Hey folks, I've been having trouble getting a VPN working into my employer's network. I assume that it's a routing problem. Some forum trolling hasn't turned up much - but it's kinda hard to describe and search for. Also worth mentioning that I'm sure it's at my end - as I can VPN from my Windows box. Here's what I've done (Using Ubuntu 6.10 - Edgy Eft): - I have installed, and am using pptpconfig (running as root with "sudo") - I've got a tunnel configured with a name, IP address (confirmed correct), username, and password. I did not specify a domain, as when I use the one I think correct - I get disconnected. - I've got three routes configured as "Client to LAN" under pptpconfig's Routing tab: - 192.168.1.0/24 for the "regular" network at my employer's - 192.168.0.0/24 for the "admin" network at my employer's (DNS servers and such) - 10.2.0.0/24 for the "lab" network - We'll say my home LAN is 192.168.256.x (not 256, obviously, but not 0 or 1 either). - The encryption tab has "Require Microsoft Point-to-Point Encryption" and "Refuse to Authenticate with EAP" checked - I believe these are the defaults. - I have enabled debugging as well. When I launch the tunnel - I get the following in the log window (names changed to protect the innocent): pptpconfig: debug information dump begins WARNING: security sensitive information follows pptpconfig 1.12 2006/08/21 06:19:12 # pptp --version pptp: unrecognized option `--version' pptp version 1.7.0 Usage: pptp <hostname> [<pptp options>] [[--] <pppd options>] Or using pppd's pty option: pppd pty "pptp <hostname> --nolaunchpppd <pptp options>" Available pptp options: --phone <number> Pass <number> to remote host as phone number --nolaunchpppd Do not launch pppd, for use as a pppd pty --quirks <quirk> Work around a buggy PPTP implementation Currently recognised values are BEZEQ_ISRAEL only --debug Run in foreground (for debugging with gdb) --sync Enable Synchronous HDLC (pppd must use it too) --timeout <secs> Time to wait for reordered packets (0.01 to 10 secs) --nobuffer Disable packet buffering and reordering completely --idle-wait Time to wait before sending echo request --max-echo-wait Time to wait before giving up on lack of reply --logstring <name> Use <name> instead of 'anon' in syslog messages --localbind <addr> Bind to specified IP address instead of wildcard --loglevel <level> Sets the debugging level (0=low, 1=default, 2=high) # pppd --version pppd version 2.4.4 # uname -a Linux pippin 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux # modinfo ppp_mppe || modinfo ppp_mppe_mppc filename: /lib/modules/2.6.17-11-generic/kernel/drivers/net/ppp_mppe.ko author: Frank Cusack <fcusack [ at ] fcusack [ dot ] com> description: Point-to-Point Protocol Microsoft Point-to-Point Encryption support license: Dual BSD/GPL alias: ppp-compress-18 version: 1.0.2 vermagic: 2.6.17-11-generic SMP mod_unload 586 REGPARM gcc-4.1 depends: ppp_generic srcversion: 6B88E623CA7C4D7FE2F11FA # grep mppe /proc/modules ppp_mppe 8452 0 - Live 0xd0aac000 ppp_generic 30612 2 ppp_mppe,ppp_async, Live 0xd0aeb000 Array ( [name] => MyCo VPN [server] => www.xxx.yyy.zzz [domain] => [username] => myusername [password] => (hidden by pptpconfig) [pppd-options] => [pptp-options] => [resolv] => [dns-options] => [routing] => routing_client_to_lan [usepeerdns] => 1 [require-mppe] => 1 [nomppe-40] => [nomppe-128] => [refuse-eap] => 1 [mppe-stateful] => [autostart] => 1 [iconify] => [persist] => [debug] => 1 [client-to-lan] => a:3:{s:14:"192.168.1.0/24";s:19:"MyCo Main Network";s:11:"10.2.0.0/24";s:18:"MyCo Lab Network";s:14:"192.168.0.0/24";s:20:"MyCo Admin Network";} ) # route -n (before pppd) Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.256.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.256.1 0.0.0.0 UG 0 0 0 eth0 pptpconfig: debug information dump ends, starting pppd pppd options in effect: debug # (from /etc/ppp/peers/MyCo%20VPN) updetach # (from command line) logfd 1 # (from command line) linkname MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN) dump # (from /etc/ppp/peers/MyCo%20VPN) noauth # (from /etc/ppp/options.pptp) refuse-chap # (from /etc/ppp/options.pptp) refuse-mschap # (from /etc/ppp/options.pptp) refuse-eap # (from /etc/ppp/options.pptp) name myusername # (from /etc/ppp/peers/MyCo%20VPN) remotename MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN) # (from /etc/ppp/options.pptp) pty pptp 209.217.82.98 --nolaunchpppd # (from /etc/ppp/peers/MyCo%20VPN) crtscts # (from /etc/ppp/options) # (from /etc/ppp/options) asyncmap 0 # (from /etc/ppp/options) lcp-echo-failure 4 # (from /etc/ppp/options) lcp-echo-interval 30 # (from /etc/ppp/options) hide-password # (from /etc/ppp/options) ipparam MyCo%20VPN # (from /etc/ppp/peers/MyCo%20VPN) proxyarp # (from /etc/ppp/options) usepeerdns # (from /etc/ppp/peers/MyCo%20VPN) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe # (from /etc/ppp/peers/MyCo%20VPN) require-mppe-128 # (from /etc/ppp/options.pptp) noipx # (from /etc/ppp/options) using channel 13 Using interface ppp0pptpconfig: monitoring interface ppp0 Connect: ppp0 <--> /dev/pts/1 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72b41d37> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:mac.address.redacted]> < 17 04 02 b9>] sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 02 b9>] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x22d531ea> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>] sent [LCP ConfNak id=0x1 <auth chap MS-v2>] rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>] sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72b41d37> <pcomp> <accomp> <endpoint [local:mac.address.redacted]>] sent [LCP EchoReq id=0x0 magic=0x22d531ea] rcvd [CHAP Challenge id=0x0 <hexcode redacted>, name = "MyCo-DC01"] sent [CHAP Response id=0x0 <hexcode redacted>, name = "myusername"] rcvd [LCP EchoRep id=0x0 magic=0x72b41d37] rcvd [CHAP Success id=0x0 "S=hexcode redacted"] CHAP authentication succeeded sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>] rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>] sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>] rcvd [IPCP ConfReq id=0x5 <addr 192.168.1.105>] sent [IPCP TermAck id=0x5] rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>] sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>] sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>] MPPE 128-bit stateless compression enabled sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] rcvd [IPCP ConfNak id=0x2 <addr 192.168.1.119> <ms-dns1 192.168.0.8> <ms-dns3 192.168.0.3>] sent [IPCP ConfReq id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8> <ms-dns3 192.168.0.3>] rcvd [IPCP ConfAck id=0x3 <addr 192.168.1.119> <ms-dns1 192.168.0.8> <ms-dns3 192.168.0.3>] rcvd [IPCP ConfReq id=0x7 <addr 192.168.1.105>] At this point - I would appear connected. An "ifconfig -a" shows that the ppp interface has the address 192.168.1.119. Nonetheless, I can not ping/access the machines I would expect inside the corporate network, and I can not access the internet. Any advice? Thanks. -- "My country is the world, and my religion is to do good." -- Thomas Paine