Re: VPN (interface) access for and all traffic through from single user -- how to do it?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jan Klod <janklodvan@gmail.com>
To: netfilter@vger.kernel.org
Subject: Re: VPN (interface) access for and all traffic through from single user -- how to do it?
Date: Sun, 17 Aug 2008 14:20:31 +0300	[thread overview]
Message-ID: <200808171420.32090.janklodvan@gmail.com> (raw)
In-Reply-To: <48A7A9A5.3040403@riverviewtech.net>

On Sunday 17 August 2008 07:31:33 you wrote:
> On 8/16/2008 3:47 PM, Jan Klod wrote:
> > Is it considerable to be a proof, that pptp VPN tunnel is working, if
> > I can ping -i ppp0 <remote VPN address>?
>
> If the address is on the inside of the VPN or on the LAN on the other
> end of the VPN, most likely.
I think so, but how to check?

>
> > Looking for solutions,
>
> Please reset everything to the way it was before trying things suggested
> (restart your network or reboot should do it).
>
> Please provide the output of "ifconfig" and "route -n" after bring up
> the VPN and being able to ping like above.  I'll then try to provide
> example commands at that point to do what you are wanting.

Here I go:

local ~ # dhcpcd -k eth1
local ~ # ifconfig eth1 down
local ~ # ifconfig eth1 up
local ~ # dhcpcd eth1
local ~ # ip route list
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.111
127.0.0.0/8 dev lo  scope link
default via 192.168.2.1 dev eth1
local ~ # ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default


local ~ # pon mySERVERname debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.mySERVERname )
name myLOGIN            # (from /etc/ppp/peers/mySERVERname )
remotename mySERVERname                 # (from /etc/ppp/peers/mySERVERname )
                # (from /etc/ppp/options.mySERVERname )
pty pptp 193.13.128.6 --nolaunchpppd            # 
(from /etc/ppp/peers/mySERVERname )
mru 1000                # (from /etc/ppp/options.mySERVERname )
mtu 1000                # (from /etc/ppp/options.mySERVERname )
lcp-echo-failure 10             # (from /etc/ppp/options.mySERVERname )
lcp-echo-interval 10            # (from /etc/ppp/options.mySERVERname )
ipparam mySERVERname            # (from /etc/ppp/peers/mySERVERname )
nobsdcomp               # (from /etc/ppp/options.mySERVERname )
nodeflate               # (from /etc/ppp/options.mySERVERname )
require-mppe-128                # (from /etc/ppp/options.mySERVERname )
using channel 29
Using interface ppp0
Connect: ppp0 <--> /dev/pts/7
sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x76d7cdc3> <pcomp> 
<accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf4a5af8b> 
<pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf4a5af8b> 
<pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x76d7cdc3> <pcomp> 
<accomp>]
sent [LCP EchoReq id=0x0 magic=0x76d7cdc3]
rcvd [CHAP Challenge id=0xad <be119e70047db182c48380880a0fbf66>, name 
= "vpn-gw"]
sent [CHAP Response id=0xad 
<8dce041691feeec08f9cc100cb4d12e3000000000000000084a80f09fe0a2aedd545eb7563057de7944cdef00012c5d900>, 
name = "myLOGIN"]
rcvd [LCP EchoRep id=0x0 magic=0xf4a5af8b]
rcvd [CHAP Success id=0xad "S=D35E31DAAB3F9837AA1159ACCC91DA05007EC37B"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 215.155.115.254>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 215.155.115.254>]
rcvd [IPCP ConfNak id=0x1 <addr 215.155.114.15>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 215.155.114.15>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 215.155.114.15>]
local  IP address 215.155.114.15
remote IP address 215.155.115.254
Script /etc/ppp/ip-up started (pid 3609)
Script /etc/ppp/ip-up finished (pid 3609), status = 0x0

It might be Microsoft VPN most likely, but I am not absolutely sure (how to 
check?).

local ~ ip route list
215.155.115.254 dev ppp0  proto kernel  scope link  src 215.155.114.15
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.111
127.0.0.0/8 dev lo  scope link
default via 192.168.2.1 dev eth1

local ~ # ping -I ppp0 www.kernel.org
PING pub.us.kernel.org (204.152.191.5) from 215.155.114.15 ppp0: 56(84) bytes 
of data.

--- pub.us.kernel.org ping statistics ---
30 packets transmitted, 0 received, 100% packet loss, time 29008ms

ibm ~ # ping -I ppp0 215.155.115.254
PING 215.155.115.254 (215.155.115.254) from 215.155.114.15 ppp0: 56(84) bytes 
of data.
64 bytes from 215.155.115.254: icmp_seq=1 ttl=64 time=16.0 ms
64 bytes from 215.155.115.254: icmp_seq=2 ttl=64 time=12.5 ms
64 bytes from 215.155.115.254: icmp_seq=3 ttl=64 time=13.0 ms
64 bytes from 215.155.115.254: icmp_seq=4 ttl=64 time=15.4 ms
64 bytes from 215.155.115.254: icmp_seq=5 ttl=64 time=11.7 ms

--- 215.155.115.254 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 11.703/13.765/16.039/1.678 ms

local ~ # ifconfig
eth1      Link encap:Ethernet  HWaddr 01:0D:65:FA:82:F3
          inet addr:192.168.2.111  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6254696 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7275995 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2655461882 (2532.4 Mb)  TX bytes:67477010 (64.3 Mb)
          Base address:0x8000 Memory:c0220000-c0240000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:444 errors:0 dropped:0 overruns:0 frame:0
          TX packets:444 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:52614 (51.3 Kb)  TX bytes:52614 (51.3 Kb)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:215.155.114.15  P-t-P:215.155.115.254  
Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:996  Metric:1
          RX packets:40 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:3002 (2.9 Kb)  TX bytes:3008 (2.9 Kb)

local ~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
215.155.115.254 0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth1

This should contain most of necessary information...

next prev parent reply	other threads:[~2008-08-17 11:20 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-15  9:55 VPN (interface) access for and all traffic through from single user -- how to do it? Jan Klod
2008-08-15 15:29 ` Grant Taylor
2008-08-15 16:14   ` Jan Klod
2008-08-15 16:28     ` Grant Taylor
2008-08-15 16:19   ` Jan Klod
     [not found] ` <200808152212.59882.janklodvan@gmail.com>
     [not found]   ` <48A5F9E2.5080206@riverviewtech.net>
2008-08-16 20:47     ` Jan Klod
2008-08-17  4:30       ` Michael Alaimo
2008-08-17  5:01         ` Grant Taylor
2008-08-21 13:32           ` active interface? Jan Klod
2008-08-21 13:42             ` Jan Engelhardt
2008-08-21 14:27             ` Grant Taylor
2008-08-17  4:31       ` VPN (interface) access for and all traffic through from single user -- how to do it? Grant Taylor
2008-08-17 11:20         ` Jan Klod [this message]
2008-08-17 17:53           ` Grant Taylor
2008-08-22 20:40             ` Jan Klod

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200808171420.32090.janklodvan@gmail.com \
    --to=janklodvan@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.