Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

PPTP and web browsing while connected (DNS related)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Jaxom
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2003
Posts: 137
PostPosted: Mon Nov 03, 2003 7:33 pm    Post subject: PPTP and web browsing while connected (DNS related) Reply with quote
I have a client who I setup a Gentoo server and PPTP VPN (PoPToP)for. The VPN works perfectly, however, I'm not getting DNS resolution on the clients while connected. (ie I can ping 209.233.40.126, but I get Unknown host trying to ping server.clan-dfa.com) I'm pretty sure I just have something set wrong, so here's some of the configs....

options.pptpd

Code:
## CHANGE TO SUIT YOUR SYSTEM
lock

## turn pppd syslog debugging on
#debug

## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd

proxyarp

# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain

+chap
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
-chap
-chapms
+chapms-v2
mppe-128
mppe-stateless

# These options will tell ppp to pass on these to your clients
# To use ms-dns or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins your.server.here
ms-dns dns1.snfcca.sbcglobal.net


/etc/resolve.conf

Code:
domain pbi.net
nameserver 206.13.28.12
nameserver 206.13.29.12


Those are the only things I saw that related to DNS and the PPTP VPN. I can easily get anything else you need to answer my question. I'm pretty sure I'm just not setting something right.
_________________
Undisputed Heavyweight Champion. If it's undisputed, WHAT'S ALL THE FIGHTING ABOUT?!?! -- George Carlin

Last edited by Jaxom on Tue Nov 04, 2003 10:27 pm; edited 1 time in total
Back to top
View user's profile Send private message
zaftro
n00b
n00b


Joined: 07 Jan 2003
Posts: 39
Location: Melbourne, Australia
PostPosted: Tue Nov 04, 2003 3:08 am    Post subject: Reply with quote
Hi Jaxom,

This could be an IP forwarding problem. You must ensure that ipv4 (I know nothing about ipv6...) forwarding has been enabled in the /proc file system by executing as root:

Code:
# echo '1' > /proc/sys/net/ipv4/ip_forward


And then, if you use a firewall script, allow the ppp devices created by pptpd to forward packets. Assuming pptp creates 'ppp0' you might be able to use:

Code:
# iptables -A FORWARD -i ppp0 -j ACCEPT


There may even be wild card ppp device matching support in iptables, along the lines of 'ppp+'. Either way, I hope that it helps and apologise if it confuses you.

Cheers,

zaftro
_________________
You may well be reading my signature. Don't be alarmed.

JID: dan.farrell@jabber.zim.net.au
Back to top
View user's profile Send private message
Jaxom
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2003
Posts: 137
PostPosted: Tue Nov 04, 2003 6:00 pm    Post subject: Reply with quote
Thanks for the suggestion. However, ipforwarding is working or I wouldn't be able to ping at all. Atleast that's how I would think it would be. This is what I'm actually getting when I am connected

Code:
C:\DOCUME~1\PERN>ping 209.233.40.126

Pinging 209.233.40.126 with 32 bytes of data:

Reply from 209.233.40.126: bytes=32 time<10ms TTL=64
Reply from 209.233.40.126: bytes=32 time<10ms TTL=64
Reply from 209.233.40.126: bytes=32 time<10ms TTL=64
Reply from 209.233.40.126: bytes=32 time<10ms TTL=64

Ping statistics for 209.233.40.126:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms


Code:
C:\DOCUME~1\PERN>ping ozy.scronline.com
Unknown host ozy.scronline.com.

C:\DOCUME~1\PERN>


ozy.scronline.com is 209.233.40.126
_________________
Undisputed Heavyweight Champion. If it's undisputed, WHAT'S ALL THE FIGHTING ABOUT?!?! -- George Carlin
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
PostPosted: Tue Nov 04, 2003 6:05 pm    Post subject: Reply with quote
Are your nameservers in resolv.conf valid and working properly? Can you ping other hosts (like google) by hostname? Can you ping the nameservers? And where are those hosts defined? do you have your own nameserver, or are you using an ISP?
_________________
Back off man, I'm a computer scientist
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
PostPosted: Tue Nov 04, 2003 6:14 pm    Post subject: Re: PPTP and web browsing while connected Reply with quote
Just noticed this

Quote:


options.pptpd
Code:

# These options will tell ppp to pass on these to your clients
# To use ms-dns or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins your.server.here
ms-dns dns1.snfcca.sbcglobal.net


/etc/resolve.conf

Code:
domain pbi.net
nameserver 206.13.28.12
nameserver 206.13.29.12


Those are the only things I saw that related to DNS and the PPTP VPN. I can easily get anything else you need to answer my question. I'm pretty sure I'm just not setting something right.


Is dns1.snfcca.sbcglobal.net one of those two servers in resolv.conf? And maybe you should refer to it by IP address in the pptpd file (using a hostname for a DNS server under any circumstances is generally considered to be a bad idea)[/quote]
_________________
Back off man, I'm a computer scientist
Back to top
View user's profile Send private message
Jaxom
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2003
Posts: 137
PostPosted: Tue Nov 04, 2003 6:56 pm    Post subject: Reply with quote
Quote:
Is dns1.snfcca.sbcglobal.net one of those two servers in resolv.conf?


yes, it's 206.13.28.12

I tried changing the ms-dns to 206.13.28.12 and restarted the VPN. Still get the same thing...no DNS. And just to qualify, yes, I can resolve DNS from the server directly. It's definitely a strange little issue. I've even tried forcing the DNS server settings by setting them directly in the dialer of a Windows 2000 machine. Still no DNS.

Is it possible that BIND needs to be installed and configured as a caching DNS server?
_________________
Undisputed Heavyweight Champion. If it's undisputed, WHAT'S ALL THE FIGHTING ABOUT?!?! -- George Carlin
Back to top
View user's profile Send private message
Jaxom
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2003
Posts: 137
PostPosted: Tue Nov 04, 2003 9:56 pm    Post subject: Reply with quote
Ok, attempted to use BIND as well. No such luck. Set it all to local host and it works fine from the server, but again.....no DNS resolve.
_________________
Undisputed Heavyweight Champion. If it's undisputed, WHAT'S ALL THE FIGHTING ABOUT?!?! -- George Carlin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy