Weird pptp problem, connected but no traffic past mt

shmali · March 13, 2006, 3:56am

Heres the basic layout of my network. I’ve got one mt in my office (device1) set up as a pptp server and i have an mt set up offsite (device2) acting as the router for a network of mt access points as well as a pptp client. I’ve followed the examples in the manual and set up a pptp between the two and it runs fine. However the problem i’m running into is that i can’t seem to communicate with any of the access points behind device2. heres the general configuration.

Device1
Setup as pptp server

Ip address

ADDRESS NETWORK BROADCAST INTERFACE

1 192.168.0.1/24 192.168.0.0 192.168.0.255 wlan1
3 D 10.9.9.1/32 10.9.9.3 0.0.0.0

routes

DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE

0 AD 10.6.9.0/24 r 10.9.9.3 1
1 ADC 10.9.9.3/32 10.9.9.1

Device2
setup as pptp client
all other mt accesspoints are set up behind here on 10.6.9 network

ip address

ADDRESS NETWORK BROADCAST INTERFACE

0 10.6.9.1/24 10.6.9.0 10.6.9.255 bridge1
3 D 10.9.9.3/32 10.9.9.1 0.0.0.0 pptp-RockyPoint

Route

DST-ADDRESS PREFSRC G GATEWAY DIS INTERFACE

1 ADC 10.6.9.0/24 10.6.9.1 bridge1
2 ADC 10.9.9.1/32 10.9.9.3 pptp
4 A S 192.168.0.0/24 r 10.9.9.1 pptp

now the funny thing is that i can ping users on the 192 network from device2, and i can ping users on the 10.6.9 network from device1. But i can’t seem to ping/access any of the mt accesspoints behind device2 that are on the 10.6.9 network.

I’ve been searching old posts for any info bt haven’t come up with anything yet. If anyone has any info or tips i would greatly apreciate it. Thanks

macgaiver · March 13, 2006, 6:52am

First ideas:

Routes, Firewall, address conflict!!

mag · March 13, 2006, 7:37am

if PPTP is using the same address-space as the LAN, proxy-arp has to be enabled on the LAN-interface.

shmali · March 13, 2006, 6:20pm

mag, i had seen a post that talked about using proxy arp so i already had that turned on. But that idn’t seem to make a difference.

macgaiver, i’m fairly new to this and a little confused. are you saying i need to use more routes and nat rules or that the nat rules and the routes will cause an address conflict.

I tried (with little success) to set up some nat rules that catch all traffic for the other subnets and route them over the pptp address. any suggestions on where i can find some examples relating to nat rules/routing with relation to pptp. the manual shows the route setup example for pptp but nothing concerning nat.

andrewluck · March 14, 2006, 10:11am

The only difference I an see between the two devices is that device 2 has a bridged interface on it. Can you provide some more details on this.

Regards

Andrew

mag · March 14, 2006, 11:09am

this is working configuration-example, using 10.10.10.0 as transfer-net:

/ ppp secret 
	add name="user" service=pptp password="password" local-address=10.10.10.1 remote-address=10.10.10.2
/ interface pptp-server server 
	set enabled=yes 
/ interface pptp-server
	add user=user

/ip route add dst-address=<ip-network-client-side> gateway=10.10.10.2

/ interface pptp-client
	add connect-to=<public-ip-server> user=user  password="password" disabled=no

/ip route add dst-address=<ip-network-server-side> gateway=10.10.10.1