1

I have a router running DD-WRT with a PPTP Server working fine, but every PPTP client gets assigned IP like this one:

IPv4 Address  . . . . . . . . . . . . : 192.168.210.2
Subnet Mask . . . . . . . . . . . . : 255.255.255.255

As long as I know, that kind of mask does not allow the clients to connect between them.
I can configure the clients to manual IP, so they have IPs like:

IPv4 Address. . . . . . . . . . . . . . : 192.168.210.2
Subnet Mask . . . . . . . . . . . . . . : 255.255.255.0

But it would be nice if the server could assign automatically that network mask via DHCP. I have not found such option at DD-WRT documentation.
Does anyone knows about any way to configure it?

Sopalajo de Arrierez
  • 6,603
  • 11
  • 63
  • 97

1 Answers1

2

VPN connections are point-to-point connections in encrypted tunnels. On a point-to-point connection, an "all (binary) ones" (i.e. /32, 255.255.255.255) subnet mask is correct.

A /24 subnet mask (255.255.255.0) would only be correct if you had up to 254 devices on the same shared-medium data-link-layer (layer 2) network, such as an Ethernet LAN.

If your VPN clients can't talk to each other, it's because your VPN server isn't being a good router and routing the traffic correctly between the VPN links. Look at your route tables and firewall rules and your VPN server software configuration and see if you can determine why packets aren't being routed between VPN links.

Spiff
  • 101,729
  • 17
  • 175
  • 229
  • After some time with this issue, I have tested **OpenVPN** on Linux (server and client(s)), and the behavior is just the same: `ifconfig ppp0 netmask 255.255.255.0` on clients starts ping response (between clients), and `ifconfig ppp0 netmask 255.255.255.255` stops ping response. So, it is not just a matter of the router/server. – Sopalajo de Arrierez Jun 28 '15 at 22:54
  • Answer found for OpenVPN, Spiff :-) : http://superuser.com/questions/933938/openvpn-how-can-i-assign-specific-netmask-for-clients-from-server-side . Lets hope some day we will find it for PPTP. – Sopalajo de Arrierez Jun 28 '15 at 23:42
  • Yes, default behavior is that clients can't communicate each other, because pptp assigns an IP address with /32 netmask so the only machine you can address is the pptp server itself. I doesn't find any settings in pptp server to assign client other netmask than /32, but if you does it manually on clients (change to /24 or other you need) and enables the ip forwarding "net.ipv4.ip_forward = 0" in sysctl (or exec "echo 1 > /proc/sys/net/ipv4/ip_forward" to take the effect immediatly) in this chase machines can reach each other, just like in a "regualr network". – Dankó Dávid Dec 17 '15 at 12:54
  • Note that accessing internet over pptp server needs MASQUERADE rule inserted into the linux firewall to achieve traffic translation between different networks (http://www.tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/) and default gateway on client routed into the pptp tunnel. – Dankó Dávid Dec 17 '15 at 12:57