poptop vpn + redhat 9 + VLAN + routing problem

I am running poptop v1.1.4-b4 on a Redhat 9 linux box with two
Broadcom gigabit ethernet interfaces -- one (eth0) as my public IP
interface and one (eth1) acting as a 802.1q VLAN trunk (vconfig) for
numerous 192.168.*.* private networks.

After connection from my Windows XP clients, they show the connections
as:
Authentication: MS CHAP V2
Encryption: MPPE 128
PPP Multilink Framing off

The PPTP VPN Server shows:
Dec 13 16:11:58 firewall pptpd[6064]: CTRL: Client 64.33.91.244
control connection started
Dec 13 16:11:58 firewall pptpd[6064]: CTRL: Starting call (launching
pppd, opening GRE)
Dec 13 16:11:58 firewall pppd[6065]: pppd 2.4.2b3 started by root, uid
0
Dec 13 16:11:58 firewall pppd[6065]: Using interface ppp1
Dec 13 16:11:58 firewall pppd[6065]: Connect: ppp1 <--> /dev/pts/0
Dec 13 16:11:58 firewall /etc/hotplug/net.agent: assuming ppp1 is
already up
Dec 13 16:11:58 firewall pptpd[6064]: GRE: Discarding duplicate packet
Dec 13 16:12:03 firewall pptpd[6064]: CTRL: Ignored a SET LINK INFO
packet with
real ACCMs!
Dec 13 16:12:04 firewall pptpd[6064]: CTRL: Ignored a SET LINK INFO
packet with
real ACCMs!
Dec 13 16:12:04 firewall pppd[6065]: CHAP peer authentication
succeeded for swoolley
Dec 13 16:12:05 firewall pppd[6065]: MPPE 128-bit stateless
compression enabled
Dec 13 16:12:08 firewall pppd[6065]: found interface vlan25 for proxy
arp
Dec 13 16:12:08 firewall pppd[6065]: local IP address 192.168.25.253
Dec 13 16:12:08 firewall pppd[6065]: remote IP address 192.168.25.1

my server /etc/pptpd.conf:
option /etc/ppp/options.pptpd
localip 192.168.25.253
listen 208.56.221.67
# no remoteip - this is set in chap-secrets

my server /etc/ppp/options.pptpd:
lock
debug
name pptpd
nobsdcomp
proxyarp
require-mschap-v2
require-mppe-128
nomppe-stateful

Everything looks great, I can not connect (ping,http,etc) local (to
the office network) IP addresses from the remote clients.

Server:

can ping 192.168.25.254 # itself
can ping 192.168.25.253 # vpn localip
can ping 192.168.25.1 # connected vpn client 1
can ping 192.168.25.2 # connected vpn client 2
can ping 192.168.25.5 # office server ip

Client 1:
can ping 192.168.25.254 # vpn server ip address
can ping 192.168.25.253 # vpn localip
can ping 192.168.25.1 # itself
can ping 192.168.25.2 # connected vpn client 2
CANNOT ping 192.168.25.5 # office server ip HERE IS THE PROBLEM

I have seen numerous somewhat similar problems (on newsgroups) that
involve setting the MTU/MRU size to 1350 (amd in some cases 1490) in
the /etc/ppp/options.pptp file. I tried various values with no
success. And I have never seen any MTU related or any other related
error messages in the log. I have also verified that IPTABLES is not
filtering any of this traffic.

Any ideas?

> I am running poptop v1.1.4-b4 on a Redhat 9 linux box with two
> Broadcom gigabit ethernet interfaces -- one (eth0) as my public IP
> interface and one (eth1) acting as a 802.1q VLAN trunk (vconfig) for
> numerous 192.168.*.* private networks.
>
> After connection from my Windows XP clients, they show the connections
> as:
> Authentication: MS CHAP V2
> Encryption: MPPE 128
> PPP Multilink Framing off
>
> The PPTP VPN Server shows:
> Dec 13 16:11:58 firewall pptpd[6064]: CTRL: Client 64.33.91.244
> control connection started
> Dec 13 16:11:58 firewall pptpd[6064]: CTRL: Starting call (launching
> pppd, opening GRE)
> Dec 13 16:11:58 firewall pppd[6065]: pppd 2.4.2b3 started by root, uid
> 0
> Dec 13 16:11:58 firewall pppd[6065]: Using interface ppp1
> Dec 13 16:11:58 firewall pppd[6065]: Connect: ppp1 <--> /dev/pts/0
> Dec 13 16:11:58 firewall /etc/hotplug/net.agent: assuming ppp1 is
> already up
> Dec 13 16:11:58 firewall pptpd[6064]: GRE: Discarding duplicate packet
> Dec 13 16:12:03 firewall pptpd[6064]: CTRL: Ignored a SET LINK INFO
> packet with
> real ACCMs!
> Dec 13 16:12:04 firewall pptpd[6064]: CTRL: Ignored a SET LINK INFO
> packet with
> real ACCMs!
> Dec 13 16:12:04 firewall pppd[6065]: CHAP peer authentication
> succeeded for swoolley
> Dec 13 16:12:05 firewall pppd[6065]: MPPE 128-bit stateless
> compression enabled
> Dec 13 16:12:08 firewall pppd[6065]: found interface vlan25 for proxy
> arp
> Dec 13 16:12:08 firewall pppd[6065]: local IP address 192.168.25.253
> Dec 13 16:12:08 firewall pppd[6065]: remote IP address 192.168.25.1
>
> my server /etc/pptpd.conf:
> option /etc/ppp/options.pptpd
> localip 192.168.25.253
> listen 208.56.221.67
> # no remoteip - this is set in chap-secrets
>
> my server /etc/ppp/options.pptpd:
> lock
> debug
> name pptpd
> nobsdcomp
> proxyarp
> require-mschap-v2
> require-mppe-128
> nomppe-stateful
>
> Everything looks great, I can not connect (ping,http,etc) local (to
> the office network) IP addresses from the remote clients.
>
> Server:
>
> can ping 192.168.25.254 # itself
> can ping 192.168.25.253 # vpn localip
> can ping 192.168.25.1 # connected vpn client 1
> can ping 192.168.25.2 # connected vpn client 2
> can ping 192.168.25.5 # office server ip
>
> Client 1:
> can ping 192.168.25.254 # vpn server ip address
> can ping 192.168.25.253 # vpn localip
> can ping 192.168.25.1 # itself
> can ping 192.168.25.2 # connected vpn client 2
> CANNOT ping 192.168.25.5 # office server ip HERE IS THE PROBLEM
>
> I have seen numerous somewhat similar problems (on newsgroups) that
> involve setting the MTU/MRU size to 1350 (amd in some cases 1490) in
> the /etc/ppp/options.pptp file. I tried various values with no
> success. And I have never seen any MTU related or any other related
> error messages in the log. I have also verified that IPTABLES is not
> filtering any of this traffic.
>

Did you enable forwarding?

i have a similar problem. i just posted another message. i enable
forwarding by using
iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -j MASQUERADE
and that did not work
so i also tried
sbin/iptables -I FORWARD -d 10.1.1.0/24 -j ACCEPT


/sbin/iptables -t nat -A PREROUTING -i eth0 -s 10.1.1.9 -d 0/0 -j DNAT --to
10.1.1.0/24
well any ideas?

i am testing the server connecting throu a alias interface that get assign
and ip address in the clients subnet.
10.0.1.x local network clients
10.1.1.9 vpn server
10.1.1.2 my ip
10.0.1.22 my ip after i am connected to the vpn

i want to set up the server to work with out the alias ip but for now an
alias makes it easier to troubleshoot why i cant connect from the internet
to the local lan.


>