VPN Connection is fine JUST BETWEEN the server and the client:
the network connection of the client BECOME disconnect to the internet network after I have connected to VPN.
So, I know I should do the routing in order to enable the network connection.
That is, the client should connect to the internet through the opensuse server…
But I stuck on this step…
I want to force my client to connect the internet through opensuse gateway…
Could anyone kindly help me?
suppose that I have a real ip for opensuse: 111.111.111.111
subnet mask: 255.255.254.0
Default Gateway: 111.111.111.254
DNS1: XXX.XXX.XXX.XXX
DNS2: XXX.XXX.XXX.YYY
in pptpd.conf:
localip: 192.168.0.1
remoteip: 192.168.1.100-199
On 02/05/2013 05:06 AM, vd3000 wrote:
> I have been struggling in the PPTP server setup for 3 weeks.
> OPENSUSE PPTP VPN SERVER
not sure, but you might get more help if you were to post to the correct
forum…suggest you press the “Report” button at the bottom of your
message and report this thread as being in the wrong forum and ask a
moderator to kindly move it to the forum named Network/Internet -
Questions about internet applications, network configuration, usage
(SAMBA, network printing, NFS) here http://forums.opensuse.org/english/get-technical-help-here/network-internet/
then maybe a networking guru roaming those halls will see your question.
and, also PLEASE tell us the version of which operating system, if not
absolutely certain then just copy/paste the output from
cat /etc/SuSE-release
oh, and if a desktop environment is involved, please tell which one and
what version…
and, are you using Network Manager, ifup, YaST or are you manually
editing config files (and if only doing manual editing please tell why)…
Hello,
Sounds like you’re asking for a “Split VPN.”
By default, it’s usually not permitted because it’s considered a security issue… your machine could become the authenticated gateway through the VPN for exploits that come from the Internet.
So,
Depending on your situation, the usual “better” solution is to use the remote gateway pointing to the DG of the network you’ve VPN’d to.
Otherwise, if the Admin hasn’t blocked configuring a Split VPN on your end, depending on how you connect you can usually enable “Split” (There are also likely other Forum posts on this same topic). Just be careful what you do if you do this.
Suppose that I need to download files from “HOST C” through my VPN server, should I config anything on the VPN server? for example, arproxy…
Yesterday, I was messing around this, but no hope…
Actually, I could basically connect the VPN server to the client very well (could ping in both direction) but I cannot connect to the internet through this VPN server…
Thanks.
Actually,
My comment about a Split VPN only applies to the client, not the Server.
So, clarifying that you really are talking about the Server, typically in an office or datacenter which might serve multiple clients and not the client which typically a personal machine?
If this really is a server, need to know if this machine is configured with multiple IP addresses and which are allocated to VPN, which are not.
The situation may be described in this way:
I have an OPENSUSE server 12.2 with a fixed IP address 111.111.111.111 and this server could not served as a router because I have only 1 lan port and I could only get one IP from my company. (Actually I could ask my colleague to allocate more IP to me if necessary). 20 years ago, our company policy only allow us to download the company files (ie. HOST C) in our office desktop only. Our boss actually has dumped this policy and most important, that is an old server and no one wants to make any change on it… The old technician has already retired and the new technician is always “busy” on his iphone…
So, after I asked my boss, I would like to build a VPN server myself and let my colleagues to connect through the server and download the documents in their homes.
So, if I would like to make a VPN server, what should I do?
I could connect my home desktop to my VPN server already but I could not access the files on (HOST C) or even connect to the internet.
I have tried to make the split VPN long time ago and it fixed my internet problems but it still could not download the files on Host C.
It is impossible to answer anything without seeing network configuration of Host C, your client and VPN server, but most probably Host C simply does not know how to contact your client (and as you apparently do not use VPN as default gateway on client, your client may also lack information how to contact Host C).
You need to setup proper routes on both sides, client and Host C.
Your openSUSE server has one NIC configured with an external address, but does it also have an internal NIC?
Is your openSUSE server in a firewalll DMZ? Your DG router for instance might be configured to expose only specified hosts to the Internet (bridged or routed). Also, depending on what you have it’s likely you’ll have to physically disconnect he old VPN server and maybe “re-arp” so machines know what new machine is using the public address (bottom line it may be simpler to uselconfigure a different IP address. If you’re bridging and not routing then you can’t just point to your new machine, you will need to ask for that additional address).
If your openSUSE is multi-homed (2 or more NICs) is it also the DG for your network?
I understand Host C to be a host in your Office LAN where the files are stored which you want to make accessible to remote hosts through the VPN connection (please verify).
You are asking about accessing Internet resources while connected using the VPN, is that still an issue and if so then from which machine? Typically should not be an issue if you’re talking about the openSUSE server, could require a special configuration if you’re talking about the remote host using the VPN.
I have only 1 external NIC.
So, should I also install a NIC in order to serve it as a router?
I suppose it could share the network just like the virtual machine client in a host…
Please correct me if I am wrong.
I also notice that other VPN server also could allocate a real IP to the client so that the client could connect to internet…
Right, my server is set at DMZ.
I have open the port for PPTP, 1723 and GRE also opened in DMZ.
Actually, my home client could ping Host C even I do not connect the VPN server. However, after I connect to the VPN server, my client could not ping host C… so, what’s wrong?
Yes, that is the typical way of setting up a VPN server. The external NIC would be in the DMZ and the internal NIC would be in the Internal Zone. There may be other configurations but I don’t believe are common and if someone presented that scenario I’d have to study it.
I’ve thought about your setup and how it might work, it’s peculiar in that you said that that Host C is assigned a public IP address (is that really true?). Unless your old VPN server is performing some kind of hairpin routing, that machine has to be co-ordinating something in your Firewall, or your Firewall has a pre-existing configuration that routes PPTP to Host C and only needs authentication from the PPTP server. If something like this is happening, then there is much more to your situation than what you’ve described.