[Openswan Users] can browse internet, cannot ping with l2tpd/pppd
dbernick at lextranet.com
dbernick at lextranet.com
Mon Aug 16 18:57:33 CEST 2004
trying a windows machine that has no firewall or NAT.
When I try to connect with the following firewall rule, it connects
(still not able to ping the internal network).
/sbin/iptables -A OUTPUT -s $EXTERNAL_IP -p udp -m udp --sport 1701 -j
ACCEPT
When I replace ACCEPT with DROP it doesn't connect at all.
That's one issue.
> Could you add it and try again?
Tried. Same problem. The windows machine can browse the Internet fine
through the gateway, but it can't ping (or ssh) the internal machines.
On the windows machine, ipconfig brings up:
PPP adapter Virtual Private Connection:
Connection-specific DNS Suffix . :
IP Address 10.51.0.166
Subnet Mask: 255.255.255.255
Default Gateway: 10.51.0.166
Should I be seeing more a traditional network? (ie Subnet Mask:
255.255.255.0)? Do I need to make some routing rules? Do something to
the firewall?
What IPTables would you suggest having for a gateway like this?
Here are some logs:
PPP:
Aug 16 16:51:27 lucy l2tpd[19158]: control_finish: Connection
established to 66.105.190.125, 1701. Local: 202, Remote: 10. LNS
session is 'default'
Aug 16 16:51:27 lucy l2tpd[19158]: control_finish: Call established with
66.105.190.125, Local: 40562, Remote: 1, Serial: 0
Aug 16 16:51:27 lucy pppd[21240]: Plugin dhcpc.so loaded.
Aug 16 16:51:27 lucy pppd[21240]: DHCPC: plugin initialized
Aug 16 16:51:27 lucy pppd[21240]: pppd options in effect:
Aug 16 16:51:27 lucy pppd[21240]: debug debug^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: nodetach^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: idle 1800^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: logfile /var/log/l2tpd.log^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: connect-delay 5000^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: dump^I^I# (from /etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: plugin dhcpc.so^I^I# (from
/etc/ppp/options)
Aug 16 16:51:27 lucy pppd[21240]: auth^I^I# (from /etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: refuse-pap^I^I# (from command line)
Aug 16 16:51:27 lucy pppd[21240]: name LinuxVPNserver^I^I# (from command
line)
Aug 16 16:51:27 lucy pppd[21240]: /dev/ttyp0^I^I# (from command line)
Aug 16 16:51:27 lucy pppd[21240]: lock^I^I# (from /etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: crtscts^I^I# (from /etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: mru 1400^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: mtu 1400^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: passive^I^I# (from command line)
Aug 16 16:51:27 lucy pppd[21240]: ipcp-accept-local^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: ipcp-accept-remote^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: nodefaultroute^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: proxyarp^I^I# (from
/etc/ppp/options.l2tpd)
Aug 16 16:51:27 lucy pppd[21240]: 10.51.0.79:10.51.0.80^I^I# (from
command line)
Aug 16 16:51:27 lucy pppd[21240]: pppd 2.4.2 started by root, uid 0
Aug 16 16:51:27 lucy pppd[21240]: Using interface ppp0
Aug 16 16:51:27 lucy pppd[21240]: Connect: ppp0 <--> /dev/ttyp0
Aug 16 16:51:29 lucy pppd[21240]: DHCPC: Using relay address of
'10.51.0.199'
Aug 16 16:51:29 lucy pppd[21240]: DHCPC: Broadcasting to servers on
interface 'eth0'
Aug 16 16:51:29 lucy pppd[21240]: DHCPC: Sending discover...
Aug 16 16:51:30 lucy pppd[21240]: DHCPC: Sending select for 10.51.0.166...
Aug 16 16:51:30 lucy pppd[21240]: DHCPC: Lease of 10.51.0.166 obtained,
lease time 1200
Aug 16 16:51:30 lucy pppd[21240]: found interface eth0 for proxy arp
Aug 16 16:51:30 lucy pppd[21240]: local IP address 10.51.0.79
Aug 16 16:51:30 lucy pppd[21240]: remote IP address 10.51.0.166
L2TP log:
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.51.0.79>]
rcvd [CCP ConfReq id=0x5 <mppe +H -M -S -L -D +C>]
sent [CCP ConfRej id=0x5 <mppe +H -M -S -L -D +C>]
rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins
0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
sent [IPCP ConfRej id=0x6 <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3
0.0.0.0> <ms-wins 0.0.0.0>]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 10.51.0.79>]
rcvd [CCP TermReq
id=0x7"8\37777777613$:\000<\37777777715t\000\000\002\37777777734"]
sent [CCP TermAck id=0x7]
rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0>]
sent [IPCP ConfNak id=0x8 <addr 10.51.0.166>]
rcvd [IPCP ConfAck id=0x2 <addr 10.51.0.79>]
rcvd [IPCP ConfReq id=0x9 <addr 10.51.0.166>]
sent [IPCP ConfAck id=0x9 <addr 10.51.0.166>]
found interface eth0 for proxy arp
local IP address 10.51.0.79
remote IP address 10.51.0.166
Script /etc/ppp/ip-up started (pid 21316)
Script /etc/ppp/ip-up finished (pid 21316), status = 0x0
sent [CCP ConfReq id=0x2]
sent [CCP ConfReq id=0x2]
rcvd [CCP TermAck id=0x2]
sent [CCP TermReq id=0x3"No compression negotiated"]
rcvd [CCP TermAck id=0x2]
rcvd [CCP TermAck id=0x3"No compression negotiated"]
--
David Bernick
Senior Engineer - Legal Computer Solutions
dbernick at lextranet.com
617 227 4469 x 219
USENET would be a better laboratory is there were more labor and less oratory.
-- Elizabeth Haley
More information about the Users
mailing list