pptpd - connect external win-client to local net

lilit-aibolit Sat, 07 May 2011 02:40:04 -0700

hello misc!
I need to realize vpn-connections between external Win-clients
and local Win-servers via openbsd-box.


ext_win - Internet - OpenBSD 4.8 - local net - win-server

main problem:
- after establish connections do not work Internet on ext_win_client
and work connections to local_net,
- if remove selection "use default gateway in remote network" in
properties of vpn on ext_win_client, then Internet work, but
local resource not.
- manipulate with "nodefaultroute"-parameter in /etc/ppp/options and in
/etc/ppp/options.pptpd has no effect.

what exactly needed to establish vpn from Internet to local_net
and leave workable internet on ext_client?

here is settings:

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
        priority: 0
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:b7:60:5f:2e
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.16.8 netmask 0xffffff00 broadcast 192.168.16.255
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:76:36:bb:2b
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 195.26.xx.xx netmask 0xffffffe0 broadcast 195.26.xx.xx
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:d0:b7:60:5f:28
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 188.230.xx.xx netmask 0xfffffffc broadcast 188.230.xx.xx
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0c:f1:6c:a7:66
        priority: 0
        media: Ethernet autoselect (none)
        status: no carrier
        inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
enc0: flags=0<> mtu 1536
        priority: 0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
        priority: 0
        groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1398
        priority: 0
        groups: tun
        media: Ethernet autoselect
        status: active
        inet 192.168.14.111 --> 192.168.14.113 netmask 0xffffffff
# ping 192.168.14.113
PING 192.168.14.113 (192.168.14.113): 56 data bytes
64 bytes from 192.168.14.113: icmp_seq=0 ttl=128 time=144.465 ms
64 bytes from 192.168.14.113: icmp_seq=1 ttl=128 time=189.242 ms
# cd /dev
# ls -la | grep tun
crw-------   1 root  wheel      40,   0 May  7 12:06 tun0
crw-------   1 root  wheel      40,   1 Apr 20  2010 tun1
crw-------   1 root  wheel      40,   2 Apr 20  2010 tun2
crw-------   1 root  wheel      40,   3 Apr 20  2010 tun3
crw-r--r--   1 root  wheel      49,  16 Apr 20  2010 tuner0
# cat /etc/sysctl.conf | grep ip.forwarding
net.inet.ip.forwarding=1
# pkg_info | grep poptop
poptop-1.3.4p0      PPTP Server
# cat /etc/pptpd.conf
option /etc/ppp/options.pptpd
noipparam
localip 192.168.14.111
remoteip 192.168.14.112-113
listen 188.230.122.54
# cat /etc/ppp/ppp.conf
default:
 set log Phase Chat LCP IPCP CCP tun command
 set speed 115200
loop:
 set timeout 0
 set log phase chat connect lcp ipcp command
 set device localhost:pploop
 set dial
 set login
 set mppe * stateful
 set ifaddr 192.168.14.111 192.168.14.112-192.168.14.113 255.255.255.255
 set server /var/tmp/loop "" 0177
loop-in:
 set timeout 0
 set log phase lcp ipcp command
 allow mode direct
pptp:
 load loop
 disable pap
 disable chap
 disable ipv6
 disable ipv6cp
 disable deflate pred1
 deny deflate pred1
 enable mschapv2
 accept mppe
 accept dns
 set dns 8.8.8.8
 enable proxy
 set device !/etc/ppp/secure
# cat /etc/ppp/options
+mschap-v2 mppe-128 mppe-stateless
# cat /etc/ppp/options.pptpd
-pap
-chap
-chapms
+mschap-v2
mppe-128
mppe-stateless
lock
auth
usehostname
nodefaultroute
proxyarp

with this settings I successfully connect to local_net,
but "route print" on win_client looks like this:

0.0.0.0          0.0.0.0     77.52.44.148    77.52.44.148       2
0.0.0.0          0.0.0.0   192.168.14.113  192.168.14.113       1
77.52.44.148  255.255.255.255        127.0.0.1       127.0.0.1       50
77.255.255.255  255.255.255.255     77.52.44.148    77.52.44.148      50
80.255.77.41  255.255.255.255     77.52.44.148    77.52.44.148       1
127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
188.230.122.54  255.255.255.255     77.52.44.148    77.52.44.148       1
192.168.14.113  255.255.255.255        127.0.0.1       127.0.0.1      50
192.168.14.255  255.255.255.255   192.168.14.113  192.168.14.113      50
224.0.0.0        240.0.0.0     77.52.44.148    77.52.44.148       2
224.0.0.0        240.0.0.0   192.168.14.113  192.168.14.113       1
255.255.255.255  255.255.255.255     77.52.44.148    77.52.44.148      1
255.255.255.255  255.255.255.255   192.168.14.113  192.168.14.113      1
default gateway:      192.168.14.113

and all traffic is go out to vpn:(

pptpd - connect external win-client to local net

Reply via email to