Pptpclient & routing

ledet · 2007-11-22 17:11:11

Hi

First off, English is not my native language so I'm sorry if anything is unclear.

I've been an arch user for about a month, and so far it has been a succes Now I would like to set up a pptp connection to relakks (www.relakks.com), but I'm having some problems. I've used Relakks on my computer with Windows server 2003 without any problems at all. I've tried to follow these two guides - without succes.

http://wiki.archlinux.org/index.php/Mic … pptpclient
http://forum.piratpartiet.se/Topic64139-164-1.aspx

I can connect to pptp.relakks.com using 'pon Relakks' and I get a new ppp0 interface and a relakks IP. When I get to setting up the routes, I'm getting some problems.

Before connecting, my routing table looks like this:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.184.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         10.184.163.1    0.0.0.0         UG    0      0        0 eth0

After connecting my routing table looks like this:

83.233.181.2    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.184.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         10.184.163.1    0.0.0.0         UG    0      0        0 eth0

After connecting ifconfig ppp0 gives me this info:

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:83.233.181.123  P-t-P:83.233.181.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1162661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:46847 (45.7 Kb)  TX bytes:469693937 (447.9 Mb)

I've tried to use the routing scripts from the guides, but when i do so, my connection dies.

Can you help me set up the routing right?

Thank you in advance.

/Ledet

luca · 2007-11-22 18:15:41

Hi ledet,
which is the remote net?
I use this command to setup the route:

route add -net <remotenet> netmask 255.255.255.0 ppp0

change <remotenet> with your

ledet · 2007-11-22 18:33:27

My normal network interface is eth0. ppp0 is my connection to relakks.
I'm behind NAT and my gateway is located at 10.184.163.1.

tail /var/log/daemon.log gives me this info

Nov 22 19:31:46 jlpserver pppd[8598]: CHAP authentication succeeded
Nov 22 19:31:46 jlpserver pppd[8598]: MPPE 128-bit stateless compression enabled
Nov 22 19:31:47 jlpserver pppd[8598]: Cannot determine ethernet address for proxy ARP
Nov 22 19:31:47 jlpserver pppd[8598]: local  IP address 83.233.181.146
Nov 22 19:31:47 jlpserver pppd[8598]: remote IP address 83.233.181.2
Nov 22 19:31:47 jlpserver pppd[8598]: primary   DNS address 82.209.169.71
Nov 22 19:31:47 jlpserver pppd[8598]: secondary DNS address 82.209.169.72

luca · 2007-11-22 19:55:05

If you want to access the remote LAN you must know its ip address class (e.g 192.168.0.x)
BTW you should ping the remote IP without any route (83.233.181.2)

Bebo · 2007-11-22 21:06:12

When you do pon Relakks, you get an erroneous route for the ppp0 interface, just as you show in your second route output. What (re)routing do you do at this point? Remember that you, in the rerouting, have to delete the first route for ppp0. Mind that timing is a bit important - you can't wait too long with setting up the correct routes, because the connection may die if you're not fast enough.

I'm really interested in how you find it to follow the guide at piratpartiet.se, since I'm the one who wrote it However, I haven't used Relakks for a year now, so I'm not sure how my knowledge - and the info in that post - has "aged" since then.

ledet · 2007-11-23 17:40:49

I've added this file to /etc/rc.d/relakks:

IFACE=eth0
GATEWAY=10.184.163.1
TIMEOUT=30
case "$1" in
start)
echo "Starting Relakks service..."
rm /tmp/ip-up.conf 2> /dev/null
if ! pon Relakks ; then
echo "Could not execute start the pppd daemon."
exit 2
fi
CYCLES=0
while [ ! -e /tmp/ip-up.conf ] ; do
if [ $CYCLES -ge $TIMEOUT ] ; then
echo "Timeout error when connecting to Relakks."
exit 3
fi
sleep 1s
CYCLES=$((CYCLES +1))
done
. /tmp/ip-up.conf
rm /tmp/ip-up.conf
for RELAKKSHOST in $(host pptp.relakks.com | awk '{print $NF}') $REMOTE ;
do
route add -host $RELAKKSHOST/32 gw $GATEWAY dev $IFACE
done
route add default $TUNFACE
route del -host $REMOTE dev $TUNFACE
route del default gw $GATEWAY dev $IFACE
cp /etc/resolv.conf /etc/resolv.conf.bak
cp /etc/ppp/resolv.conf /etc/resolv.conf
;;
stop)
echo "Stopping Relakks service"
poff Relakks
cp /etc/resolv.conf.bak /etc/resolv.conf
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0

Before running this script route -n gives me:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.184.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         10.184.163.1    0.0.0.0         UG    0      0        0 eth0

ifconfig before:

eth0      Link encap:Ethernet  HWaddr 00:11:D8:82:A5:FA  
          inet addr:10.184.163.7  Bcast:10.184.163.255  Mask:255.255.255.0
          inet6 addr: fe80::211:d8ff:fe82:a5fa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9609 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8290 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9025454 (8.6 Mb)  TX bytes:1230522 (1.1 Mb)
          Interrupt:16 Base address:0x6000 

eth1      Link encap:Ethernet  HWaddr 00:11:D8:82:A2:1B  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:21 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

resolv.conf before:

# generated by NetworkManager, do not edit!

search ***-kollegiet.local


nameserver 10.184.11.10

When I run /etc/rc.d/relakks start i get:

Starting Relakks service...
SIOCADDRT: File exists

And route -n:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
83.233.183.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
83.233.181.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
83.233.169.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
83.233.182.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
83.233.180.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
83.233.168.2    10.184.163.1    255.255.255.255 UGH   0      0        0 eth0
10.184.163.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:11:D8:82:A5:FA  
          inet addr:10.184.163.7  Bcast:10.184.163.255  Mask:255.255.255.0
          inet6 addr: fe80::211:d8ff:fe82:a5fa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9921 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8539 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9081120 (8.6 Mb)  TX bytes:1267036 (1.2 Mb)
          Interrupt:16 Base address:0x6000 

eth1      Link encap:Ethernet  HWaddr 00:11:D8:82:A2:1B  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:21 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:280 (280.0 b)  TX bytes:280 (280.0 b)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:83.233.181.33  P-t-P:83.233.181.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:102 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107178 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:9491 (9.2 Kb)  TX bytes:43235624 (41.2 Mb)

resolv.conf:

nameserver 82.209.169.71
nameserver 82.209.169.72

After running the script I have no connection to the internet - I can ping the relakks servers, but not the servers in resolv.conf

I hope this help to find the problem. If you need more info, please say so

/Ledet

Bebo · 2007-11-23 19:16:17

It looks alright, I think. Except for the "SIOCADDRT: File exists" message. Do you always get this? (It looks a bit like an error message that would come if you just reran /etc/rc.d/relakks to have some output to add in your post )

Do any error logs say anything useful? For instance, I guess that /var/log/daemon.log contain (at least) some disconnection messages right after the log lines you posted before.

Have you made the proper adjustments to your firewall? Before I started using Relakks, all my iptables rules were very specific about the interface, i.e. I had made rules specifiying lo and eth0 only. When I started using Relakks, I edited the (most of, it not all) eth0 rules and changed eth0 to "! lo". This was necessary to actually allow any connections over ppp0. (Okay, never mind the proto 47 (and possibly the port 1723) rules...)

Also, have you made the changes to /etc/ppp/ip-up to actually have a /tmp/ip-up.conf file to parse in the /etc/rc.d/relakks script?

ledet · 2007-11-23 21:59:48

Yes, I get the"SIOCADDRT: File exists" every time I run the code.

I haven't made any changes to my firewall. I'm behind NAT so I don't use any. iptables -L gives me this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

/etc/ppp/ip-up looks like this:

#!/bin/sh
#
# This script is run by pppd when there's a successful ppp connection.
#

cat > /tmp/ip-up.conf << EOF
TUNFACE=$1
DEVICE=$2
SPEED=$3
LOCAL=$4
REMOTE=$5
PARAM=$6
EOF
exit 0

I'll try to run the script one more time and see what happens in /var/log/damon.log - the connection doesn't die, it just doesn't work, so I don't suppose that there should be any diconnection messages.

ledet · 2007-11-23 22:06:47

After connecting, /var/log/daemon.log contains a lot of lines like this:

jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 'SNA over 802.2' (0x4b)
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0x7c0e
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0x8e1
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0xa4ef
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 'Stream Protocol ST-II' (0x33)
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0x1d
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0xacdc
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0xb1
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0xe3
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0x487c
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0xff
jlpserver pppd[8075]: Protocol-Reject for unsupported protocol 0x5e1c

jlpserver is my hostname.

Edit: I'm getting the "SIOCADDRT: File exists" error because 83.233.181.2 is in host pptp.relakks.com and $REMOTE - I don't think that this is the problem

Last edited by ledet (2007-11-23 22:47:27)

Bebo · 2007-11-23 22:50:00

Gah, the infamous Protocol-Reject messages... In the beginning I got those too, but as I remember the messages stopped showing up at some point. As I said previously, I haven't used Relakks for about a year now, so maybe they've done something that make this happen again...

There have been reports on the piratpartiet.se forum on issues that seemed to be accompanied by this kind of message. I also found a post on Gentoo's forum (possibly a duplicate of the post on forum.piratpartiet.se). On the Norwegian forum of Piratgruppen, I found a forum thread from this year (in Norwegian). The first part of the thread is from May, but the last post is from October; the poster says that the service has been working well the past year, but now when sniffing the traffic these Protocol-Reject packets show up all of a sudden. The Relakks support say that it is not their problem.

I'm sorry, but when it comes to these errors I don't know what to do. The only thing I haven't tried myself but seems to work for some other people is this module-reloading that is mentioned in the piratpartiet.se forum post I linked to in the previous paragraph.

Bebo · 2007-11-23 22:57:04

BTW, I just found a Gentoo wiki page that may have a solution:

http://gentoo-wiki.com/HOWTO_PPTP_VPN_c … th_mppe%29

A bit down it says the following concerning options in the /etc/ppp/options.pptp file

The following line may solve unsupported protocol error:
mppe stateless

ledet · 2007-11-23 23:08:46

'mppe stateless' only gives me:
/usr/sbin/pppd: In file /etc/ppp/options.pptp: unrecognized option 'mppe'

I'll try to read to the forum topics. I'm from Denmark so norwegian and swedish posts are fine.

I really appreciate your help

Last edited by ledet (2007-11-23 23:18:06)

Bebo · 2007-11-23 23:37:13

Hm, I just had a look at the man page for pppd, and it seems that there is no option such as "mppe stateless". Odd, I've read suggestions to use "mppe stateless" in a number of places... Anyway, the option most similar to the, er, "intent" with mppe stateless is "nomppe-stateful". This is however the default. So, never mind...

I don't know what to say... People in the posts I've linked to have tried tweaking the mtu, reloading modules, forced stateless mppe and what not, but it seems more luck than anything when or if anyone succeeds...

ledet · 2007-11-24 10:52:24

In the first post in the piratpartiet.se topic it says:

Okay it turns out to have been the route creation scripts in my /etc/ppp/ip-up file. I had put the code at the end of the file and moving it to the start of the file solved the problem. Can't figure out why it was working for the couple of months it was though.

But he must be using a different method for routing

ledet · 2007-11-25 16:28:17

I think I'll switch to PRQ instead of relakks.

To bad this doesn't work

Bebo · 2007-11-25 17:24:16

Yes, very

PRQ, you say? Aha, I just had a look at their web page - I had _no_ idea they had a tunnel service. Thanks for the tip!

<EDIT>
BTW, I don't think the other guy uses another method for the routing. Regardless of whether you're using the ip-up file to get the tunnel settings (like I did it) or let the ip-up script change the routing (as it is supposed to be done, but I couldn't get to work), the rerouting should be the same, and ought to be done at the same stage in the tunnel setup.

My guess is that Relakks has screwed up something on their side - again.
</EDIT>

Last edited by Bebo (2007-11-25 17:27:56)

ledet · 2007-11-25 17:26:30

Neither did I It's a bit more money, but if it works with linux and is more stable, I'll be happy to pay.

Plus you get a static IP-address.

Bebo · 2007-11-25 17:29:44

Yes, and it is a good sign that they _recommend_ Linux or BSD for their service

Last edited by Bebo (2007-11-25 17:30:15)

ledet · 2007-11-25 18:40:32

Absolutely Since you're from Sweden you probably know what the moms is? 25, 12 or 6%?

Bebo · 2007-11-25 19:05:33

Well, it is most likely 25%. (Some types of goods, books for instance, have other (lower) VAT, but the vast majority have 25%.)

Arch Linux

#1 2007-11-22 17:11:11

Pptpclient & routing

#2 2007-11-22 18:15:41

Re: Pptpclient & routing

#3 2007-11-22 18:33:27

Re: Pptpclient & routing

#4 2007-11-22 19:55:05

Re: Pptpclient & routing

#5 2007-11-22 21:06:12

Re: Pptpclient & routing

#6 2007-11-23 17:40:49

Re: Pptpclient & routing

#7 2007-11-23 19:16:17

Re: Pptpclient & routing

#8 2007-11-23 21:59:48

Re: Pptpclient & routing

#9 2007-11-23 22:06:47

Re: Pptpclient & routing

#10 2007-11-23 22:50:00

Re: Pptpclient & routing

#11 2007-11-23 22:57:04

Re: Pptpclient & routing

#12 2007-11-23 23:08:46

Re: Pptpclient & routing

#13 2007-11-23 23:37:13

Re: Pptpclient & routing

#14 2007-11-24 10:52:24

Re: Pptpclient & routing

#15 2007-11-25 16:28:17

Re: Pptpclient & routing

#16 2007-11-25 17:24:16

Re: Pptpclient & routing

#17 2007-11-25 17:26:30

Re: Pptpclient & routing

#18 2007-11-25 17:29:44

Re: Pptpclient & routing

#19 2007-11-25 18:40:32

Re: Pptpclient & routing

#20 2007-11-25 19:05:33

Re: Pptpclient & routing

Board footer