1

I have setup pptpd as my VPN server on Ubuntu Server 9.04, I am able to connect to the VPN from the client and can access the server's local network, but I am unable to connect to the external network via the VPN.

If I login to the server via SSH:

$ ping google.com
PING google.com (74.125.67.100) 56(84) bytes of data.
64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=49 time=65.9 ms
64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=2 ttl=49 time=63.2 ms
64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=3 ttl=49 time=63.9 ms
64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=4 ttl=49 time=66.0 ms

If I connect to the VPN and ping locally:

$ ping google.com
ping: cannot resolve google.com: Unknown host

I have a feeling it is some routing issue on the server but I am unsure.

trobrock
  • 237
  • 2
  • 9

4 Answers4

1

Can you ping the IP address (74.125.67.100)?

It could be that the VPN is working but you do not have correct DNS servers in your configuration.

You local DNS servers will most likely refuse connections from the other end of the VPN (or not be visible at all if they are on a private subnet as you see them).

If you can ping public IP addresses over the VPN but not access things by name, try specifying the OpenDNS servers as your name servers.

David Spillett
  • 22,754
  • 45
  • 67
  • I just figured out that I didn't do enough checking, I cannot access anything outside of the server. Other local addresses are also unreachable. – trobrock Jul 31 '09 at 19:18
  • If you have everything forced to be routed over the VPN then that will effectively hide local addresses - if you want access to local resources as well as everything else over the VPN it needs to be set as our default gateway but not set to control *all* traffic. – David Spillett Aug 01 '09 at 08:53
  • As you are seeing the remote end of the VPN link but nothing beyond it, either traffic isn't being routed over the connection or the server is not set to forward packets from the VPN interface to other interfaces. The output of traceroute to a public address will indicate which of the two. – David Spillett Aug 01 '09 at 08:57
  • As soon as I can I will try and get this output, have to wait until I am off the network the VPN is on though. – trobrock Aug 04 '09 at 19:43
1

this is a iptable / Firewall Problem... You Need to allow your Server to Forward packets... just run the following command and you'll be fine: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

if you like you can add this /etc/rc.local, this will automatically redo the changes to your iptable on reboot... ;)

c0pper
  • 11
  • 1
0

Could you please do a comparison of /etc/resolv.conf before you VPN into your network and while you are VPN'd in what i am thinking is when you vpn in the resolvconf app is running and wipes out your list of nameserver's

If this is still fine the next thing todo would be to compare your routing before you are vpn'd in and during

sudo ip route show
Paul
  • 593
  • 2
  • 6
0

If the local subnet of the client and the VPN subnet (or provided routes) conflict that can cuase this problem.

LapTop006
  • 6,496
  • 20
  • 26