How to troubleshoot connections (maybe dns)

Hi everyone.

It’s been a long time since I used linux and what little I learned from my first shop bought box of suse, is well and truly forgotten

here’s my problem, I hope someone can help.

In the country in which I live, the predominant way of connecting to the Internet is via a pptp vpn. Basically, the ISP runs an Ethernet cable to your apartment that plugs directly into your router or PC (in my case PC, my router just died)This provides access to the 'local LAN and hence local resources. These I can connect to via my browser (firefox) without an Internet connection.

My problem, since installing opensuse 11.2 KDE, is that I can connect to the local resources when I’m not connected via the pptp vpn to the Internet but as soon as I establish an Internet connection, I cannot.

Under Windows and other distros I’ve tried, this has never been an issue, usually I can connect to either local or Internet resources, interchangeably.

In a nutshell, I don’t know how to troubleshoot this, so any ideas would be most helpful.

Thanks

caution: this may be a waste of your time (but it is easily
reversable)…it disables IPv6 (and you then use only IPv4) since
almost all sites you are goonna hit wont use version 6…

THREE STEPS:

1. in firefox type:

about:config

in the address bar, press enter then search for

disable ipv6

Double click to set value to true if currently set to false.

then test to see if your access problem is solved…(probably will not
be–but leave it anyway, and go on…)

2. do a normal, controlled shutdown and reboot, and when the first
   green screen comes up, press the down arrow (to stop the clock) and
   type this into the blank:

ipv6.disable=1

then press enter to continue the boot…and when it is all up see if
you can connect as you should be able to…

3. make that disable the normal boot practice for your machine: open
   YaST and follow this path (something like) System (on the left) >
   Bootloader (on the right) > make sure the top line is highlighted and
   hit “Edit” find the line labeled “Optional Kernel Command Line
   Parameter”) and add this to it:

ipv6.disable=1

type carefully and make NO other changes to the page (or you might not
be able to boot) then press okay…

if you mess up, press Abort and start over…

if none of that works you can either just leave it (shouldn’t hurt
anything) and come back here and ask for better advice (from a real
guru)…or you can undo the kernel option and firefox setting…

–
palladium

Hi, thanks for the reply, but my ISP supports IPv6 and as I said, I can access local and Internet resources under Windows XP and 7. Also with other distros. (yes I am distro hopping, looking for the right one)

Volkadav wrote:
> Hi, thanks for the reply, but my ISP supports IPv6 and as I said, I can
> access local and Internet resources under Windows XP and 7. Also with
> other distros. (yes I am distro hopping, looking for the right one)

well, i guess i should not have jumped on the IPv6 (i have NO idea how
Redmond handles IPv6, but) i know not all of the Linux distros you
might have tried have it on by default…and, while your ISP
supports it, many around the world do not, yet…so, i couldn’t rule
it out, until tried…

maybe a real guru will eventually fall into here and help you, until
then you might find a solution among these: http://tinyurl.com/ylodnyx

are you getting nowhere with the routine networking tools like dig,
traceroute, ping and whatever?

and, when you say “I can connect to the local resources when I’m not
connected via the pptp vpn to the Internet” do you mean by “local
resources” other devices/computers on your local net? are you
(therefore) connected to a router which is connected both to ‘local
resources’ and the net via pptp vpn, or do you have two … i’m
outta here i don’t enough to ask the questions…

–
palladium

Hi again

I’m sorry, English is not my first language, so I probably didn’t make myself clear.

By local resources I mean services that are offered by my ISP, things like movies, games, forums etc. When I turn on my PC the local network is directly connected and I am issued an address from the reserved 172...* range.

If I want to connect to the Internet, I make a pptp connection and I get another address for that purpose, it shows as a ppp0 interface alongside the Ethernet connection.

With opensuse, if I don’t make the pptp connection I can access the services on my ISP servers (172) if I make the pptp connection I cannot. The browser page just times out. I can, however, ping the 172 servers.

I may have been a little hasty in stating support from my ISP for IPv6, I don’t think it’s fully implemented yet, so I will go through your original instructions again.

The other distros I have tried so far have been, various flavours of ubuntu, which has serious problems with audio, debian lenny, and mandriva. I really like suse, it was the first distro I used, maybe 10 years ago and I believe I want to stick with it now.

Thanks again for your help, it’s much appreciated.

your english is GREAT…i hope changing the IPv6 setting helps because
if not you need to attract a real networking guru (i’m out of ideas,
and having gone from dialup (14.4, then 28.8 the 56.0) to ISDN, to
xDSL i have no experience at all with a setup like yours)…

if my idea doesn’t work it might be good to start a new thread with
all the clear explaination of the last post and a subject line
something like “pptp vpn internet access problem” and that way someone
who has heard of that might see the subject and drop in…otherwise,
maybe not…*

another thing to think about is: if your setup is the routine in your
country (where is that, may i ask) then you might benefit from
contacting a nearby Linux User Group, give it a try, maybe someone
VERY near you already knows exactly how to make it work (and can
explain it in local lingo!!) see: <http://www.linux.org/groups/>

–
palladium
*

Hello again.

Ok, I tried your ideas but unfortunately, I had no luck (btw I had to add ipv6.disable=1 to the /boot/grub/menu’lst kernel entry, without this it was not recognised as a valid command)

I am still wondering if it is some sort of DNS problem but as I’m not sure how linux works with multiple DNS servers and I don’t know which tools to use to troubleshoot the problem, i’m a bit stuck.

The reason I wonder about DNS is because when I log in to suse, before making a pptp connection the name queries are sent to DNS servers on the 172 network. After I make a pptp connection two more DNS servers are added to allow for global Internet lookup.

Could it be that it is only these new DNS servers that are being used, if so the name lookup would fail as the local resources are on a private network?

I will take your advice regarding a local user group, I don’t know of any here but I’m sure I can find something. Unfortunately, my ISP doesn’t officially support linux clients and offers only limited forum support for ubuntu.

The method used to provide Internet connectivity seems to be quite common in Russia, where I live and the Ukraine, I believe.

Do you think I should create another forum topic for this issue now? I don’t want to spam the forums with multiple help requests for the same issue.

Thans again for your kind help

You could check your own and many other dns-servers on your system by using →this useful software. It will test your used dns-settings on speed, errors etc. and compare the results to other dns-servers.

Volkadav wrote:
> Ok, I tried your ideas but unfortunately, I had no luck

i’m guessing and probably wasting your time…if it were me i’d post
again, into this forum with the suggested subject and hope to attract
someone who knows…

but, see below…

> I am still wondering if it is some sort of DNS problem but as I’m not
> sure how linux works with multiple DNS servers and I don’t know which
> tools to use to troubleshoot the problem, i’m a bit stuck.

just for fun, we could “troubleshoot by trying”…how about you make a
backup copy of /etc/resolv.conf

then, more below:

> The reason I wonder about DNS is because when I log in to suse, before
> making a pptp connection the name queries are sent to DNS servers on the
> 172 network. After I make a pptp connection two more DNS servers are
> added to allow for global Internet lookup.

open that resolv.conf with a root powered text editor (maybe use
“kdesu kate” on a command line…

and, i’m guessing you will see depending on whether or not you have
(or have not yet) gone on the net EITHER the 172.x.x.x nameserver
listed alone, or one or more of the other two listed…but, not all
three…

*if’ that is the case read the commented out section on how to make
the file static (or maybe yours is, my is dynamic being changed by
DCHP)…

and, manually add all three of your name servers:

nameserver 172.x.x.x
nameserver 172.x.x.x
nameserver 172.x.x.x

mine also has a “search” but i don’t what that is, if yours has one
i’d leave it there…

or ignore that (probably safe, but i guarantee nothing) trial and
wait for REAL help…

–
palladium
Когда мы были врагами, я летел боевой самолет. Я счастлив, что я
никогда не пролетал над Вами.

@gropiuskalle

Thank you for your input, I will investigate that utility once I have resolved these current issues.

I did use something similar under Windows, some time ago, nsbench I believe it was called. With this I compared the latency of my ISPs servers to those offered by OpenDNS, Google and UltraDNS, in every case, the latency to the non isp name servers was excessive.

@palladium

Hello again

My apologies for the delay in getting bcj to you, I had some issues with KDE, which finally resulted in the Plasma Workspace issuing a segmentation fault and dieing. I tried different ways to recover but it would not play

I guess I was too rough and broke it, but I really don’t mind how many times it breaks, it helps me learn

I decided to take the opportunity to try opensuse gnome, which is now installed but, alas, the problem remains.

I checked the resolv.conf file, it is indeed dynamic and appears to contain the correct entries, more or less.

search *******.lan <---- This is correct
nameserver 109.*.*.* <----- Internet name server 1
nameserver 109.*.*.* <----- Internet name server 2
nameserver 172.*.*.* <----- Local name server 1

There are in fact two local name servers, even though only one is listed in resolv.conf.

So now I am lost again, perhaps it’s a routing issue?

Thanks again for your help

Volkadav wrote:
> So now I am lost again, perhaps it’s a routing issue?

i’m gonna ask a networking guru or three to look into here…hang in
for a while…but, if no calvary comes riding over the hill, i
seriously suggest you post anew (with a more descriptive subject) or
even join a mail list or IRC channel, (all of which usually operates
at a higher technical level), follow the bread crumbs from
http://en.opensuse.org/Communicate

–
palladium

Ther are two things here that must not be mixed.

1. DNS. When your DNS is not working properky that is a nusance, but it does not mean you have no access toi the Internet. DNS onnly translates hostnaems inti IP addresses (and vv). When the name can bot be ‘resolved’ (as it is called), you can not get to a host because you do not know the IP adddress. But when someone tells you, you can.
   E.g. when your browser not reach to forums.opensuse.org, but it can reach 130.57.4.15, there is definitely a DNS problem. Thus it is simply to test. Also the tool nslookup can be used

henk@boven:~> nslookup forums.openSUSE.org
Server:         194.109.6.66
Address:        194.109.6.66#53

Non-authoritative answer:
Name:   forums.openSUSE.org
Address: 130.57.4.15

henk@boven:~>

sshows that I have a functioning DNS.

2. For the Internet it is important where your routes go. Please post the output of

netstat -r

When this seem to hang, interrupt (with Ctrl-C) and try

netstat -rn

Hello hcw

As I mentioned in my op, I do not have any difficulty resolving DNS queries for both local (ISP LAN) and Internet. Both work correctly.

What doesn’t work is the ability to connect to local resources after a pptp vpn connection is established, at that point only Internet resources are available. Drop the pptp connection and local resources are once again available.

Here is the out put from the netstat -r

This is before a pptp connection is established:

gcb@linux-woe7:~> netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.17.76.0     *               255.255.255.0   U         0 0          0 eth0
loopback        *               255.0.0.0       U         0 0          0 lo
default         net-172-17-76-0 0.0.0.0         UG        0 0          0 eth0

This is after a pptp connection is established:

gcb@linux-woe7:~> netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
vpn.vladlink.la net-172-17-76-0 255.255.255.255 UGH       0 0          0 eth0
172.17.76.0     *               255.255.255.0   U         0 0          0 eth0
loopback        *               255.0.0.0       U         0 0          0 lo
default         *               0.0.0.0         U         0 0          0 ppp0

For what it’s worth here is the output from Windows 7 where I can connect to both local and remote resources simultaneously:

C:\Users\GCB>netstat -r

===========================================================================

Interface List

 33...........................Vlad

 11...00 1d 7d 04 77 6b ......Realtek PCIe GBE Family Controller

  1...........................Software Loopback Interface 1

 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2

 20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      172.17.76.1     172.17.76.47   4245

          0.0.0.0          0.0.0.0         On-link     109.126.34.99     21

         10.0.0.0        255.0.0.0      172.17.76.1     172.17.76.47   4246

      109.126.0.0  255.255.255.224      172.17.76.1     172.17.76.47   4246

      109.126.1.0  255.255.255.224      172.17.76.1     172.17.76.47   4246

    109.126.34.99  255.255.255.255         On-link     109.126.34.99    276

        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531

        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531

  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531

       172.16.0.0      255.240.0.0      172.17.76.1     172.17.76.47   4246

      172.17.76.0    255.255.255.0         On-link      172.17.76.47   4501

     172.17.76.47  255.255.255.255         On-link      172.17.76.47   4501

    172.17.76.255  255.255.255.255         On-link      172.17.76.47   4501

       172.26.0.4  255.255.255.255      172.17.76.1     172.17.76.47   4246

      192.168.0.0      255.255.0.0      172.17.76.1     172.17.76.47   4246

        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531

        224.0.0.0        240.0.0.0         On-link      172.17.76.47   4502

        224.0.0.0        240.0.0.0         On-link     109.126.34.99     21

        224.0.0.0        255.0.0.0      172.17.76.1     172.17.76.47   4247

  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531

  255.255.255.255  255.255.255.255         On-link      172.17.76.47   4501

  255.255.255.255  255.255.255.255         On-link     109.126.34.99    276

===========================================================================

Persistent Routes:

  None



IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 20   1125 ::/0                     2002:c058:6301::c058:6301

  1    306 ::1/128                  On-link

 15     58 2001::/32                On-link

 15    306 2001:0:4137:9e76:242f:1200:9281:dd9c/128

                                    On-link

 20   1025 2002::/16                On-link

 20    281 2002:6d7e:2263::6d7e:2263/128

                                    On-link

 11    276 fe80::/64                On-link

 15    306 fe80::/64                On-link

 15    306 fe80::242f:1200:9281:dd9c/128

                                    On-link

 11    276 fe80::d0ec:4359:d4ac:dae1/128

                                    On-link

  1    306 ff00::/8                 On-link

 15    306 ff00::/8                 On-link

 11    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

I’m only guessing, but looking at the flags in the first two netstat’s, it looks like there may be some confusion with gateway?

I hope this helps.

Thank you

Thanks for the output.

To begin with, I am not really aqaintanced to the use of pptp, but I can try to interprete your routing. Maybe we come a step nearer to a solution.

The Windows one I have difficulty with interpreting. To much there . In any case, it would have been better if I had asked yo directly to netsta -rn, because the windows one has IP addresses and the Linux one names.

The situation without the pptp is clear. You are on the 172.17.76.0/24 network and for everything outside it the route goes to net-172-17-76-0 (IP address 172.17.76.1 I guess).

With pptp:
We see

vpn.vladlink.la net-172-17-76-0 255.255.255.255 UGH       0 0          0 eth0

which will route everything for this system (alas no IP address) to net-172-17-76-0, which might be correct.
I am missing something like:

172.0.0.0         net-172-17-76-0 255.0.0.0         UG        0 0          0 eth0

to route everything in the 172.0.0.0/8 network (but not 172.17.76.0/24 network) again to net-172-17-76-0.

You could try to add this route manualy to see what happens. I can not test this here, but with the man page it should be about (as root):

route add 172.0.0.0 netmask 255.0.0.0 gw net-172-17-76-0

For the last term take its IP address!

This is not dangerous (as long as you are the only one working with the system). It can easily be removed with:

route del 172.0.0.0

or a reboot.

Volkadav wrote:
> What doesn’t work is the ability to connect to local resources after a
> pptp vpn connection is established, at that point only Internet
> resources are available. Drop the pptp connection and local resources
> are once again available.

wait a moment! this just occurred to me (maybe it is far out stupid, but):

maybe he just needs two networking cards OR a router OR whatever it
takes to have two completely different open and usable ‘routes’ at
the same time: one to the “local resources” and one to the
“internet”…without collisions…

ohhh…i think i hurt my brain…

–
palladium

In fact he has two devices: eth0 and ppp0 and when the routing is correct, this should function IMHO.

Hello guys, good news I think

Playing with the route command, I found that if I add;

route add -net 172.0.0.0 netmask 255.0.0.0 eth0

@hcw

Your suppositions were correct regarding the ip addeess:

linux-woe7:/home/gcb # netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.26.0.1      172.17.76.1     255.255.255.255 UGH       0 0          0 eth0
172.17.76.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
172.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp0

The only thing to make mention of is that vpn2.vladlink.lan may actually translate to one of four addresses:

172.26.0.1 - 172.26.0.4

Would this be important with what we are trying to achieve?

For now, the problem appears to be solved However, what is the best way to make the route entry permanent?

Encouraging we are on right track.

I would leave the 172.26.0.1 as it is. In your windows table it is 172.26.0.4 that is mentioned, thus I think that traffic is spread between the four and starting up your pptp may give you one of those.

Now about the other one. Why did you use

route add 172.0.0.0 netmask 255.0.0.0 eth0

instead of

route add 172.0.0.0 netmask 255.0.0.0 gw net-172-17-76-0

Did the last one not function?

In any case, as it works, it might be OK. To make it permanent, try to use YaST > Network > Network Devices and there the tab Routing. Add the route. YaST will not only do this at that moment, but also store it in /etc/sysconfig/network/routes so that it is used at boot. If that does not give satisfying results, come back here to discuss a different approach.

When I use the syntax you provided, I get:

voyager:/home/gcb # route add 172.0.0.0 netmask 255.0.0.0 gw net-172-17-76-0
net-172-17-76-0: Unknown host

So I looked at the man page and played with a few ideas until I found one that worked. Do you think this is incorrect?

Thanks for all your help

I am not sure it is incorrect. But in fact I asked for:

route add 172.0.0.0 netmask 255.0.0.0 gw net-172-17-76-0

For the last term take its IP address!

That would have made it:

route add 172.0.0.0 netmask 255.0.0.0 gw 172.17.76.1

as we know now.