Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Point to Point Tunneling Protocol' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Point to Point Tunneling Protocol
Authored by: hayne on Sep 09, '03 02:12:55PM

PPTP is the "Point to Point Tunneling Protocol" and is used for creating a VPN (Virtual Private Network). If you aren't doing VPN (you would know if you were), then this is not relevant for you.

The problem with the default route that this hint is trying to avoid is that it interferes with other network connectivity (e.g. to a local router). A default route specifies where to send packets that are destined for IP addresses other than those explicitly mentioned - usually this applies to packets addressed to machines outside the local network.

Read more here:
http://www.macdevcenter.com/pub/a/mac/2002/12/20/vpn.html
There was a previous hint about setting up PPTP:
http://www.macosxhints.com/article.php?story=20030311232930261
That hint showed how to run the ppp command manually with the options desired, thus avoiding the default route.



[ Reply to This | # ]
Point to Point Tunneling Protocol
Authored by: denty on Sep 09, '03 06:42:23PM

An alternative to altering the way pppd works is to set up the local routing table so that more specific routes already exist to the places you want to go on your LAN/intranet.

For example, if your local intranet uses the 10.0.0.0 network (as many do), if 10.x.y.z is the address of your local network router, then saying:

sudo route add 10.0.0.0/8 10.x.y.z

will make your local intranet immune from the defaultroute problem.

In this scenario, all intranet traffic will go via en0, as before, while internet traffic will go by whatever PPP/PPTP says.

If you really want almost all traffic to go via en0 (with only those very specific tunelled networks going by the PPP link), you can say:

sudo route add 0.0.0.0/1 10.x.y.z
sudo route add 128.0.0.0/1 10.x.y.z

This has almost the same effect as blocking out PPP/PPTP's defaultroute (which is equivalent to 0.0.0.0/0) because both 0.0.0.0/1 and 128.0.0.0/1 are more specific (the number after the slash is bigger). Together, these two routes cover the whole of the internet.

If you get into a mess with routing, 'netstat -nr', 'route get' and 'route delete' are your friends.

d.



[ Reply to This | # ]