You are not logged in.
- Topics: Active | Unanswered
#1 2010-05-19 21:27:40
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
HELP: VPN - Internet - LAN, Arch as Router on LAN
Hello.
If someone could help me with the following problem that I've encountered; I've read a few articles concerning different things and none of them open up the possibility for this solution.
1,5ghz CPU
512mb DDR
80gb HDD
2 NIC's
WAN eth0
1. It should get an IP from my ISP from DHCP. (If I just set it to dhcp it gets an IP address)
2. It should connect to a VPN server and route everything through the tunnel; if I connect to "www.whatismyip.com" it should be my VPN's IP, not the IP I get from my ISP.
LAN eth1
1. It should share the connection with WAN, eth0
2. It should act as a DHCP server
3. It should be secure
Guides I've read:
Router http://wiki.archlinux.org/index.php/Router
VPN http://wiki.archlinux.org/index.php/Mic … pptpclient
Where I am now
I haven't tested the router, because my internet is currently being shared through my switch which both the SERVER and this computer is on right now; so we have different IP's.
But I have configured DHCP on the server so eth1 act as a router.
I have connected to my VPN with pptpsetup (the guide didn't work very well, worked better with my VPN's guide to install it)
Currently, I can't ping www.google.com or any other page, although I have two connections (I tried to route it, but I'm uncertain if I did so correctly)
What I tried then: route add -net 192.168.5.0 netmask 255.255.255.0 dev ppp0
ifconfig shows:
eth0: IP ADDRESS FROM MY ISP
ppp0: IP ADDRESS FROM MY VPN
eth1 probably doesn't show here because I haven't restarted the network since I configured it.
Anyway, if there's someone that could guide my through this. The server is fresh installed a couple of hours ago.
Also... I want this setup to work after a reboot and not having to do this manually each time; I'm not a newbie to Linux, just to using computers as Routers and VPN connections.
Last edited by deukalion (2010-05-19 21:31:59)
Offline
#2 2010-05-20 05:12:33
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
first, make sure that you add a static route for your vpn site to the route array in rc.conf so that after setting up the vpn default route, your vpn wont disconnect. since you want all traffic to go through the vpn, simply use
route add default dev ppp0
make sure that your /etc/resolv.conf has the appropriate dns server addresses. as for sharing this connection, enable ip forwarding using sysctl and use iptables to NAT the connections. you can also set the default parameter in the vpn configuration file to make sure it becomes the default route as soon as it is connected.
Offline
#3 2010-05-20 11:17:00
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
After doing so, route takes a long time to run... not the "route add default dev ppp0" but just showing the routing table takes forever.
Also, the ppp0 connection doesn't auto start - do I put this in a script? because it has to start after the network has started and I've gotten a IP from my ISP through DHCP.
And eth1 doesn't seem to show in ifconfig tables although I'm currently connected to it.
Offline
#4 2010-05-20 13:32:22
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Right now I'm sitting in Lynx on the router, through my VPN; so it works.
Anyway, what I can't get working right now is the routing from eth0 to go through eth1.
Do I really have to read through the ROUTER guide on the wiki with IPTABLES? Because it's much and I'm not certain what to use or not use; I ssh:d locally while fixing IPTABLES and my Internet just shut down because of something IP TABLES did - so while reading the guide it disconnected me and I couldn't continue.
Any suggestions?
Offline
#5 2010-05-21 08:14:02
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
the routing table looks up the names of hosts using dns, this is the reason it takes time to run, simply use route -n to show the routing tables next time.
For vpn client, use pppd (dont use network manager or other GUI based tools) to connect to the vpn, with it you can configure the vpn to keep connecting indefinitely (if it times out, it will try to reconnect after a specific interval which can also be set)
the reason eth1 wont show in ifconfig if either it was disabled or the eth1 link was removed (wire pulled out).
for iptables, simply use
iptables -t nat -A POSTROUTING -s <your local subnet or ip address> -p all -o ppp0 -j MASQUERADE
Offline
#6 2010-05-21 10:14:11
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
I configured iptables yesterday with the same guide that were for the router: http://wiki.archlinux.org/index.php/Sim … l_firewall
Everything seemed to work OKAY while making the settings, but nothing works after a reboot.
eth1 shows in ifconfig (I forgot to put netmask 255.255.255.0, just put 255.255.255.0 in rc.conf before..)
eth0 shows in ifconfig, the router can connect through ppp0
I added to rc.local:
sleep 10 && pon myVPN
sleep 10 && route add default dev ppp0
and, iptables starts before network as it says on the guide - and dnsmasq starts later than network. I don't get any logs from either daemons, but they both doesn't seem to be working.
And I have a hard time understand all the routes in route, so I don't know which way it goes... bottom to up, or otherwise? i haven't checked it though, just remembered how it looked on a dd-wrt router - to much confusion; connections.
Any suggestions what it might be? I followed the guide of iptables, almost putting everything exactly as the guide tells me, even enabled ip forwarding, I excluded a few things that didn't seem to be what I were looking for. Like NAT Gateway had configurations for two eth0, while I only have one local net. so that I skipped, and some other stuff. but nothing important - everything went through as it should. Still, no idea what really makes it a DHCP Server, and (I can get a connection with the router locally, but I can't get internet from it) what makes it share the connection, ip forwarding?
Like I've said, no newbie to Linux, just using Arch as a router. or any "standard" linux for that matter.
Offline
#7 2010-05-21 10:17:13
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Simplest explanation, how do I get it to worked - stripped down to the core? I mean. First, I want connection to work with PPTP then I want Internet Sharing through DHCP/DNS. How do I easily just get that to work from "scratch" and then configure everything else? What I mean, I probably screwed something up by installing iptables and configured it someway I shouldn't have done so iptables blocks connections or something.
Anyway, simplest guide to just get it working and then "work it up"? DHCP/DNS Server & Internet Sharing.
Offline
#8 2010-05-21 14:19:17
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
first, in the files myVPN which stores your vpn configuration, simply add the line 'default' <no quotes> to it, and it will automatically add it as teh default route so you dont need to specifically add it.
For iptables, just remove any and all configuration you have done, create a bash file and add the above mentioned iptables rule it it, then you can run it by adding it to rc.local
as for dhcp/dns, if you are using dnsmasq, configure it's dhcp settings, and simply add the correct dns servers to /etc/resolv.conf, make sure that dnsmasq listens to the appropriate interface.
Offline
#9 2010-05-21 18:06:11
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Thanks. I will try this as soon as possible.
If you're very good with PPTP or VPN in Linux, I might ask a final question before I put everything in to action and try it out.
I have tried this on the same computer
1. If I use Windows to connect to a VPN connection, through my connection from the ISP - I get my default bandwidth (80/80mbit ~ sometimes more)
2. If I use Linux to connect to a VPN connection (Ubuntu, Arch) with Networkmanager-pptp / or simply by using pptpsetup to configure it, I ALWAYS get a decrease of my bandwidth by 75%. I get around 20/20mbit at most... sometimes rarely, a little more.
Is this a common problem in Linux over PPTP connection which is Microsoft based or is it something that just needs a little tweaking to work correctly?
I reboot my computer right now and connect directly through my ISP, then connect by setting up a new connection to a VPN in Windows I get "stable" 80mbit up/down... but when I do the same in Linux I get an unstable connection that hangs often, and a decrease from 80mbit to 20mbit.
Anything you, or anyone else knows something about? It's the same computer, same network cards.
Even on the Arch Router I'm setting up, it gets the same result: 75% decrease in bandwidth at a minimum... sometimes it goes to 10/10.
Offline
#10 2010-05-22 15:34:11
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
before starting VPN connection, try using your ISP and check if you are actually getting 80 mbps for up/down, this is to make sure that the connection to the isp from linux works correctly, if it does, you might need to set some specific tcp tuning parameters such as MTU.
also, just to make sure since 80/80 is quite high 
,is 80 mbps your actual download and upload bandwidth or is it the link speed?
Offline
#11 2010-05-22 20:27:30
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Don't worry; I know I have 80/80mbit. I get those results without the VPN - with it I get at most 20mbit.
I have a download speed of about 10mb/s sometimes, but downloading archlinux ISO from ftp.gigabit.nu gives me about 9~ mb/s..
So yeah, with Linux there's defiantly a decrease in bandwidth with VPN connected - not in Windows though.
And, I have run many TP Tests to verify what I'm saying now - I have at least 80/80 (which is what I'm paying for) sometimes more... not with VPN on Linux, it's unstable and 75% of bandwidth is gone.
I should be able to upload and download at 80mbit at the same time with my ISP and I can do that with the right connection. No doubt about that.
Offline
#12 2010-05-22 21:06:47
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
in linux, pptp uses another process for the pptp connection, since your connection speed is so high, you should check top to see if its not the CPU which is bogging the data rate down.
also, check this http://linux.die.net/man/8/pptp specifically the timeout parameter, also, check the pppd man pages to set recieve window etc settings to improve performance.
if nothing works, it could be that pptp for linux was not created for very high speed data rates since there is no kernel module for it.
Offline
#13 2010-05-23 12:55:59
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Even if it was the CPU that limited the bandwidth, wouldn't it be exactly the same in Windows?
I run it now with "--timeout 0.01 --loglevel 2" so I can get more logs, have to check where they are first.
Still the same results though...
Gonna check the man page now.
Offline
#14 2010-05-23 13:45:40
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Whatever options that I try to set with "pty <ip> <options>" that I know that I can use; nothing seems to change the bandwidth.
I even contacted my VPN provider and said that they've had no problems concerning this or people haven't really "cared" that their bandwidth is gone.
There must be something in Linux that limits the bandwidth, if it's pptp or something else I can't find. No matter where I search for these answers, there is none to be found. "pptp linux bandwidth decrease", "pptp linux bandwidth", "pptp linux vs pptp windows", and so on and so fourth....
Offline
#15 2010-05-23 13:48:32
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
top says that during TP-tests, that Firefox uses around "60%" of the CPU. I have AMD 4200+ 2,2ghz, 2gb DDR2 800mhz.
Offline
#16 2010-05-23 15:58:44
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Is there someway to manually configure the routing table? I was wondering if that might be the problem... don't know if I'm right or wrong about this; but something tells me that it's not the connection that is the problem but the way it accesses the connection.
etc, if it looked liked this:
COMPUTER -> ISP -> VPN -> ISP
when it suppose to look like this:
COMPUTER -> VPN -> ISP ......... or ......... COMPUTER -> ISP -> VPN
Because Windows "uses" the connection I have, while Linux just routes through it.
Or if there's anyway to add "ppp0" in rc.conf @ networking interfaces...
Can this perhaps be the problem? I'll post my routing table from Windows without the VPN, and with the VPN... and then do the exact same in Linux. Might spot something that I can't see, not so familiar with these types of configurations.
Offline
#17 2010-05-23 16:13:15
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
I exchanged MY last digit of MY IP address to "MY"
ROUTE WINDOWS - WITHOUT VPN
===========================================================================
Interface List
16...00 17 31 e3 fd f2 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 82.196.99.1 82.196.99.MY 20
82.196.99.0 255.255.255.0 On-link 82.196.99.MY 276
82.196.99.MY 255.255.255.255 On-link 82.196.99.MY 276
82.196.99.255 255.255.255.255 On-link 82.196.99.MY 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 82.196.99.MY 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 82.196.99.MY 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:73ba:185e:1ce8:ad3b:9c4c/128
On-link
14 1025 2002::/16 On-link
14 281 2002:52c4:63b3::52c4:63b3/128
On-link
16 276 fe80::/64 On-link
11 306 fe80::/64 On-link
15 281 fe80::200:5efe:82.196.99.MY/128
On-link
11 306 fe80::185e:1ce8:ad3b:9c4c/128
On-link
16 276 fe80::ac8d:a28d:edb7:abdf/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneIPCONFIG - WINDOWS WITHOUT VPN
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : **MYISP**
Link-local IPv6 Address . . . . . : fe80::ac8d:a28d:edb7:abdf%16
IPv4 Address. . . . . . . . . . . : 82.196.99.MY
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 82.196.99.1
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73ba:185e:1ce8:ad3b:9c4c
Link-local IPv6 Address . . . . . : fe80::185e:1ce8:ad3b:9c4c%11
Default Gateway . . . . . . . . . :
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . : **MYISP**
IPv6 Address. . . . . . . . . . . : 2002:52c4:63b3::52c4:63b3
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
Tunnel adapter isatap.**MYISP**.se:
Connection-specific DNS Suffix . : **MYISP**
Link-local IPv6 Address . . . . . : fe80::200:5efe:82.196.99.MY%15
Default Gateway . . . . . . . . . :ROUTE WINDOWS - WITH VPN
===========================================================================
Interface List
24...........................VPN Connection
16...00 17 31 e3 fd f2 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 82.196.99.1 82.196.99.MY 4245
0.0.0.0 0.0.0.0 On-link IP.FROM.MY.VPN 21
80.67.2.76 255.255.255.255 82.196.99.1 82.196.99.MY 4246
82.196.99.0 255.255.255.0 On-link 82.196.99.MY 4501
82.196.99.MY 255.255.255.255 On-link 82.196.99.MY 4501
82.196.99.255 255.255.255.255 On-link 82.196.99.MY 4501
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
IP.FROM.MY.VPN 255.255.255.255 On-link IP.FROM.MY.VPN 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 82.196.99.MY 4502
224.0.0.0 240.0.0.0 On-link IP.FROM.MY.VPN 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 82.196.99.MY 4501
255.255.255.255 255.255.255.255 On-link IP.FROM.MY.VPN 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:73ba:a0:762:4381:a3d8/128
On-link
14 1025 2002::/16 On-link
14 281 2002:52c4:63b3::52c4:63b3/128
On-link
14 281 2002:bc7e:5c27::bc7e:5c27/128
On-link
16 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::a0:762:4381:a3d8/128
On-link
15 281 fe80::200:5efe:82.196.99.MY/128
On-link
16 276 fe80::ac8d:a28d:edb7:abdf/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneIPCONFIG WINDOWS - WITH VPN
PPP adapter VPN Connection:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : IP.FROM.MY.VPN
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : **MYISP**
Link-local IPv6 Address . . . . . : fe80::ac8d:a28d:edb7:abdf%16
IPv4 Address. . . . . . . . . . . : 82.196.99.MY
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 82.196.99.1
Tunnel adapter isatap.{9B82BBD5-947A-476B-B63F-F4EA7CB4E8C5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73ba:a0:762:4381:a3d8
Link-local IPv6 Address . . . . . : fe80::a0:762:4381:a3d8%11
Default Gateway . . . . . . . . . :
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . : **MYISP**
IPv6 Address. . . . . . . . . . . : 2002:52c4:63b3::52c4:63b3
IPv6 Address. . . . . . . . . . . : 2002:bc7e:5c27::bc7e:5c27
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
Tunnel adapter isatap.**MYISP**.se:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :Offline
#18 2010-05-23 16:37:37
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
ROUTE LINUX - WITHOUT VPN
Destination Gateway Genmask Flags Metric Ref Use Iface
82.196.99.0 * 255.255.255.0 U 1 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default 82.196.99.1 0.0.0.0 UG 0 0 0 eth0IPCONFIG LINUX - WITHOUT VPN
eth0 Link encap:Ethernet HWaddr 00:17:31:e3:fd:f2
inet addr:82.196.99.MY Bcast:82.196.99.255 Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fee3:fdf2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34285 errors:0 dropped:0 overruns:0 frame:0
TX packets:15885 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38972270 (38.9 MB) TX bytes:24737693 (24.7 MB)
Interrupt:25 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7689 (7.6 KB) TX bytes:7689 (7.6 KB)ROUTE LINUX - WITH VPN (this takes about 30 seconds to LOAD)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
net0.sth.se.vpn * 255.255.255.255 UH 0 0 0 ppp0
eleven.sth.se.v 82.196.99.1 255.255.255.255 UGH 0 0 0 eth0
six.sth.se.vpn. 82.196.99.1 255.255.255.255 UGH 0 0 0 eth0
82.196.99.0 * 255.255.255.0 U 1 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0
default 82.196.99.1 0.0.0.0 UG 0 0 0 eth0IPCONFIG - WITH VPN
eth0 Link encap:Ethernet HWaddr 00:17:31:e3:fd:f2
inet addr:82.196.99.MY Bcast:82.196.99.255 Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fee3:fdf2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34732 errors:0 dropped:0 overruns:0 frame:0
TX packets:16043 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:39033612 (39.0 MB) TX bytes:24755593 (24.7 MB)
Interrupt:25 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7689 (7.6 KB) TX bytes:7689 (7.6 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr: IP.FROM.MY.VPN P-t-P:188.126.80.0 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2347 (2.3 KB) TX bytes:585 (585.0 B)As I've mentioned above, which I have noticed before: getting the ROUTING TABLE takes a long time while in Windows it retrivies it directly.
Offline
#19 2010-05-25 12:41:18
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
there is the problem, as you can see from your routes, there are multiple default routes, one for eth0 (your ISP) and one for VPN, windows normally assigns the default gateway to only the VPN when its available, otherwise it sets it back to your isp (if VPN goes down). to resolve this, do this
1) add my.vpn.com <my.vpn.ip> to /etc/resolv.conf (so it can be resolved)
2) add your vpn site route statically, route add my.vpn.com gw 82.196.99.1 dev eth0 (or whichever gateway you have)
3) start vpn
you cant simply remove the default route for eth0 because then, there would be no way for the kernel to determine where to send the VPN IP packets and your vpn will not work, this way, vpn connection packets will be sent through eth0, while all others through ppp0. check it to see if it helps.
Offline
#20 2010-05-25 20:43:32
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
I'll try that, but one problem with rc.resolv is that it resets even though I set DHCP to not overwrite the resolv.conf file.
A second thing I'm wondering about, when I connect to the VPN in Windows I get alot of shares from people connected to the same network as me; I mean I can see peoples computer on the Network. This does not work in Linux as far as I've seen, could this also be something that makes the connection more unstable and slower? Because it's trying to establish links between the network and my computer?
I'll post results later, I have to go now. Thanks again.
Offline
#21 2010-05-25 20:55:34
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
Ok, I'm gonna try it first. However, my IP that I get from my VPN is different each time because it varies where I connect to; they have different servers all over the country. So my IP is not always the same when I connect, but I can connect to the same "server", although they have a DNS server that establishes the fastest connection from there - but I have chosen a unique IP address because I feel that's the one that given me the best results. Sometimes I get connected to another while using DNS and it slows down a little.
So, in resolv.conf should I still use that IP that I get or create a script that detects it and writes it? How do I proceed with this? I'll try just adding a default route at first.
There is no change to just clear the routing table and manually configure it? Or something similiar...?
Offline
#22 2010-05-25 21:04:26
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
1) I added the IP that I connected to in resolv.conf.
2) I added the 'route add "same IP" gw 82.196.99.1 dev eth0'
No connection.
Offline
#23 2010-05-25 21:14:54
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
I tried:
route add <IP I CONNECT TO MY VPN> gw <GATEWAY FROM VPN> dev eth0
SIOCADDRT: No such process
route add <IP I GET FROM MY VPN> gw <GATEWAY FROM VPN> dev eth0
SIOCADDRT: No such process
route add <BOTH IPs ABOVE> gw <GATEWAY FROM MY ISP> dev eth0
Connection is lost, ping won't work.
This I tried now when resolv.conf contained my "IP I CONNECT FROM", "MY VPN GATEWAY" and my ISP's DNS (the ones I get when it dhcps the connection.
Any thoughts?
Offline
#24 2010-05-26 04:37:32
- Sin.citadel
- Member
- Registered: 2008-01-22
- Posts: 267
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
if you have any iptables rules, disable them. for dhcp, use dhcpcd or dhclient to get the dhcp lease from the isp (if its causing problems). your vpn server, lathough may have lots of different servers in different locations, their dns names will also most likely be different, so pick one and add its route. you should also remove eth0 as the default route (it will disable all comunication, so only do that if your ready to connect using vpn). once you have implemented those changes, if it doesnt work, post the resolv.conf, and the route output. use route -n as it does not do dns lookups.
for the above errors, they occur when your ethernet interface eth0 may not have an ip address, or is disabled.
Offline
#25 2010-05-28 11:34:01
- deukalion
- Member
- Registered: 2009-04-11
- Posts: 50
Re: HELP: VPN - Internet - LAN, Arch as Router on LAN
1) As far as I can tell, iptables is not enabled
2) su:ing
3) dhcpcd eth0 // got IP
4) pon MYVPN
5) route del eth0 // took about 5-10 seconds, echoes: eth0: unknown host
6) the dns servers are usually "the same", almost everytime and by connection with "pon MYVPN", the DNS servers get written to resolv.conf automatically (2 of them)
7) had to "pon MYVPN" again.
8) route add default ppp0
#1 results from a TP-test:
send: 28.94mbps
recieve: 33.08mbps
#2 results from a TP-test:
send: 31.50mbps
recieve: 41.99mbps
Certainly a "increase" in bandwidth, but still there's 50% missing of my bandwidth.
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
188.126.80.0 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
ISP.FROM.MY.ISP 82.196.99.1 255.255.255.255 UGH 0 0 0 eth0
82.196.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 82.196.99.1 0.0.0.0 UG 0 0 0 eth0Offline