[Gllug] proxy-arp and a vpn

Tom Schutzer-Weissmann trmsw at yahoo.co.uk
Sat Jun 18 00:27:20 UTC 2005


On Fri, 2005-06-17 at 22:01 +0100, Martin A. Brooks wrote:
> Tom Schutzer-Weissmann wrote:
> > any comments very welcome
> 
> You're being vague.
> 
> "does work" and "doesn't work" are actually _very_ unhelpful terms when 
> debugging a problem.

sorry, you're quite right, I just had the feeling you'd all be sick of
the saga by now...

I have an old Compaq laptop with 2 wireless cards, close enough to an
ADSL router for a wireless connection. One wireless card talks to the
router, one to my Thinkpad. Both have the same ip address, and I use
proxy-arp to enable the Thinkpad, which has the address 192.168.2.200,
to reach ADSL router and the internet beyond (obviously, the ADSL router
is doing NAT)

Fine.

The Thinkpad can now successfully connect, via a PPTP VPN, to the
network at my workplace, 192.168.254.0/24. Once connected it can ping
any host on the work network, no problem at all.

What "doesn't work" is:

- ssh
- MS Exchange

I can't ssh a host on the work network, eg (the Thinkpad *was*
expensive):

tom at expensive:~$ ssh root at 192.168.254.20
ssh_exchange_identification: Connection closed by remote host

If I try and get work email from the exchange server on the work
network, evolution just hangs.

On the other hand, if I connect to the VPN from the Compaq, and then use
NAT to let the Thinkpad access the 192.168.254.0 (work) network, the
Thinkpad successfully ssh-es hosts on that network, and can get emails
off its exchange server.

I had believed that by using proxy-arp on the Compaq I had transparently
extended the ADSL router's local network beyond the bounds of its
wireless reach. This seemed to be confirmed by the ability to connect to
a VPN from my Thinkpad - were it not for the problems described above.

So I was wrong in thinking that the hard part was connecting to the VPN,
and that once the connected machine had an interface that was on the VPN
(in this case ppp0), any TCP-based activity through the interface would
"just work."

At the moment all I can think of is DNS: the ADSL router does DNS and
reverse DNS for DHCP-ed hosts, eg the Compaq, but the Compaq extends the
192.168.2.0/24 network to hosts that the router knows nothing of.

all the best,
Tom Weissmann








	
	
		
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list