Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PPTP client doesn't work #95

Open
aekrylov opened this issue Nov 30, 2018 · 2 comments · May be fixed by #96
Open

PPTP client doesn't work #95

aekrylov opened this issue Nov 30, 2018 · 2 comments · May be fixed by #96

Comments

@aekrylov
Copy link

I'm trying to run pptp image. compose starts successfully, but after that connectivity is completely lost on my machine. Tried to ping public internet or even my VPN gateway, doesn't work
docker-compose file and output logs are here
There's a suspicious line there:
Error: either "to" is duplicate, or "uid" is a garbage.

The host runs on Ubuntu Bionic,
docker version is 18.09.0
docker-compose version is 1.23.2
@aekrylov aekrylov changed the title Problems running pptp PPTP client doesn't work Nov 30, 2018
@asilenkov
Copy link

asilenkov commented Nov 30, 2018
edited

That message
Error: either "to" is duplicate, or "uid" is a garbage is a message from the ip command which pptpclient presumably uses to set up the connection.

Offending lines are
https://github.com/vimagick/dockerfiles/blob/master/pptp/docker-entrypoint.sh#L21-L22

Probably should be simply

ip route del 0.0.0.0/1
ip route del 128.0.0.0/1

But it's not fatal in our case. Except this thing Docker image is ok.
According to your logs pptp client is okay and could complete session initialization successfully
LCP ConfReq is okay too which means GRE is working.
Script /etc/ppp/ip-up finished (pid 30), status = 0x0

You have to fix your routing problem.
I'm not so good in networking but it looks like

0.0.0.0/1 dev ppp0 scope link 
128.0.0.0/1 dev ppp0 scope link

ppp is trying to override your default route as bigger mask wins and all your outgoing traffic goes through your new connection initiated by pptp client. Ingoing part is still default route and it's a big surprise for your ssh client.

As iptables -L output is missing its hard to say more.

  1. Probably it could be better to use ip rule here.
    Something like
ip rule add from 10.10.129.0/24 table vpn.out 
ip route add default dev ppp0 table vpn.out

iptables -t nat -A POSTROUTING -s 10.10.129.0/24 -o ppp0 -j MASQUERADE

So you could segregate traffic a bit not routing all the stuff but only a small part.

  1. Or setup static route from your host with pptp to your ssh client which you wanted to connect from.

  2. Or add to https://github.com/vimagick/dockerfiles/blob/master/pptp/docker-entrypoint.sh (somewhere after line 5 up to 8)
    defaultroute
    while removing lines https://github.com/vimagick/dockerfiles/blob/master/pptp/docker-entrypoint.sh#L13-L23
    to completely overwrite default route (dangerous).
    In this case you have to provide all static routes to all hosts you need beforehand or you will loose your host when pptp server goes down.

@aekrylov
Copy link
Author

aekrylov commented Dec 2, 2018

@sn00p thanks for the response! I'm using PPTP to access corporate intranet, so I removed ip route add commands and added a route for intranet IPs (10.0.0.0/8), now everything works as expected. I think it would be cool to make this configurable

@aekrylov aekrylov linked a pull request Dec 4, 2018 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Configurable routes for PPTP client aekrylov/dockerfiles
2 participants
@asilenkov @aekrylov