Accessing guests on virtual network when connected to host via PPTP

Question

I'm setting up a development machine which runs Ubuntu 12.04 and KVM for virtualization. I have a guest running Ubuntu 12.04 which can be accessed from the host via its IP address which is assigned by libvirt. The guest can also access the internet, no problem there.

However, now I want to setup PPTP so I can connect to the host (from my workstation running Windows 7) and directly access guests without relying on SSH port forwarding.

I can connect from my W7-machine to the host (PPTP), but I cannot access any virtual machines (which are accessable from the host directly).

Relevant configuration files

cat /etc/network/interfaces

auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   x.x.x.x
  broadcast x.x.x.x
  netmask   x.x.x.x
  gateway   x.x.x.x

# default route to access subnet
up route add -net x.x.x.x netmask x.x.x.x gw x.x.x.x eth0

virsh net-edit default

<network>
  <name>default</name>
  <uuid>xxxxxxxx-72ce-3c20-af0f-d3a010f1bef0</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='52:54:00:xx:xx:xx'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
      <host mac='52:54:00:yy:yy:yy' name='web1' ip='192.168.122.11' />
    </dhcp>
  </ip>
</network>

cat /etc/pptpd.conf (commented lines removed)

# TAG: option
#   Specifies the location of the PPP options file.
#   By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: logwtmp
#   Use wtmp(5) to record client connections and disconnections.
#
logwtmp

#(Recommended)
localip 192.168.122.1
remoteip 192.168.122.234-238,192.168.122.245

cat /etc/ppp/chap-secrets*

# Secrets for authentication using CHAP
# client    server  secret          IP addresses
xxxxx       *       yyyyyyyyyy              192.168.122.100

I get the correct IP address when connecting my W7-machine, but when I try to ping the virtual machine at 192.168.122.11 I get

Reply from 192.168.122.1: Destination port unreachable.

It's probably something trivial I'm missing but I can't for the life of me figure out what it is. So I'm turning to you, serverfault.

Why do people still use PPTP? It's insecure and always will be because of its design defects. Why establish an insecure VPN when OpenVPN or IPSec are viable instead? — joechip, Sep 07 '12 at 05:51

score 0 · Answer 1 · answered Sep 04 '12 at 19:49

I believe you need to setup a virtual interface that will route you into the network of your server. I got this to work once in OpenVPN, but the PPTP setup should be similar.

Here's a howto I found which looks to be what you need:

http://pptpclient.sourceforge.net/routing.phtml#client-to-lan

score 0 · Accepted Answer · edited Apr 13 '17 at 12:14

After you've connected to the VPN, just add a route on your Windows machine via cmd

Eg. Start > run > cmd.exe

route ADD 192.168.122.0 MASK 255.255.255.0  192.168.122.100 METRIC 0 
       destination^     ^mask                ^gateway   metric^    ^

Just set the params as necessary.

You'll also need to make sure you are routing the traffic accordingly on the host system. iptables is a solid choice for this.

Eg.

iptables -t nat -I POSTROUTING -o ppp+ -s 192.168.122.0/24 -j MASQUERADE

And if you want to access the internet via it too (ie. using the remote gateway)

iptables -t nat -I POSTROUTING -o eth+ -s 192.168.122.0/24 -j MASQUERADE

OpenVPN

OpenVPN has a nice feature where the host can push routes to the client, but the principal is the same. If you want to go down that route, I've written a good guide here, https://serverfault.com/a/403016/113375

That wouldn't be it, the dest unreachable is coming from 192.168.122.1, the pptp client is already trying to use it as a gateway. — quadruplebucky, Sep 08 '12 at 18:20

Accessing guests on virtual network when connected to host via PPTP

Relevant configuration files

2 Answers2

OpenVPN