

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 

0.0.0.0         y.y.y.y  0.0.0.0         UG    0      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo 

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

192.168.1.2     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0 

z.z.z.z  0.0.0.0         255.255.255.248 U     0      0        0 eth0 

Windows IP Configuration 

        Host Name . . . . . . . . . . . . : xinoid 

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Unknown 

        IP Routing Enabled. . . . . . . . : No 

        WINS Proxy Enabled. . . . . . . . : No 

PPP adapter VPN: 

        Connection-specific DNS Suffix  . : 

        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface 

        Physical Address. . . . . . . . . : 00-53-45-00-00-00 

        Dhcp Enabled. . . . . . . . . . . : No 

        IP Address. . . . . . . . . . . . : 192.168.1.2 

        Subnet Mask . . . . . . . . . . . : 255.255.255.255 

        Default Gateway . . . . . . . . . : 192.168.1.2 

        DNS Servers . . . . . . . . . . . : 192.168.0.1 

                                            192.168.0.127 

eth0      Link encap:Ethernet  HWaddr 00:16:E6:5E:43:FE 

          inet addr:x.x.x.x  Bcast:213.33.171.135  Mask:255.255.255.248 

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 

          RX packets:11854675 errors:0 dropped:0 overruns:0 frame:0 

          TX packets:10099198 errors:0 dropped:0 overruns:0 carrier:0 

          collisions:0 txqueuelen:100 

          RX bytes:2989674930 (2851.1 Mb)  TX bytes:2888377367 (2754.5 Mb) 

          Base address:0x4000 Memory:d8000000-d8020000 

eth1      Link encap:Ethernet  HWaddr 00:16:E6:5E:43:FF 

          inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0 

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 

          RX packets:8237862 errors:0 dropped:0 overruns:0 frame:0 

          TX packets:9928203 errors:0 dropped:0 overruns:0 carrier:0 

          collisions:0 txqueuelen:1000 

          RX bytes:2523514634 (2406.6 Mb)  TX bytes:2675568661 (2551.6 Mb) 

          Base address:0x5000 Memory:d8200000-d8220000 

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0 

          UP LOOPBACK RUNNING  MTU:16436  Metric:1 

          RX packets:14 errors:0 dropped:0 overruns:0 frame:0 

          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 

          collisions:0 txqueuelen:0 

          RX bytes:1568 (1.5 Kb)  TX bytes:1568 (1.5 Kb) 

ppp0      Link encap:Point-to-Point Protocol 

          inet addr:x.x.x.x  P-t-P:192.168.1.2  Mask:255.255.255.255 

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1 

          RX packets:63 errors:0 dropped:0 overruns:0 frame:0 

          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 

          collisions:0 txqueuelen:3 

          RX bytes:5208 (5.0 Kb)  TX bytes:128 (128.0 b) 

x.x.x.x/y.y.y.y/z.z.z.z - theese are exteranal IP adresses i masked them for security....

Please could anyone help me! I just dont know what to do.....

----------

## XiNoID

I beg please help!

----------

## overkll

Do people still use PPTP?  Kinda insecure imo.  Take a look at OpenVPN.  It's easier to implement and more secure.  Windows client for OpenVPN is free as in beer.

If you HAVE TO use PPTP.  Find a good howto on the web.

As far as the hosts not being able to see each other, I think I remember reading something about having to edit and use the LMHOSTS file on the windows boxes.  I may be wrong though.

Good Luck.

EDIT  BTW, OpenVPN is in portage as openvpn.

----------

## XiNoID

Yes I just have to use PPTP I looked lots of howto's manuals and FAQ's i just need an advice of person who  knows pptp...i think ihave just small problem that prevents it from working ....but i cant find it =(

----------

## overkll

Try googling "PPTP lmhosts" and see if that helps ya out.

----------

## XiNoID

It did not =(

----------

## overkll

Can you be more specific?  The search didn't yield results or editing the lmhost files didn't work?  can you ping internal ip addresses from the pptp client machine?

EDIT:  Never mind about the ping question, you said you couldn't.

Your original post is vague at best.  Is this a samba server?  Do you have wins servers running?

Your config doesn't specify any wins servers:

```
# If pppd is acting as a server for Microsoft Windows or "Samba"

# clients, this option allows pppd to supply one or two WINS (Windows

# Internet Name Services) server addresses to the clients. The first

# instance of this option specifies the primary WINS address; the

# second instance (if given) specifies the secondary WINS address.

#ms-wins 10.0.0.3

#ms-wins 10.0.0.4 
```

Do you have IP tables running and have it configured correctly?  Or anyother firewall software/hardware?

Poptop is well documented and has an active mailing list.  You'd probably be better off seeking Poptop specific advice there.

----------

## XiNoID

I think i got it...i need that packets which are for remote network went throught ppp0 interface...How can i do it with route?

----------

## XiNoID

Huh i gave all my config and information.....But i dont believe that noone can provide me with some help....

----------

## Napalm Llama

I think by default it may do something called "client isolation" - which is a feature which does exactly what you describe, ie. prevents all the clients from talking to one another.  I don't know about PPTP server configuration, (client's another matter, I quickly became an expert about a year ago when I had to connect to my University's network from my Linux box), but if you look through those dreaded HOWTOs for client isolation then you may find something.  Sorry I can't be of more help, but hopefully you've got something a bit more specific to search for now...

[edit:]

Sorry, apparently I overlooked your last two posts.  Could you post the output of route -n and ifconfig, please?  Use the [code] tags, it makes it easier to read.

----------

## mrness

 *XiNoID wrote:*   

> I think i got it...i need that packets which are for remote network went throught ppp0 interface...How can i do it with route?

 

You add the route in /etc/ppp/ip-up.local script.

----------

