Access PPTP clients from LAN

Question

I have this type of network: Network schema

Main router with LAN address 192.168.2.1 Also have VPN server on this router with address 172.17.0.1 The client connects from internet to my VPN server and gets address 172.17.0.2

I want to access from LAN computer (192.168.2.12) to VPN server client (172.17.0.2)

Commands output on router with VPN server:

br0       Link encap:Ethernet  HWaddr F0:B4:29:59:16:FA
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29042093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27035355 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6797855731 (6.3 GiB)  TX bytes:16000949999 (14.9 GiB)

eth2      Link encap:Ethernet  HWaddr F0:B4:29:59:16:FA
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:67070012 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55588755 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:34807273144 (32.4 GiB)  TX bytes:24402031899 (22.7 GiB)
          Interrupt:5

eth2.1    Link encap:Ethernet  HWaddr F0:B4:29:59:16:FA
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29060479 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28806877 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6870793540 (6.3 GiB)  TX bytes:16464725205 (15.3 GiB)

eth2.2    Link encap:Ethernet  HWaddr F0:B4:29:59:16:FB
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:224238221 errors:0 dropped:0 overruns:0 frame:0
          TX packets:386759456 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:65429076277 (60.9 GiB)  TX bytes:413343501047 (384.9 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1149736 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1149736 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:123384114 (117.6 MiB)  TX bytes:123384114 (117.6 MiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr: 95.188.X.X  P-t-P:213.228.116.44  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1458  Metric:1
          RX packets:19703357 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15666178 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:9637749052 (8.9 GiB)  TX bytes:4377398909 (4.0 GiB)

ppp10     Link encap:Point-to-Point Protocol
          inet addr:172.17.0.1  P-t-P:172.17.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1400  Metric:1
          RX packets:583 errors:0 dropped:0 overruns:0 frame:0
          TX packets:555 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:51805 (50.5 KiB)  TX bytes:32390 (31.6 KiB)

ra0       Link encap:Ethernet  HWaddr F0:B4:29:59:16:FB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:503175 errors:0 dropped:0 overruns:0 frame:0
          TX packets:556296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:66198645 (63.1 MiB)  TX bytes:504468271 (481.0 MiB)
          Interrupt:6

ra1       Link encap:Ethernet  HWaddr F2:B4:29:58:16:FB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:132 errors:0 dropped:0 overruns:0 frame:0
          TX packets:154 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20460 (19.9 KiB)  TX bytes:15246 (14.8 KiB)

rai0      Link encap:Ethernet  HWaddr F0:B4:29:59:16:FC
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6047558 errors:8969 dropped:0 overruns:0 frame:0
          TX packets:10069240 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1852292971 (1.7 GiB)  TX bytes:13384955730 (12.4 GiB)
          Interrupt:4

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2973058 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1296677 errors:0 dropped:10803 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:3854771479 (3.5 GiB)  TX bytes:105164985 (100.2 MiB)

/opt/home/admin # route -e
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         krsn-bras5.sib. 0.0.0.0         UG        0 0          0 ppp0
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth2.2
10.8.0.5        *               255.255.255.255 UH        0 0          0 tun0
127.0.0.0       *               255.0.0.0       U         0 0          0 lo
172.17.0.2      *               255.255.255.255 UH        0 0          0 ppp10
192.168.1.0     *               255.255.255.0   U         0 0          0 eth2.2
192.168.2.0     *               255.255.255.0   U         0 0          0 br0
213.228.116.44  *               255.255.255.255 UH        0 0          0 ppp0

ppp10 is VPN server iface

score -1 · Accepted Answer · answered Nov 25 '19 at 13:04

-1

After some googling and trying different rules I found a solution:

iptables -t nat -I POSTROUTING -o ppp10 -j MASQUERADE
iptables -t nat -I POSTROUTING -s 172.17.0.0/24 -j MASQUERADE

After this I can access to 172.17.0.0/24 subnet of my VPN server

answered Nov 25 '19 at 13:04

mortifactor

1
2

Access PPTP clients from LAN

1 Answers1