You are not logged in.
Hi everyone,
when I establish VPN connection from my PC the internet on it stops - I am unable to load webpages, connect IM clients etc.
I suppose it is some setting somewhere in pptp. Can someone help with this?
Thanks.
Last edited by kcholakov (2011-12-02 07:46:51)
Offline
I'm guessing it is replacing your default route. I've never seen PPTP in Linux do this though...
This thread may be of assistance to you:
http://www.tunnelbroker.net/forums/inde … opic=951.0
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Yes, I believe this is the cause.
Actually after executing:
pon <my_network>
I am also executing manually this:
route add -host <IP_of_the_machine_I_want_to_access> dev ppp0
to be able to "see" the machine I need to access in the VPN network.
Is that what it is wrong? Maybe I am overwriting the default route in this way?
Thanks again.
Offline
Post your route table before and after connecting to the VPN.
Last edited by tomk (2011-11-27 13:07:39)
Offline
Before starting VPN:
[root@bbb ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
bbb-server.com home-72-92-6-1. 255.255.255.255 UGH 0 0 0 eth0
72.92.6.0 * 255.255.255.0 U 0 0 0 eth0
default home-72-92-6-1. 0.0.0.0 UG 0 0 0 eth0
After starting VPN and executing:
route add -host 192.168.180.68 dev ppp0
route add -host 192.168.180.71 dev ppp0
[root@bbb~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.180.68 * 255.255.255.255 UH 0 0 0 ppp0
78.80.3.211 72.92.6.1 255.255.255.255 UGH 0 0 0 eth0
192.168.180.71 * 255.255.255.255 UH 0 0 0 ppp0
192.168.181.99 * 255.255.255.255 UH 0 0 0 ppp0
72.92.6.0 * 255.255.255.0 U 0 0 0 eth0
default 72.92.6.1 0.0.0.0 UG 0 0 0 eth0
[root@bbb ~]#
Last edited by kcholakov (2011-11-27 16:28:10)
Offline
That looks correct. You're adding routes for the specific hosts (you should be able to do this as -net 192.168.180.0/24 instead of for each -host but that's a side point).
What sites can't you connect to? Post the output of the following after you connect to the VPN:
ping 8.8.8.8
traceroute 8.8.8.8
(EDIT: Can you use the the -n flag to route and post that please?)
Last edited by fukawi2 (2011-11-27 22:38:18)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I can't load nothing. Only skype connects somhow.
Here is the output:
[root@bbb ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=43.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=38.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=45.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=32.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=47.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=39.4 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=33.1 ms
^C
--- 8.8.8.8 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6006ms
rtt min/avg/max/mdev = 32.781/40.029/47.134/5.375 ms
[root@bbb ~]#
[root@bbb ~]# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets
1 72.92.6.1 (72.92.6.1) 0.526 ms 0.373 ms 0.386 ms
2 89.190.198.146 (89.190.198.146) 19.563 ms 21.926 ms 23.542 ms
3 * 89.190.215.46 (89.190.215.46) 7.714 ms 23.971 ms
4 80.81.192.229 (80.81.192.229) 63.194 ms 37.274 ms 37.484 ms
5 80.81.192.108 (80.81.192.108) 37.700 ms 47.617 ms 37.495 ms
6 72.14.238.44 (72.14.238.44) 31.723 ms 72.14.238.46 (72.14.238.46) 34.402 ms 31.341 ms
7 72.14.239.60 (72.14.239.60) 56.634 ms 62.164 ms 72.14.239.62 (72.14.239.62) 50.456 ms
^C
>> Can you use the the -n flag to route and post that please?
route -n give the same output as in my previuos post
Last edited by kcholakov (2011-11-28 06:04:09)
Offline
>> Can you use the the -n flag to route and post that please?
route -n give the same output as in my previuos post
The first route table will be different (no hostnames resolved) but that doesn't matter, your routing appears to be OK since you can ping/traceroute OK.
Are you able to telnet to a web server?
telnet www.google.com 80
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Does your vpn run some kind of firewall/content filter?
As fukawi2 says, your pings show that you *do* have access to internet
Regards
My blog: blog.marcdeop.com
Jabber ID: damnshock@jabber.org
Offline
You might also check that your DNS resolution isn't being affected. When I use vpnc, I run a local dnsmasq daemon and have a "nameserver 127.0.0.1" entry in my resolv.conf, which routes all hostname lookups on the VPN network to the DNS server for that network, but everything else gets resolved via my router's DNS. That is, my dnsmasq.conf has something like:
server=/my.vpndomain.com/10.129.1.21
So only <machine_name>.my.vpndomain.com lookups route to 10.129.1.21, which (when tunneled via VPN) is the DNS server for that network. The wiki has some details on dnsmasq: https://wiki.archlinux.org/index.php/Dnsmasq
-nogoma
---
Code Happy, Code Ruby!
http://www.last.fm/user/nogoma/
Offline
You might also check that your DNS resolution isn't being affected.
Duh, of course...! lol
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Folks,
I found what's the problem. When I start the VPN, "the thing" backups my resolv.conf, I mean renames it to something like resolv.conf.backup.ppp0 and then creates another one and puts some 192.168.*.* DNS servers there.
If someone knows what's the setting to turn this off it will be great. I am going to search for this later too...but not now, since I am tired now.
Last edited by kcholakov (2011-11-29 18:24:00)
Offline
I think the config you need to lookup is "usepeerdns" in yout pptp config.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thanks man.
Here is what I found. Under the peers folder (/etc/ppp/peers/) I keep my connection configurations. The config looks like this:
remotename TheServer
ipparam myCon
pty "pptp some-server --nolaunchpppd"
name "something-here-not-important"
usepeerdns
require-mppe-128
refuse-eap
noauth
file /etc/ppp/options.pptp
so that "usepeerdns" was my problem. I did no see it actually before. It seems that I created that from some example file in the past and forgot it.
Commenting this line out solved my problems.
Last edited by kcholakov (2011-11-30 19:52:28)
Offline