Re: Can connect but cannot access any hosts inside the vpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-01-24 at 12:20 -0700, Kevin Kempter wrote:
> Hi LIst;
> 
> I have a vpn connection setup (via linux PPTP client) and I can connect. 
> However once connected I cannot ping, telnet, ssh, etc to any hosts in the 
> remote vpn network.
> 

I cannot give a specific answer.  I have several, separate guesses:
1) When you say, you can connect, is the connection fully up?

   PPTP encapsulates the ppp protocol inside something called GRE
   packets.  PPTP was defined by Microsoft.  I am asking if the
   ppp protocol successfully negotiated IP.

   One way to find out is to see if certain IP things are set up.
   Is an interface created?  Are entries added to the routing table?

   Please do the following for interfaces: ifconfig
   Please do the following for the routing table: netstat -rn

   Can you ping the IP address of the remote ppp link.
   I think the remote IP address should show up in the routing table.
   If you can ping the remote ppp link, IP is negotiated.
 
2) Is a route being added to the routing table for the network on the
   other side of the PPTP VPN tunnel?

   You might get the IP address of the remote ppp link added.
   You will need to have the remote network added to your routing table
   to ping any other IP addresses in the remote network.

   Any of the following commands should show the routing table:
   netstat -rn
   route
   ip route show

   You may have to add a network route to the routing table.
   More than one command can do it...
        ip route add ...
        route add ...

3) When you try to ping, telnet, ssh, etc through the VPN tunnel,
   is the source IP address, in the packet correct?

   Devices on the remote end need a way to get a reply packet back.

   You might run wireshark (new name for ethereal) to examine
   packets you send to the other side.

   The person who controls the remote network might expect the
   source IP address to be the one assigned to your end of the
   ppp link or he might expect you to use a specific subnet he
   assigned.

   A "good" guess is to assume you can use the IP address assigned 
   to your end of the PPP link, but this is not always the case.

   Whatever the person who controls the remote network expects,
   you must do.

4) Is the peer PPTP VPN, perhaps setting firewall rules to 
   control access?

   A security person might set firewall rules to control what
   a VPN client IP address can and cannot access.  They will
   try to restrict a VPN client to a demilitarized zone and
   not let the VPN client access the internal LAN.

   You may need to ask the person who administers the remote network.

In summary,
1) Is IP actually up?
2) Do you have a route in your routing table to the remote network?
3) Does the remote network have a route back to the IP address you use?
4) Are there firewall rules on the remote side blocking you?

> Can anyone help me debug this?
> 
> Thanks in advance
> 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux