Re: VPN inside VPN?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 02/09/2011 09:35 AM, Cameron Kerr wrote:
> On 10/02/11 02:52, Giles Coochey wrote:
>> On 09/02/2011 15:46, nux@xxxxxx wrote:
>>> Fajar Priyanto writes:
>>>
>>>> Hi all,
>>>> Just wondering if VPN inside VPN is possible?
>>>> I've created PPTP VPN in the office.
>>>> Then from home, first I need to use company's official AT&T VPN.
>>>> Then after connected, I fire up the PPTP VPN client.
>>>> Got connected, but cannot ping the PPTP gateway, and half minute later
>>>> the PPTP got disconnected.
>>>> No obvious error message in the PPTP log.
>>> How is this related to centos?
>> quite.... but at first glance this looks like a MTU problem.
> Except that not even a tiny ping packet can get through.
>
> VPN inside a VPN should certainly work, although its very inefficient.
>
> Sounds more like a routing issue, perhaps a return route is missing?
>
> Perhaps the OP should sniff his tunnel end-point to see what, if
> anything, is making its way back.
>
> The OP should also care to include the output of the ping command,
> rather than saying "cannot ping the PPTP gateway".
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I would also look at routing.   When the second vpn comes up, it may be
configured to alter the routing table which would then try to route the
first vpn through the second and the second through the first. This is
often done intentionally since you don't want users connecting into a
secure network while simultaneously accessing a less secure resource. 
In fact when the client is connected, Internet traffic is often routed
through the VPN as well, so you know that everything they do is behind a
secure firewall.  You'd be amazed at the software I've seen users try to
install on their PC's and then connect to a secure network with.

Another problem is that pptp is udp only and cannot be tunneled through
a firewall easily like openvpn or ipsec, so if there is any kind of nat
going on when you connect through the first vpn, it won't work because
you won't get your packets back.  If you were able to use openvpn tcp or
IPSEC in a tcp tunneling configuration, it should work.

Nataraj

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux