Recently i faced the problem of connecting two LANs using PPTP and an intermediate PPTP server. I had to use this approach because the network setup was such that none of the LAN routers (DD-WRT) could contact the other but both could contact an intermediate server.
In order to achieve this PPTP clients must be always assigned the same IP and when connected, routes to each LAN must be added to the routing table of the intermediate server.
|Network name||IP range|
|PPTP Server network||172.16.4.0/24|
PPTP Clients and server
I installed a PPTP server on a CentOS server using this HOWTO and i assigned static IPs for the two routers. To assign static IPs on PPTP clients you must enter the desired IP in the chap-secrets file.
chap-secrets file on the intermediate server:
# Secrets for authentication using CHAP # client server secret IP addresses LAN1 * LAN1pass 172.16.4.200 LAN2 * LAN2pass 172.16.4.201
This way each client (router) gets always the same IP. Make sure that these static IPs are not in the PPTP client IP range.
Then setup DD-WRT PPTP clients to connect to the intermediate server:
The final step is to add a route to each router's LAN when it connects.
There is a file for running commands when PPP goes up or down. On CentOS it is located at /etc/ppp/ip-up.local or /etc/ppp/ip-up
Adding the following lines does the trick:
#!/bin/bash case "$5" in 172.16.4.200) /sbin/route add -net 172.16.3.64/26 gw 172.16.4.200 ;; 172.16.4.201) /sbin/route add -net 172.16.3.128/26 gw 172.16.4.201 ;; *) esac
Make the script executable: chmod 755 ip-up.local
Arguments available in ip-up and ip-up.local scripts
|$1||the interface name used by pppd (e.g. ppp3)|
|$2||the tty device name|
|$3||the tty device speed|
|$4||the local IP address for the interface|
|$5||the remote IP address|
|$6||the current IP address before connecting to the VPN|
We have done this and it works but if the VPN drops and then comes back up the old route stays inplace on the interface that was first assigned eg : ppp0 and the route no longer works unless I run /etc/init.d/pptpd restart-kill and then run /etc/init.d/pptpd start.
Which then kills all the users VPN's.
I can look for the processes and kill the ones from the Source public IP manually. (ps ax |grep ppp) There will be two showing in the processes, the one that dropped and the one that now reconnected.
Try copying ip-up.local to ip
Try copying ip-up.local to ip-down.local and then replace route add with route del in ip-down.local.
I will test it when i have the time.
Add new comment