pptpd server does not route internet traffic?

Question

I have set up a pptpd server on my computer and clients can connect to it successfully. I have enabled ip_forwarding in /etc/sysctl.conf and added the following rule to my iptables to masquerade the traffic.

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

And there is no other restricting rule in my iptables.

my pptpd ip configuration is :

localip 192.168.0.1 remoteip 192.168.0.2-254

and my local ip range is 192.168.1.0/24

the problem is my clients can not access internet via my server, is there anything else i should have done ? (both my server and clients are on the same local network)

If the server and clients are on the same network, then why the VPN? — Zoredache, Oct 17 '11 at 19:19
Allow me to repeat, why do you need a VPN? If they are on the local network just setup a route or change the default gateway. — Zoredache, Oct 17 '11 at 19:39
For more control and security I need them to use VPN to access the internet and without it just have access to the local network. — Scarlet, Oct 17 '11 at 19:47
You're masquerading your own reply packets to hosts on the LAN. You need to add '-d ! 192.168.0.0.24` (or similar) to the MASQUERADE rule. — David Schwartz, Oct 17 '11 at 19:54
Still nothing with : iptables -t nat -A POSTROUTING -d 192.168.0.0/24 -j MASQUERADE — Scarlet, Oct 17 '11 at 20:05

MikeyB · Accepted Answer · 2011-10-17T21:10:00.977

1

You are doing it wrong.

Using a VPN here gives you no additional security or benefit.

Get rid of it. Simpler is always better.

If you're trying to enforce the rule that users have to be "logged in" to get out of your network, use a proxy. For example, Squid & Squidguard.

edited Oct 17 '11 at 21:10

answered Oct 17 '11 at 20:35

MikeyB

38,725
10
102
186

pptpd server does not route internet traffic?

1 Answers1