Re: Interesting VPN problem.

From: Kerem Tuzemen (keremtuzemen_at_hotmail.com)
Date: 11/21/03 

Date: Fri, 21 Nov 2003 11:13:27 -0500

Hi Luke,

First of all, thanks for your time and suggestions. Here is some additional
information and answers to your questions:

On the internal network which is behind the subject vpn server everything
seems to work normally. i.e. I can ping linux boxes from win boxes and
vice-versa. All of the ip addresses (except the vpn client's original IP)
are real IP addresses and they are on the same mask.
Let me explain what made me think about the routing protocol. Think about
this: at the time of connection to the VPN server two ip addresses from the
vpn pool are used to welcome the vpn client to the network. One of them is
the ip assigned to the client and the other one kinda acts as a gateway and
assigned to the VPN server's vpn port. When the connection is established,
the MS VPN server announces the new route for the vpn client to other
computers on the network (which should update other computers' routing table
to let them know that the assigned vpn client address is reachable via the
gateway ip address on the vpn server) so if the linux box's routing table
doesn't get updated, there's no way for it to know how to reach the vpn
client's ip address since it's reachable via the gateway (second) ip address
assigned to vpn port of the server. So even if it receives the ICMP packets,
it can not send the response back.

Kerem

> Hi Kerem,
>
> Can you ping the lead hat box on the internal network?? If not:
>
> #cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
>
> if that returns a 1 then
>
> #echo > 0 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
>
> #cat /proc/sys/net/ipv4net.ipv4.icmp_echo_ignore_all
>
> if that returns a 1 then
>
> #echo > 0 /proc/sys/net/ipv4net.ipv4.icmp_echo_ignore_all
>
> Some other points? Is your vpn server assigning an address range on the
same
> mask as your RH box???
>
> Can't see how the route table would affect anything. You ping an address
if
> its up its up. Is your RH box on the same mask as the vpn server??
>
> Luke
>
>

Relevant Pages

  • Re: ISA2004 kills VPN outbound
    ... Can you please tell me some information about the remote VPN Server? ... Do you have firewall client installed? ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA2004 kills VPN outbound
    ... I have the same problem connecting to several different VPN servers. ... > it use a hardware router or a windows-based computer to be its VPN Server? ... > connection will fail in some cases when a hardware firewall resides in the ... > |> FW client and configure the client as a SecureNAT client. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN problem
    ... Whenever i ping my vpn server by netbios name it returns thr external ... MVP -- ISA Firewalls ... IP range used from the Internal Network that is as follows: ...
    (microsoft.public.isa.configuration)
  • Re: xp vpn connection problem
    ... through the modem/router to the VPN server PC. ... Make sure you have TCP Port 1723 forwarded to the local private *STATIC* LAN IP of the PPTP VPN ... is being passed through the router... ... > Trying to set up VPN connection to office LAN using xp VPN ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: remore desktop ...
    ... Network connection beteen your network and your friends network (The ... VPN connection is ... BT Voyager defaults to using network 192.168.1.xxx. ... Chose which PC will be the VPN server and which will be the VPN ...
    (uk.telecom.broadband)