VPN Routing

[cf1]

Hi, Im have a quite a wierd vpn prob!

I using pppd to connect to my uni's vpn (ecs.soton.ac.uk) basically, ive patched my kernel 2.6.8 and ppp both running 1.0 patch. I can successfully connect to the vpn.
I see the ppp0 connection, with an allocated ip, and my route table lists the vpn server as a /255.255.255.255 route through ppp0. I can ping the vpn server and see through ethereal the packets go through ppp0.
I can also perform another /255.255.255.255 route to another machine within the vpn's lan using the vpn server as a gateway and can ssh into it and verify the connected ip as one of the vpn ips!
HOWEVER if i route /255.255.0.0 for that lan through the vpn server, suddenly, ppp0 upload traffic (nothing on download) cranks up to about 6mb/s (over a 512 adsl?!?!?) the cpu hits about 60% and the machine consumes all memory, all swap then crashes!
What I think is happening is that packets are getting looped within my machine and there is a breech in the ppp0->eth0 connection. but im quite puzzled!
Has ne one successfully got pppd vpn'ing to work if so how, (ive tried pptp-php-gtk with the same results, except that it modifies my route table so that i connect then lose connection to net and therefore the vpn server and after that just to taunt me my eth0 falls over!). Also is there any ecs.soton students past or present that have got this to work, as I think ive done the hard part and short of static routing every uni machine i need access to, a subnet route would be tidier!!!

regards
mat (cf1)

[tuxmin]

What you need to do is to set your router as the gateway on all your LAN machines (I guess you already did). When your VPN is up you should set the default route through your VPN device. Don't mess with the route for your LAN!!! If you route your LAN through the VPN device things get unpredicable. If you don't want the default route through the VPN device (as do I) set up some routes according to the nets on the remote site, e.g. if the remote site has 10.10.0.0/16 and 10.11.0.0/16 do
route add -net 10.10.0.0/16 ppp0 (or whatever your VPN device is) and
route add -net 10.11.0.0/16 ppp0

that should do the trick. You can trigger the route from the ip-up script. You also wish to setup your DNS server to get the proper names for exacly theses nets from a name server on the remote site. With bind this looks like this:

[tuxmin]

of course you need to NAT you LAN IPs through the IP of your VPN device!


Alex!!!
_________________
ALT-F4

[cf1]

Unforts I have tried the route in the same format that you described, here is my ifconfig and route details when connected.
Whenever I try to ping or connect to anything outside the lan the ppp0 upload spam beings!

[cf1]

sorted (big thanks to mike from sown)!

basically you have to static route to the vpn server via your eth0 connection otherwise it trys sending the ppp0 traffic to itself then onto itself and so on!