Home » VPN Tutorial (Virtual Private Network)

VPN Pitfalls

Here are just a few of the snags that I've run into while using this system. I put them here so that you can hopefully avoid them.

If you run into any new ones, please email them to me so that I can keep track, and help others avoid them.

read: I/O error

This error is associated with mis-matched versions off pppd. If you get it, try upgrading both ends of the connection to the latest version of pppd. I've found that pppd version 2.2 has this problem, so use version 2.3.7 or 2.3.8 instead.

SIOCADDRT: Network is unreachable

This error is generated by route. I've seen it happen when the sleep time between ssh and ppd is not long enough. If you get this error, run ifconfig, and you may see that there is no pppX interface. This means that ssh was not done authenticating before pppd was launched, and therefore pppd did not make the connection. just increase the delay, and your problems will be solved.

I wonder however if there might be some pppd option that will fix this problem.

IPv4 Forwarding and 2.2 kernels

In the new 2.2 kernel, you must specifically enable IP forwarding in the kernel at boot up. This with the following command: 


# echo 1 > /proc/sys/net/ipv4/ip_forward

Without this, the kernel will not forward any packets, and hence the server will not work, nor will any of the gatewaying clients.

Routing

It should go without saying, but be careful when you are routing real numbers that you don't route traffic destined for the VPN server's external address through the tunnel. It won't make it. (yes, this is from personal experience.)

up
» printer-friendly version | login or register to post comments


offer OEM VPN hardware service

Submitted by ivanwang on Tue, 2006-06-06 07:33.
We, I-lacs technology co., LTD, Shenzhen, China, which was Established in 1992, is a high-tech company specialized in intelligent system equipment and industrial automatic control system equipment platform. There have more than 450 employees working for the company including more than 100 sales persons. The headquarter is in Shenzhen and many branches is set all over the China, such as in Beijing , Shanghai, Guangzhou. Also, we have many distributors in U.S.A, Japan, UK, France, Russia, Taiwan, and Hong Kong etc. As a combination of R&D, manufacture and sales, our main products has covered panel PC, workstation, human-machine interface, industrial full size & half size mainboard, single board computer,PC/104 CPU card, chassis, rugged PC, etc. at the same time, I-LACS offers OEM/ODM service to our customers. With the good performance and competitive price, our products sells well both in the mainland and overseas market. I-LACS is the first classic PC-based corporation in china. Our revenue has reached 20,000,000 USD last year. These years, Chinese IPC industry has experienced a high-speed developing period, the potential of this market have attracted many suppliers outside of China. Now, we are focusing on the embedded PC and high-performance panel PC & workstations. I-LACS is few of the companies who have the warrant to provide industrial PC to Chinese military. For accommodating the new demands from customer, we are looking forward to reputable partners around the world. We know your corporation from the internet and other ways, we’d like to know that you are interesting in Chinese market and your products has its unique characters which must have a bright future through our cooperation. It means, We, I-LACS tech. is asking for the authority as your distributor in Chinese area. Know more about I-LACS, please visiting our website: http://www.ilacs.cn/en/en/index.asp I, Ivan Wang, Oversea market contact window of I-LACS, am responsible for the cooperation project with our partners. So I write this letter sincerely to make the first contact. I am waiting for your kindly correspondence. Any question, please contact me. Your faithfully, Ivan Wang Sales Engineer Shenzhen I-Lacs Tech. Co., Ltd TEL:(0086) 0755-83755187 Mobile:(0086) 13510850765 Email:wang.fuyong@ilacs.cn
» login or register to post comments