VPN routing problem

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 6:33    Post subject: VPN routing problem Reply with quote
I am having a routing problem between my PPTP VPN network and my home network. I hope someone can offer some suggestions.

The PPTP VPN is connecting without any difficulty and I am able to ping both the IP address provided by the VPN to the router and the VPN network side IP address while SSH’d into the router. However, I am not able to other IPs on the VPN side of the connection.

However, if I try to ping from a computer on the home network; I can ping the IP address provided to by the VPN but not the VPN network side.

For example:

Home Network
172.16.112.0
255.255.255.0
GW IP: X.X.X.X (ISP/DHCP)
Router: 172.16.112.1

VPN Network
192.168.0.0
255.255.0.0
VPN Side: 192.168.220.200

VPN Provided IP: (Dynamic)
192.168.220.201

Home Computer
172.16.112.2

From 172.16.112.2, I can ping 192.168.220.201 fine.
From 172.16.112.2, I cannot ping 192.168.220.200 or any other VPN side address.

While SSH’d into the router I can ping 192.168.220.201 fine.
While SSH’d into the router I can ping 192.168.220.200 fine.
While SSH’d into the router I cannot ping 192.168.220.6 or any other IP on the VPN side.

I want to continue to use the ISP IP for my normal internet traffic but I want to route all 192.168.x.x traffic through the VPN connection. Please help if you can.
Back to top View user's profile Send private message
Sponsor
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 6:56    Post subject: Reply with quote
The NAT is enabled on the PPTP VPN config. However, I am unsure of how to verify NAT beyond that.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 7:06    Post subject: Reply with quote
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 X.X.X.1 0.0.0.0 UG 0 0 0 vlan2
X.X.X.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
172.16.112.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.220.200 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
Y.Y.Y.Y X.X.X.1 255.255.255.255 UGH 0 0 0 vlan2

The X.X.X and Y.Y.Y addresses are ISP related.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 7:23    Post subject: Reply with quote
The VPN server is Windows Server 2008 R2 using RRAS. I do have access to the network servers including the RRAS server. My role is database related so I am hesitant to make any changes to that server, but I can verify that the VPN connection is operating.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 7:41    Post subject: Reply with quote
like so?

route add -net 192.168.0.0 netmask 255.255.0.0 dev ppp0
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 7:54    Post subject: Reply with quote
That seems to almost do the trick.

I can now ping any address within the 192.168.0.0 network while SSH'd. However the computer on the 172.16.112.0 network still cannot.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 8:04    Post subject: Reply with quote
For example:

pinging from computer on 172.16.112.0 network.

192.168.220.201 OK
192.168.220.200 NO
192.168.220.6 NO
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 8:13    Post subject: Reply with quote
Chain POSTROUTING (policy ACCEPT 2937 packets, 202K bytes)
pkts bytes target prot opt in out source destination
18976 1821K SNAT 0 -- * vlan2 172.16.112.0/24 0.0.0.0/0 to:XX.XXX.X.XXX
0 0 MASQUERADE 0 -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x80000000/0x80000000
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 8:20    Post subject: Reply with quote
It is/was active and the NAT is enabled.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 8:29    Post subject: Reply with quote
That works. Excellent work, thank you.

Now I just need to figure out how to run those 2 commands when the VPN connects.
Back to top View user's profile Send private message
Grefyne
DD-WRT Novice


Joined: 22 Nov 2015
Posts: 11
PostPosted: Sun Nov 22, 2015 8:39    Post subject: Reply with quote
Thank you for your help. I will see if that works. I suspect its a bad configuration on the other side of the VPN, i have heard of others at work complaining about the VPN.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum