Kahli R. Burke wrote: > > So, my remaining problem is getting the routes set up. There are a > couple class C subnets (206.163.164.0 and 192.68.202.0)behind the VPN, > so I figured if I just set routes for those networks to go through > ppp0, I'd be fine. This seems to work for the 192.68.202 network, > when I do route add -net 192.68.202.0 netmask 255.255.255.0 dev ppp0, > I can telnet to hosts on that network , woohoo! > When I try the same with the other network (which is also the same > network my PPP connection is on), it creates a circular route. I try > to ping anything behind the VPN and my CPU utilization gets pegged to > 100% and the packet goes nowhere. So obviously, something more > sophisticated is needed. So here's another request for help. I'll > search around in the meantime and let you know if I figure it out... > > Thanks for the ideas, > > Kahli > I figured out the routing problem. The problem was that the IP address of the VPN server (the publicly accessible one that I log into) is on the same network that my PPP connection gets sent to. So when I try send a packet out on PPP (lets say it's 206.163.164.203) it needs to go out through my ethernet card and get routed to the VPN server on 206.163.164.200. If I have just a straight network route that routes packets going to the 206.163.164.0 network to ppp0, that creates the loop. Packets get set up on the ppp0 output and wrapped in GRE, then they get routed to go out ppp0, so they get set up on the ppp0 output and wrapped in GRE again, and so on. Basically PPTP and PPP keep handling the same packet ad infinitum. The solution is to add an explicit host route for the VPN server 206.163.164.200. So these two commands do the trick :
route add -host 206.163.164.200 gw 192.168.80.1 route add -net 206.163.164.0 netmask 255.255.255.0 dev ppp0 192.168.80.1 is my router/NAT/firewall box. The most specific host route overrides the network route and allows the output of ppp0 (which is going to 206.163.164.200) to get routed out the ethernet card instead of the ppp0 tunnel. Thanks to our fearless leader for the help, maybe this discussion will be useful to someone else someday... Kahli
