VPN client issue (subnet mask cannot be set to 0.0.0.0)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. configure VPN client
2. enter 0.0.0.0 as subnet mask

What is the expected output? What do you see instead?

I expect to direct all traffic through VPN, but I see message "0.0.0.0 is not a 
valid IP address"

What version of the product are you using? On what operating system?
3.4.3.6-066

Original issue reported on code.google.com by ilia.ost...@gmail.com on 29 Aug 2013 at 3:26

[GoogleCodeExporter]

Remote LAN subnet is also set to 0.0.0.0

Original comment by ilia.ost...@gmail.com on 29 Aug 2013 at 3:30

[GoogleCodeExporter]

0.0.0.0 is not a valid IP address

Original comment by Dr.Sydorenko.O on 30 Aug 2013 at 1:06

[GoogleCodeExporter]

So what is the solution to pass all traffic through VPN?

Original comment by ilia.ost...@gmail.com on 30 Aug 2013 at 1:08

[GoogleCodeExporter]

You can use "Run script after (dis)connect to VPN server: "

Original comment by Dr.Sydorenko.O on 30 Aug 2013 at 4:11

[GoogleCodeExporter]

To ilia.ostroumov. 

"Remote LAN subnet" fields intended only for static route. To redirect all 
traffic through PPP VPN client, you needed add the default gateway via ppp5 
interface. Please use "Run script after (dis)connect to VPN server:" for this.

Original comment by andy.pad...@gmail.com on 31 Aug 2013 at 1:04

[GoogleCodeExporter]

Hi, 

You write 
"To redirect all traffic through PPP VPN client, you needed add the default 
gateway via ppp5 interface. Please use "Run script after (dis)connect to VPN 
server:" for this."

How is this done? I am a newbie, and would be happy for any help here, as I 
also want to pass all traffic through VPN.

Thanks :-)
Christian

Original comment by christia...@gmail.com on 31 Aug 2013 at 6:54

[GoogleCodeExporter]

You can find option "Run script after (dis)connect to VPN server:" at page 
http://my.router/vpncli.asp

Original comment by Dr.Sydorenko.O on 1 Sep 2013 at 1:16

[GoogleCodeExporter]

Hi Dr. Sydorenko,

Thanks for the reply :-) :-)

I found the option  "Run script after (dis)connect to VPN server:", but what 
script do I need to run? is there a script that passes all traffic though the 
VPN?

Kind regards,
Christian

Original comment by christia...@gmail.com on 1 Sep 2013 at 1:25

[GoogleCodeExporter]

add to func_ipup body:

func_ipup()
{
  route add default gw $IPREMOTE metric 3 dev $IFNAME
}

add to func_ipdown body:

func_ipdown()
{
  route del default gw $IPREMOTE metric 3 dev $IFNAME
}

Original comment by andy.pad...@gmail.com on 1 Sep 2013 at 2:08

[GoogleCodeExporter]

I tried everything. I modified the "Run script after (dis)connect to VPN 
server:" script like instructed above. The VPN client connects fine, but my 
local wireless traffic still doesn't go out using the VPN. Can someone please 
give a detailed example of how to use this? 

Thank you!

Original comment by ioang...@gmail.com on 5 Sep 2013 at 4:25

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

What example?? You are guided on how to make it work. If it doesn't, then show 
some settings, log errors first... e.g. routing tables on client and server 
devices etc. I'm not sure, but it seems there are no magicians here ))
Eeemmmmm, let's assume that you use same networks, but they should be different 
(for example 192.168.1.0/24 - server network, and 192.168.5.0/24 - client 
network). You won't get it work if server and client ip addresses are equal 
(192.168.1.1 by default)

Original comment by d...@soulblader.com on 5 Sep 2013 at 9:12

[GoogleCodeExporter]

And... how do you understand that local traffic is not being forwarded through 
VPN?..

Original comment by d...@soulblader.com on 5 Sep 2013 at 9:15

[GoogleCodeExporter]

I'm connecting to tunnelr VPN service which provides PPTP. If I start the VPN 
connection from my windows machine and I check my public IP, it would be the 
one that tunnelr service provided me.

Now if I connect using the router's client to tunnelr pptp service, I can see 
in the router's logs that the connection was established:

Sep  6 03:44:26 pppd[992]: Plugin pptp.so loaded.
Sep  6 03:44:26 pppd[992]: PPTP plugin version 0.8.5 compiled for pppd-2.4.5
Sep  6 03:44:26 pppd[993]: pppd 2.4.5 started by admin, uid 0
Sep  6 03:44:27 pppd[993]: Using interface ppp5
Sep  6 03:44:27 pppd[993]: Connect: ppp5 <--> pptp (31.143.133.168)
Sep  6 03:44:29 pppd[993]: CHAP authentication succeeded
Sep  6 03:44:29 pppd[993]: MPPE 128-bit stateless compression enabled
Sep  6 03:44:33 pppd[993]: local  IP address 10.0.23.253
Sep  6 03:44:33 pppd[993]: remote IP address 10.0.16.1
Sep  6 03:44:33 pppd[993]: primary   DNS address 10.0.16.1
Sep  6 03:44:33 pppd[993]: secondary DNS address 10.0.16.1
Sep  6 03:44:33 dnsmasq[433]: read /etc/hosts - 3 addresses
Sep  6 03:44:33 dnsmasq[433]: read /etc/storage/dnsmasq/hosts - 0 addresses
Sep  6 03:44:33 dnsmasq[433]: using nameserver 10.0.16.1#53

The "Run script after (dis)connect to VPN server:" is as follows:

#!/bin/sh

peer_lan="192.168.1.0"
peer_msk="255.255.255.0"

func_ipup()
{
   route add default gw $IPREMOTE metric 3 dev $IFNAME
}

func_ipdown()
{
   route del default gw $IPREMOTE metric 3 dev $IFNAME
}

case "$1" in
up)
  func_ipup
  ;;
down)
  func_ipdown
  ;;
esac

Now if I check my public IP, it's still the one that's not behind the VPN, the 
IP that my ISP provided.

I know that there is something I'm doing wrong, but I'm not sure what.

Original comment by ioang...@gmail.com on 6 Sep 2013 at 3:52

[GoogleCodeExporter]

Greetings, in the end you may use:
iptables -t nat -A POSTROUTING -o <INTERFACE_NAME> -j MASQUERADE

Original comment by asdar...@gmail.com on 8 Sep 2013 at 3:53

[GoogleCodeExporter]

There is an issue with this script - it is reset to default after reboot

Original comment by ilia.ost...@gmail.com on 19 Sep 2013 at 8:07

[GoogleCodeExporter]

Hello, not sure if you're still having this problem, but I had to mess with the 
routing table on the router. I was doing it manually, but I'll try to script it 
sooner rather than later.

Once the VPN is connected, you need to do this:
1) Add a route to your VPN server (31.143.133.168) and force it to use your 
ISP's address default gateway (ex: 1.1.1.1)
route add -net 31.143.133.168 netmask 255.255.255.255 gw 1.1.1.1

2) if you aren't using the above script, you need to add the default route 
through the VPN
route add default gw 10.0.16.1 metric 3 

3) Since the metric for the above route is higher than the one provided by your 
ISP, you need to delete the existing route.
route del default gw 1.1.1.1

Your traffic should now be all routed over the VPN.

When you take the VPN down, you will need to do this:
1) delete the route through the VPN (if it's not already gone)
route del default gw 10.0.16.1

2) Add the default ISP route back (the one you deleted in step 3, above
route add default gw 1.1.1.1

I don't have access to my router from here, so I haven't tested the commands, 
but that should be the gist of it.

Hope this helps.
Marc

Original comment by mra...@gmail.com on 25 Sep 2013 at 1:40

[GoogleCodeExporter]

Here's the quick script I've been using this evening. If anyone has any 
suggestions to improve it, I am all ears:

#!/bin/sh

### Custom user script
### Called after internal VPN client connected/disconnected to remote VPN server
### $1        - action (up/down)
### $IFNAME   - tunnel interface name (e.g. ppp5)
### $IPLOCAL  - tunnel local IP address
### $IPREMOTE - tunnel remote IP address
### $DNS1     - peer DNS1
### $DNS2     - peer DNS2

# private LAN subnet behind a remote server (example)
peer_lan="192.168.99.0"
peer_msk="255.255.255.0"

### example: add static route to private LAN subnet behind a remote server

func_ipup()
{
ISP_GW=$(route -n | grep "^0\.0\.0\.0" | awk '{print $2}')
VPN_ENDPOINT=$(grep pptp_server /tmp/ppp/options.vpnc  | tr -d \' | awk 
'{print $2}')

#delete the default route
route del default gw $ISP_GW
# add specific route for VPN host
route add -net $VPN_ENDPOINT netmask 255.255.255.255 gw $ISP_GW
#add the new default route through the VPN
route add default gw $IPREMOTE
}

func_ipdown()
{
VPN_ENDPOINT=$(grep pptp_server /tmp/ppp/options.vpnc  | tr -d \' | awk 
'{print $2}')
ISP_GW=$(route -n | grep "^$VPN_ENDPOINT" | awk '{print $2}')

route del default gw $IPREMOTE
route del -net $VPN_ENDPOINT netmask 255.255.255.255 gw $ISP_GW
route add default gw $ISP_GW
}

case "$1" in
up)
  func_ipup
  ;;
down)
  func_ipdown
  ;;
esac

Original comment by mra...@gmail.com on 26 Sep 2013 at 1:27

[GoogleCodeExporter]

Hi Marc, 
Thank  you for the help. #17 works.
I tried the #18 script, but something didn't work. I didn't have time to see 
what.

Original comment by ioang...@gmail.com on 1 Oct 2013 at 8:19

[GoogleCodeExporter]

After trying #17, #18 none of those work for me.

I have DNS VPN server that I connect to.

If I try those commands to get the VPN Server and ISP Gateway

func_ipup()
{
   ISP_GW = correct one
   VPN_ENDPOINT = correct one (if VPN has been connected)
}

func ipup()
{
   ISP_GW = will give me a list of first (0) VPN gateway, (2) ISP Gateway
   VPN_ENDPOINT = correct
}

Also tried both "orders" since they're different from #17 and #18 (delete ISP 
GW first and last on the other for example)

It will "try" to connect to the VPN, but if I then decide to cancel it it I 
have to disable VPN Client and reboot the router completely.
Also, the router becomes very unresponsible when trying to connect to the VPN.

So, I don't have I fixed VPN IP Address, since it's a DNS Server.
I might not have a fixed Gateway IP from the DNS Server.

Neither solution worked for me.

Error log:

Jan  1 00:00:16 pppd[577]: Using interface ppp5
Jan  1 00:00:16 pppd[577]: Connect: ppp5 <--> pptp (#)
Jan  1 00:00:16 pppd[577]: CHAP authentication succeeded
Jan  1 00:00:16 pppd[577]: MPPE 128-bit stateless compression enabled
Jan  1 00:00:19 pppd[577]: local  IP address $IP_FROM_VPN
Jan  1 00:00:19 pppd[577]: remote IP address $GW_FROM_VPN
Jan  1 00:00:19 pppd[577]: primary   DNS address $DNS_PRIMARY
Jan  1 00:00:19 pppd[577]: secondary DNS address $DNS_SECONDARY
Jan  1 00:00:26 NTP Scheduler: Synchronizing time to pool.ntp.org.
Jan  1 00:02:09 NTP Scheduler: Synchronizing time to time.nist.gov.
Jan  1 00:02:37 pppd[577]: No response to 6 echo-requests
Jan  1 00:02:37 pppd[577]: Serial link appears to be disconnected.
Jan  1 00:02:37 pppd[577]: Connect time 2.3 minutes.
Jan  1 00:02:37 pppd[577]: Sent 1020376421 bytes, received 0 bytes.
Jan  1 00:02:37 pppd[577]: MPPE disabled
Jan  1 00:02:40 pppd[577]: Connection terminated.
Jan  1 00:02:40 pppd[577]: Modem hangup

I have also tried changing between (for whatever it's worth)

peer_lan="192.168.1.0"
peer_lan="192.168.9.0"
peer_lan="192.168.99.0"

It says "connected" when I remove the script completely. So it connects, but it 
can't be routed so the router send everything through the VPN.

Original comment by wiberg.j...@gmail.com on 14 Oct 2013 at 4:27