Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: OPENBSD and POPTOP Client has to manually add route.

OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #16983

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
I have Poptop installed and configured on openbsd. I'm having a small problem tho. I'm connecting via PPTP NOT using remote gateway. When I do this to get the vpn to work on the client(Winxp) I have to add a route.


[code:1]route ADD 192.168.11.0 MASK 255.255.255.0 192.168.12.221 metric IF 192.168.12.221[/code:1]

If I do this the vpn tunnel works and I can even web browse at the same time.

Why isn't this route added already? I'm told it should, is there anyway I can get this added automaticly?

Here is my PPTP config



/etc/pptpd.conf
bcrelay vr0 (my Lan adapter not sure if this is right)
localip 192.168.11.210-225
remoteip 192.168.12.210-225

/etc/ppp/options
lock
auth
usehostname
+MSChap-V2 mppe-128 mppe-stateless

/etc/ppp/options
pptp:
enable MSChapV2

/etc/ppp/ppp.secret
bublitz password 192.168.12.221

******OOPS Meant this for Firewall section******
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #16996

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
your config doesn't have any information on routing, just tunnel creation.

You may want to research to see if you can inject routes through the pptp config, but in my experience, you will probably have to use a batch script to start up the tunnel and add the route on the client (and delete it when the tunnel is dropped).

This is one of the reasons i switched to IPsec tunnels on my networks. It has the ability to inject the routes that should be tunneled.
The administrator has disabled public write access.

Re: OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #16998

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Aren't these routes supposed to be automaticly created? I'm not much of a programmer I could make a spererate batch file for each client I suppose to add this route. THe only thing is I would have to make a seperate batch file for each client.
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #17000

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
I looked through the docs for PopTop and it does not appear to have the ability to inject specific routes for tunneling.

Can you post your routing table when the tunnel is active?

If it uses the tunnel as the default route, you should be able to hit everything, with the caveat that _everything_ goes down the tunnel, including traffic that is not destined for the other side.

if it still shows your normal connection as the default, then specific routes will need be added to send traffic down the tunnel.

When I was using pptp, my batch script would inject specific routes to be tunneled, then re-add the default to my provider, giving me a split-tunnel set up. Only traffic that needed to be tunneled was sent down the tunnel. Everything else was sent directly out to the net.

You may want to look at the pptp client advanced options to see if that can add the routes for you.
The administrator has disabled public write access.

Re: OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #17001

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Yea I've been searching all over to try and add these route automaticly. When you see all the Docs on the Poptop setup none mention that you need to manually add routes. The routing table has no routes to the remote network upon connecting. ONLY if you use the "use remote gateway" then it adds a 0.0.0.0 0.0.0.0 then the gateway is your ppp interface. The only problem is all internet traffic is then routed this way since it adds a metric of 1.
I find it odd that you have to manually add this route you would think PPTP would do this automaticly.

I do have a script now so Ill just live with it.

www.joshcook.net/2005/01/pptp-routing-interesting-traffic.asp

This script runs the PPTP enter username and pass and also makes the route.

I've done a lot of searching and I've messed with the config quite a bit I just can't seem to get it going. Since in new to opensd I don't know how to open the logs on the PPP/PPTP connections maybe there is something there? do you know how?

I have some route prints ill post here soon once I get them from my friend.
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: OPENBSD and POPTOP Client has to manually add route. 10 years 1 week ago #17010

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
- It is the responsibility of the ppp client to add automatically a default route. A soon as a link is established, it has all the information do so. The server on the other hand doesn't have any standardized facility to "inject" routes to the remote peers.

PPPd (when acting as client) supports adding a default route locally via the "defaultroute" option. I don't know about windows, I suggest you look into the client's properties for something similar or look for an other client software.

- Logging for the pppd can be defined in the ppp.conf in detail, like all options, via "set". for example I've chosen to log events related to the following:
set log Phase Chat IPCP CCP LCP tun command

By default, logs are sent to syslog, facility "daemon". You can check in /etc/syslog.conf to see in what file those messages are exported.
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup