Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Avoid creating PPTP default routes' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid creating PPTP default routes
Authored by: BobHarris on Nov 02, '03 08:41:16PM

Using this hint, I have managed to setup split route PPTP tunnels into my company.

Beside the pppd perl, I added 2 additional scripts

/etc/ppp/ip-up
/etc/ppp/ip-down

In /etc/ppp/ip-up, I placed commands to route work specific subnets to the PPTP tunnel.

I also setup my own /etc/resolv.conf file so that the PPTP tunnel supplied DNS servers IP addresses were part of the list, as well as at least one of the DNS servers for my ISP.

The /etc/ppp/ip-up script also saved the original /etc/resolv.conf file which would be used later by /etc/ppp/ip-down to restore the original DNS server list.

So for example (and this is just a very simplistic example):

#!/bin/sh
# /etc/ppp/ip-up
route add 192.168.0.0 $IPREMOTE
cp /etc/resolv.conf /etc/resolv.conf.pppd.save
echo nameserver $DNS1 >/etc/resolv.conf
echo nameserver 151.203.0.85 >>/etc/resolv.conf
echo nameserver $DNS2 >>/etc/resolv.conf

#!/bin/sh
# /etc/ppp/ip-down
cp /etc/resolv.conf.ppp.save /etc/resolv.conf

The above 2 example scripts must be made executable:

chmod +x /etc/ppp/ip-up
chmod +x /etc/ppp/ip-down

$IPREMOTE, $DNS1, $DNS2 are environment variables setup by the real pppd (previously renamed pppd.orig by the base hint).

So if you have put in place the perl script of this base hint to act as a faux pppd that replaces the defaultroute command line option with nodefaultroute, then when you use Internet Connect to connect a PPTP VPN tunnel, the 3 scripts will work together to setup split routing and DNS services for your PPTP connection.

For more information about ip-up and ip-down, read the pppd man page (man pppd).

Good luck.

Bob Harris



[ Reply to This | # ]
Avoid creating PPTP default routes
Authored by: tfield1974 on Feb 06, '04 01:11:39PM

This is a great tip (especially iwth the ip-up/ip-down addition). However, for some reason I am unable to get my route add statement to be recognized, so I'm basically blocked out of my work network (10.128). As a result, I have to figure out what my remote IP is and manually add the route myself - which seems to not really be the point.

Here's my ip-up:

#!/bin/sh
# /etc/ppp/ip-up
route add -net 10.128 $IPREMOTE
cp /etc/resolv.conf /etc/resolv.conf.pppd.save
echo nameserver $DNS1 > /etc/resolv.conf
echo nameserver 192.168.2.1 >> /etc/resolv.conf
echo nameserver $DNS2 >> /etc/resolv.conf

Here's what I use to manually add the route statement:
sudo route add -net 10.128 my.remote.ip.address

Any suggestions?

Thanks!
Tony



[ Reply to This | # ]
Avoid creating PPTP default routes
Authored by: slowdog on Mar 08, '04 02:30:40PM
This hint worked for me very well until I (unfortunately) applied "Security Update 2004-02-23 for Panther Client". Now I can't get this hint, or any of the others related with split routing to work. When trying to start the vpn using Internet Connect, I immediately get the error:

The connection has failed. Please verify your settings and try again.

And nothing is written to the vpn log.

This hint just hangs, with no connection or writing to the log.

Has anyone else had this problem? Any fixes/work arounds?

[ Reply to This | # ]