On 02/09/2011 09:35 AM, Cameron Kerr wrote: > On 10/02/11 02:52, Giles Coochey wrote: >> On 09/02/2011 15:46, nux@xxxxxx wrote: >>> Fajar Priyanto writes: >>> >>>> Hi all, >>>> Just wondering if VPN inside VPN is possible? >>>> I've created PPTP VPN in the office. >>>> Then from home, first I need to use company's official AT&T VPN. >>>> Then after connected, I fire up the PPTP VPN client. >>>> Got connected, but cannot ping the PPTP gateway, and half minute later >>>> the PPTP got disconnected. >>>> No obvious error message in the PPTP log. >>> How is this related to centos? >> quite.... but at first glance this looks like a MTU problem. > Except that not even a tiny ping packet can get through. > > VPN inside a VPN should certainly work, although its very inefficient. > > Sounds more like a routing issue, perhaps a return route is missing? > > Perhaps the OP should sniff his tunnel end-point to see what, if > anything, is making its way back. > > The OP should also care to include the output of the ping command, > rather than saying "cannot ping the PPTP gateway". > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos I would also look at routing. When the second vpn comes up, it may be configured to alter the routing table which would then try to route the first vpn through the second and the second through the first. This is often done intentionally since you don't want users connecting into a secure network while simultaneously accessing a less secure resource. In fact when the client is connected, Internet traffic is often routed through the VPN as well, so you know that everything they do is behind a secure firewall. You'd be amazed at the software I've seen users try to install on their PC's and then connect to a secure network with. Another problem is that pptp is udp only and cannot be tunneled through a firewall easily like openvpn or ipsec, so if there is any kind of nat going on when you connect through the first vpn, it won't work because you won't get your packets back. If you were able to use openvpn tcp or IPSEC in a tcp tunneling configuration, it should work. Nataraj _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos