New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help configuring PPPT VPN to access Internet
Hello,
I'm trying to configure pppt to forward internet data but it doesn't work, when I connect I only get access in the "LAN" between the machine and my computer.
I tried every possible tutorial I could find online, what could it be?
http://www.larmeir.com/2010/03/setting-up-a-pptp-vpn-server-on-debian-and-ubuntu/ this seems to suggest all things I tried but still no luck:(
Comments
The most obvious thing wrong with that tutorial is it doesn't tell you to run 'sysctl -p' (as root) to re-read sysctl.conf after you've modified it.
Also the first iptables line should be unnecessary, and you'll need to pop the 2nd one in /etc/rc.local (or somewhere else where it will get re-run at startup) if you want your VPN to run after a reboot.
I did run sysctl -p but won't work (i also changed the file directly). Also tried to use "venet0" as interface since eth0 doesn't exist but still no luck!
I really don't get why it doesn't work
That seems as if you're using OpenVZ as virtualisation. Keep in mind that
MASQUERADE
in iptables does not work there, so you should useSNAT
instead. The iptables-rules provided in the tutorial are therefore not working in your set-up.ah openvz requires slightly different iptables command because masquerade doesn't work
flush your existing rules with iptables -t nat -F then try
iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4
(replace 1.2.3.4 with your public IP)
still not working
http://www.putdispenserhere.com/pptp-vpn-setup-guide-for-a-debian-openvz-vps/
I uninstalled everything, ran the script from this link...still NOT working. WTF?
It is not a DNS problem cause I can't ping IPs either, only the VPS's
@mitgib
+1 simplest 'tutorial' there is
okay so you can ping local and remote vpn IPs?
you've configured your VPN client to route all traffic through the VPN ?
double check the default gateway with your OS's route command
and post the output of
iptables -t nat -L
cat /proc/sys/net/ipv4/ip_forward
Yes I can ping both IPs
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:VPS_IP
SNAT all -- anywhere anywhere to:VPS_IP
SNAT all -- anywhere anywhere to:VPS_IP
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@server1:~# cat /proc/sys/net/ipv4/ip_forward
1
this is the debug log before it starts not forwarding packages
Jan 4 21:20:50 server1 pppd[1702]: sent [CCP ConfReq id=0x1 ]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #8
Jan 4 21:20:51 server1 pppd[1702]: rcvd [IPV6CP ConfReq id=0x5 ]
Jan 4 21:20:51 server1 pppd[1702]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Jan 4 21:20:51 server1 pppd[1702]: sent [LCP ProtRej id=0x2 80 57 01 05 00 0e 01 0a 08 31 67 c2 13 80 02 61]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #9
Jan 4 21:20:51 server1 pppd[1702]: rcvd [CCP ConfReq id=0x6 ]
Jan 4 21:20:51 server1 pppd[1702]: sent [CCP ConfAck id=0x6 ]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #10
Jan 4 21:20:51 server1 pppd[1702]: rcvd [IPCP ConfReq id=0x7 ]
Jan 4 21:20:51 server1 pppd[1702]: sent [IPCP TermAck id=0x7]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #11
Jan 4 21:20:51 server1 pppd[1702]: rcvd [CCP ConfAck id=0x1 ]
Jan 4 21:20:51 server1 pppd[1702]: MPPE 128-bit stateless compression enabled
Jan 4 21:20:51 server1 pppd[1702]: sent [IPCP ConfReq id=0x1 ]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #12
Jan 4 21:20:51 server1 pppd[1702]: rcvd [IPCP ConfRej id=0x1 ]
Jan 4 21:20:51 server1 pppd[1702]: sent [IPCP ConfReq id=0x2 ]
Jan 4 21:20:51 server1 pptpd[1701]: GRE: accepting packet #13
Jan 4 21:20:51 server1 pppd[1702]: rcvd [IPCP ConfAck id=0x2 ]
Jan 4 21:20:52 server1 pptpd[1701]: GRE: accepting packet #14
Jan 4 21:20:52 server1 pppd[1702]: rcvd [IPCP ConfReq id=0x8 ]
Jan 4 21:20:52 server1 pppd[1702]: sent [IPCP ConfRej id=0x8 ]
Jan 4 21:20:53 server1 pptpd[1701]: GRE: accepting packet #15
Jan 4 21:20:53 server1 pppd[1702]: rcvd [IPCP ConfReq id=0x9 ]
Jan 4 21:20:53 server1 pppd[1702]: sent [IPCP ConfNak id=0x9 ]
Jan 4 21:20:53 server1 pptpd[1701]: GRE: accepting packet #16
Jan 4 21:20:53 server1 pppd[1702]: rcvd [IPCP ConfReq id=0xa ]
Jan 4 21:20:53 server1 pppd[1702]: sent [IPCP ConfAck id=0xa ]
Jan 4 21:20:53 server1 pppd[1702]: Cannot determine ethernet address for proxy ARP
Jan 4 21:20:53 server1 pppd[1702]: local IP address VPS_IP
Jan 4 21:20:53 server1 pppd[1702]: remote IP address 10.1.0.1
Jan 4 21:20:53 server1 pppd[1702]: pptpd-logwtmp.so ip-up ppp0 sandro PC_IP
Jan 4 21:20:53 server1 pppd[1702]: Script /etc/ppp/ip-up started (pid 1703)
Jan 4 21:20:54 server1 pptpd[1701]: GRE: accepting packet #17
Jan 4 21:20:54 server1 pptpd[1701]: GRE: accepting packet #18
Jan 4 21:20:54 server1 pptpd[1701]: GRE: accepting packet #19
Jan 4 21:20:54 server1 pptpd[1701]: GRE: accepting packet #20
Jan 4 21:20:54 server1 pptpd[1701]: GRE: accepting packet #21
Note: I changed the VPS IP and my IP with VPS_IP and PC_IP
curious. you're not using the same IP range on your home network and vpn are you?
perhaps someone else can spot it, but I can't see anything obvious wrong here. The duplicate iptables rules might cause some weirdness with openvz - try flushing them (iptables -t nat -F) and re-entering it once.
also you are using your VPS's public IP in the iptables command, right - not the VPN IP.
I'm not using the same IP range at all. Yes I'm using the public IP
Could it OpenVPN causing problems? It was using 10.8.0.0 while PPPT is using 10.1.0.0 even though openvpn is not running and I disabled TUN/TAP but I still have these rules
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:5360
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
At this point I'm just gonna ask...could it be something with the host? It's the URPAD $12/y
first thing to figure out it to do a fresh reinstall of the os for the vps. Then to figure out if it is openvpn is to use the open vpn access server package. install the the deb or rpm and change the passwd for openvpn and then try using openvpn for ur vpn connection to see if it works!!!
I "can't" reinstall the OS again... I have websites running and it's all configured
I wish there was a way to debug this, is there some king of "network" logging? To see what happens to the traffic not forwarded to the Internet?
lol well do this then lol uninstall openvpn then install the openvpn access server package lol
I'm sorry why do I need to change openvpn password to check if it's the cause of pppt not working? it doesn't even have one, it has certificates
If nothing helps...
Install a http proxy listeing on your pptp network only...
And edit/add following lines:
Additional information:
On Browser or System level add the Proxy: 10.1.0.1:8080.
flush all those openvpn iptables rules and it'll probably spring to life.
Have you try this?
And also save the iptables as example :
Restart the openvpn and try again
@ErawanArifNugroho he's already posted output that shows he's done the first two steps, also you've used his OpenVPN IP range rather than the PPTP one he's struggling with...
@tehdan, right my mistake.
At some provider, I've tried to make the value of /proc/sys/net/ipv4/ip_forward to 1, but everytime I restarted the vps, it's always returned to 0. So I just reformat the os, if that doesn't fix the problem, I just cancel it.
And also, sometimes I just mistaken about the ethernet device, which is eth/venet/something while I just using the pptp script from putdispenserhere without modifying it.
Also, I noticed this :
and
So, what is the ethernet device available? And also, have he disabled the ipv6?
that fixed it THANK YOU.
Do you know what was the problem with the opevpn rules?
Have any idea why the upload speed (my computer to vps) is capped at around 5KB/s via PPPT while the download has not limits?
Your OpenVPN setup prevented your system from forwarding packets originating from networks other than the 10.8.0.0/24 it was set up for:
You could fiddle these rules to only accept packets from 10.8.0.0/24 and 10.1.0.1/24 - but I don't bother with these for a simple setup - your host shouldn't pass you random packets to route.
As for your performance issues - is it slow client -> vpn or just client -> outside world - usual suspects are MTU / MSS take a look at the pptp documentation which is pretty good, lowering the MTU of your PPP link is a good first place to start. Its also possible your ISP is rate-limiting PPTP / GRE traffic so maybe also try from another location.
Hi,
it's only slow client->outside world, client->vpn upload is at full speed.
And no my ISP is not limiting cause another PPPT VPN I have is fast.
Can in this case be the MTU as well?
Can you elaborate? I didn't get it :P
Yes, MTU seems likely issue then. Try 1400 and see if it speeds up.
By default when you set ip_forward to 1, your linux box will forward any packet it receives if it knows how to route it. This might sound bad, but in practice you'll only get sent packets destined for your VPS on your public IP, or from your VPN clients on tun/ppp interfaces. You won't get packets from google and be expected to pass them onto microsoft (for example), except perhaps in the case of your host making some crazy networking error.
For extra security, your OpenVPN setup had set it to only forward packets coming from 10.8.0.0/24 - which is unnecessary and caused your problem - the 10.1.0.0/24 packets from your PPTP network were dropped.
However - since you have 2 VPNs, you might want to use iptables rules to stop your less secure PPTP clients sending packets to your OpenVPN or something like that.
Do i have to play with the mtu at /etc/ppp/pptpd-options ?
Cause I see mtu in 3 places in ppp