The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 route all traffic through tunnel in pptpclient
Author: Kevin Reinholz 
Date:   10-02-05 00:45

This is using a wireless connection and logging into a university VPN.
At startup, my system automatically connects to the wireless network and
receives an IP address from DHCP. However, access is restricted about
about nil until one logs onto the VPN.

These are the steps I took to log into my destination VPN using pptpconfig:

Set the following in /etc/ppp/ppp.conf:

DULawWireless:
set authname USERNAME
set authkey PASSWORD
set timeout 0
set ifaddr 0 0
add 10.158.11.250/24 HISADDR
alias enable yes
disable ipv6cp

I invoke pptp with the following command:

# pptp 10.158.11.250 DULawWireless

This logs me in successfully (here's my ppp log file):

Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: Using interface: tun0
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: deflink: Created in closed state
Feb 1 11:02:13 fongsaiyuk ppp[638]: Warning: The alias command is deprecated
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: PPP Started (direct mode).
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: bundle: Establish
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: deflink: closed -> opening
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: deflink: Connected!
Feb 1 11:02:13 fongsaiyuk ppp[638]: Phase: deflink: opening -> carrier
Feb 1 11:02:14 fongsaiyuk ppp[638]: Phase: deflink: carrier -> lcp
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: bundle: Authenticate
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: deflink: his = CHAP 0x81, mine = none
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: Chap Input: CHALLENGE (16 bytes from WLVPN)
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: Chap Output: RESPONSE (KReinholz07)
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: Chap Input: SUCCESS (S=DC2FFA1D177BE329B065D4C1244A11C7C4B580D9)
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: deflink: lcp -> open
Feb 1 11:02:15 fongsaiyuk ppp[638]: Phase: bundle: Network
Feb 1 11:02:15 fongsaiyuk ppp[638]: Warning: ff02:3::/32: Change route failed: errno: Network is unreachable
Feb 1 11:02:15 fongsaiyuk ppp[638]: Warning: ff02:3::/32: Change route failed: errno: Network is unreachable
Feb 1 11:37:38 fongsaiyuk ppp[638]: Phase: Caught signal 2, abort connection(s)
Feb 1 11:37:38 fongsaiyuk ppp[638]: Phase: deflink: open -> lcp
Feb 1 11:37:38 fongsaiyuk ppp[638]: Warning: ff02:3::/32: Change route failed: errno: Network is unreachable
Feb 1 11:37:38 fongsaiyuk ppp[638]: Phase: bundle: Terminate
Feb 1 11:37:38 fongsaiyuk ppp[638]: Phase: deflink: Disconnected!

I can close the connection with Cntrl+C in the terminal window from
which I launched pptpclient.

After I connect, I get the following readout from netstat -r:

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.158.11.254 UGS 0 7 wi0
10.158.11/24 link#2 UC 0 0 wi0
10.158.11.239 fongsaiyuk UGHS 0 0 lo0
10.158.11.250 00:06:5b:fd:e5:59 UHLW 0 1 wi0 1188
10.158.11.254 00:0b:fc:7b:9c:00 UHLW 1 0 wi0 1186
fongsaiyuk fongsaiyuk UH 1 0 lo0
130.253.171.11 130.253.171.41 UH 0 0 tun0

Internet6:
Destination Gateway Flags Netif Expire
localhost.domain.a localhost.domain.a UH lo0
fe80::%lo0 fe80::1%lo0 U lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%wi0 link#2 UC wi0
fe80::202:2dff:fe2 00:02:2d:25:95:e8 UHL lo0
ff01:: localhost.domain.a U lo0
ff02::%lo0 localhost.domain.a UC lo0
ff02::%wi0 link#2 UC wi0
ff02::%tun0 fe80::202:2dff:fe2 UC tun0

I think I need to change the default Gateway. I did an ipconfig on a
Windows user's laptop and the default Gateway for the tunnel interface
was listed as the IP address assigned to the computer by the PPTP
server. (In the above routing table, the "130.253.171.41" listed as my
Gateway for tun0).

To accomplish that end, I do a "route flush" followed by "route add -net
0.0.0.0 130.253.171.41". No route to host. On the other hand, I CAN do a
"route add -net 0.0.0.0 130.253.171.11". This gives me a default Gateway
of 130.253.171.11, the Destination for tun0. Doing this allows me to
ping and traceroute, but no matter what URL I enter (www.yahoo.com, for
example), it always goes to 130.253.166.6, the wireless nameserver (that
gets written to /etc/resolv.conf at startup, before a PPTP connection
has been established) for DU. The only page I can browse in Firefox is
the www.law.du.edu homepage--not exactly the most exciting thing in the
world. NOTE: adding the line "add default HISADDR" to the end of /etc/ppp/ppp.conf also gives me "130.253.171.11" for my default Gateway and seems to have the same effect as the "route flush", "route add -net" scenario.

Admittedly, I don't really know what I'm doing when it comes to this
problem. I thought that changing my default Gateway would route traffic
through the tunnel interface, but that doesn't seem to be working as I
have tried it thus far.

I apologize for the longwindedness and probable incoherence of this
e-mail, but I didn't want to leave out any pertinent information.

Any FreeBSD users out there with an idea of how to route all traffic
through the tunnel interface?

Thanks,
Kevin Reinholz

Reply To This Message
 
 Re: route all traffic through tunnel in pptpclient
Author: Kevin Reinholz 
Date:   16-02-05 04:41

I tried a few more ideas today, with no success. The first was simply to type "route add default tun0", but that tells me that I already have this as my default route (the tun0 destination, 130.253.171.11).

The second thing I tried was "route change 130.253.171.xx 130.253.171.xx", where xx is the IP my computer is assigned upon successfully logging onto the VPN and establishing the tun0 connection. Yes, that means the destination and Gateway for tun0 are the same, but that's how it comes up in WindowsXP so I assumed that that's what I wanted.

In either case, I am able to ping (without a default Gateway of either 130.253.171.11 or 130.253.171.xx I get a time out when I try ping), but always to the wireless nameserver no matter what URL I enter. So somehow I'm still trapped on the intranet.

Not really sure what else to try. Sadly networking is not my forte. In fact, I tend to avoid it like the plague. Any ideas?

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org