I'm putting together a PPTP VPN server using Slackware Linux 9 and PoPToP. The goal is to allow Windows users to login to the LAN via the Internet. The PPTP server is hosted on a firewall using Shorewall 2 (front-end for iptables).
Problem: I can get it to connect and communicate with the subnet the PPTP hands out IPs for, but it won't communicate with any other subnet.
The server:
- Internet: 192.168.1.1 (for testing) on eth0
- LAN: 10.1.10.0 via eth1 - actual IP is 10.1.10.93
- DMZ: 10.2.10.0 via eth2 - actual IP is 10.2.10.93
- PPTP hands out 10.3.10.2 - 10.3.10.254 to clients
- VPN "local" IP on server: 10.3.10.1
The client:
- Windows 2000 Pro
- Local IP is 192.168.1.2
- Gateway is set to 192.168.1.1 (the server)
- Receives 10.3.10.x from server
- Subnet mask for 10.3.10.x is 255.255.255.255 -- standard for PPTP, I don't think this can change, but I'm still researching that
I think the firewall is basically OK, but might need some tweaking on the masquerading entries or something. The important thing to note with the firewall is it does allow connections, and this issue persists even if the firewall is turned off.
The clients CAN ping 10.1.10.93 and 10.2.10.93, since they are on that server. I believe the issue is route-related -- I don't know what routes to put in though, and whether they should be on the server or client. The server has no problem communicating with anything on any subnet, it's just the client.
My masq entries in Shorewall:
Code:
#INTERFACE SUBNET ADDRESS
eth0 eth1
eth0 eth2
#ppp0 eth1
#ppp0 eth2
#ppp0:10.1.10.0/24 10.3.10.0/24 10.1.10.93
eth0 ppp0
The interfaces file in Shorewall:
Code:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect routefilter,blacklist
loc eth1 detect dhcp,blacklist,routeback
dmz eth2 detect dhcp
vpn ppp0 -
/etc/pptpd.conf:
Code:
option /etc/ppp/options-pptpd
localip 10.3.10.1
remoteip 10.3.10.2-254
/etc/ppp/options-pptpd:
Code:
name *
lock
mtu 1450
mru 1450
proxyarp
defaultroute
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
# dns and samba
ms-dns 10.2.10.7
# handshake auth method
+chap
+mschap-v2
# data encryption method
mppe required
Please let me know if you would like to see anything else. Does anyone have any ideas?
Thanks!