Is the VPN machine directly connected to your LAN? I hope not or I have no idea what you are trying to achieve or what to do about it.

Assuming the VPN machine is not directly connected to your LAN then both LAN subnets are identical - 192.168.0.0/22 - (coincidence?). This cannot work and until you change your ClearOS subnet I can do nothing.

If you have only 10 users/devices, why have you gone for a /22 subnet and not the more usual (default) /24 subnet?

If it helps, I have 4 users and an embarrassing number of devices - about 18 with all the kids devices - and I use the 172.17.2.1/24 subnet. I have DHCP between 172.17.2.128 and 172.17.2.159 which is an exact subnet (172.17.2.128/27). I use static DHCP leases from 172.17.2.100 (don't ask why) for almost all devices so the DHCP range is hardly used (really only for new devices or guests), keep fixed IP's very low or high (printer = 172.17.2.3, WAP = 172.17.2.254) and have the PPTP VPN on local=172.17.2.80-89 and remote=172.17.2.90-99, so everything is easily in a /24 subnet with plenty of space to spare.

BTW I don't use the PPTP VPN any more, preferring OpenVPN for road warriors, as even Microsoft, who created the PPTP VPN, recommend people to avoid it because it is quite easily crackable. I know you have problems with OpenVPN as well but that would be my preferred solution.

[root@srv ~]# ifconfig | grep flags -A 1
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 5.2.134.213 netmask 255.255.252.0 broadcast 5.2.135.255
--
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.254 netmask 255.255.252.0 broadcast 192.168.3.255
--
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
--
pptp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1396
inet 192.168.2.1 netmask 255.255.255.255 destination 192.168.2.50
--
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
--
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
[root@srv ~]#

Nick Howitt wrote:

Looks like the ifconfig output has changed in 7.x. Try:<code>ifconfig | grep flags -A 1</code>Also the contents of /etc/clearos/network.conf.

Looks like the ifconfig output has changed in 7.x. Try:

ifconfig | grep flags -A 1

Also the contents of /etc/clearos/network.conf.

[root@srv ~]# ifconfig | egrep 'Link|Mask'
[root@srv ~]#

Nothing to display .

On the VPN :

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : srv.consolight.ro
Link-local IPv6 Address . . . . . : fe80::30da:83e1:a3c4:9623%19
IPv4 Address. . . . . . . . . . . : 192.168.0.239
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.2.254

PPP adapter VPN Connection Consolight:

Connection-specific DNS Suffix . : srv.consolight.ro
IPv4 Address. . . . . . . . . . . : 192.168.2.50
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0

Nick Howitt wrote:

What is the output of:
<code>ifconfig | egrep 'Link|Mask'</code>

Form your VPN client PC, what is the output of "ipconfig"?

What is the output of:

ifconfig | egrep 'Link|Mask'

Form your VPN client PC, what is the output of "ipconfig"?

I am very shure it is of the VPN configuration since :

PPP adapter VPN Connection Consolight:

Connection-specific DNS Suffix . : srv.consolight.ro
IPv4 Address. . . . . . . . . . . : 192.168.2.50
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0


Subnet Mask it is wrong , and the Gateway .

How can i change these setings of PPTP VPN the subnetmask and the gateway ?

RAzvan wrote:

Nick i know what you tell me , but i do not understand why the PPTP does not get the gateway .

Nick Howitt wrote:

I am totally confused at this stage and have no idea how you've got to where you are. Really you should not be using a beta product if you don't know what you are doing and cannot troubleshoot.

The PPTP server should be configured with a local and remote IP range (although it is not necessary). By default it is in the same range as your LAN. You've worked out how to change this and extend your LAN (as you now have a /23 subnet on your LAN) yet you don't know how to move your LAN. I find this odd.

How many users are you expecting?

In 6.x, to change the LAN subnet, you go to Webconfig > Network > IP Settings, then for your LAN NIC click edit and change the LAN IP. Then go to Webconfig > Network > DHCP Server and make sure the settings here are consistent with your LAN settings. It is probably better to do this in reverse the order as, when you change your LAN NIC IP, you may lose access to your server unless you manually assign your client an IP address.

When you set up your DHCP server, its IP range must at least exclude your LAN NIC IP and ideally exclude a few more IP addresses to allow you to set up more static IP's on you LAN, for example for network printers.

Only for 10 IP's , 10 stations .

Nick . i do not understand what exactly you try to tell me .

The DHCP is : 192.168.0.1 to 192.168.1.254
Gateway : 192.168.2.254


The PPTP it is : 192.168.2.1 - 49
192.168.2.50 - 99

What you mean exactly ?

Nick Howitt wrote:

I believe a gateway of 0.0.0.0 means it is locally connected, which it is, sort of, to the local LAN.

Please can you sort out your LAN subnetting so that the ClearOS and remote LAN subnets do not overlap and the PPTP IP ranges, which can be in the ClearOS LAN subnet, do not overlap or are not in the remote LAN subnet.

Also how many users/devices are you expecting on your LAN?

I believe a gateway of 0.0.0.0 means it is locally connected, which it is, sort of, to the local LAN.

Please can you sort out your LAN subnetting so that the ClearOS and remote LAN subnets do not overlap and the PPTP IP ranges, which can be in the ClearOS LAN subnet, do not overlap or are not in the remote LAN subnet.

Also how many users/devices are you expecting on your LAN?

Nick i know what you tell me , but i do not understand why the PPTP does not get the gateway .

Nick Howitt wrote:

I am totally confused at this stage and have no idea how you've got to where you are. Really you should not be using a beta product if you don't know what you are doing and cannot troubleshoot.

The PPTP server should be configured with a local and remote IP range (although it is not necessary). By default it is in the same range as your LAN. You've worked out how to change this and extend your LAN (as you now have a /23 subnet on your LAN) yet you don't know how to move your LAN. I find this odd.

How many users are you expecting?

In 6.x, to change the LAN subnet, you go to Webconfig > Network > IP Settings, then for your LAN NIC click edit and change the LAN IP. Then go to Webconfig > Network > DHCP Server and make sure the settings here are consistent with your LAN settings. It is probably better to do this in reverse the order as, when you change your LAN NIC IP, you may lose access to your server unless you manually assign your client an IP address.

When you set up your DHCP server, its IP range must at least exclude your LAN NIC IP and ideally exclude a few more IP addresses to allow you to set up more static IP's on you LAN, for example for network printers.

I am totally confused at this stage and have no idea how you've got to where you are. Really you should not be using a beta product if you don't know what you are doing and cannot troubleshoot.

The PPTP server should be configured with a local and remote IP range (although it is not necessary). By default it is in the same range as your LAN. You've worked out how to change this and extend your LAN (as you now have a /23 subnet on your LAN) yet you don't know how to move your LAN. I find this odd.

How many users are you expecting?

In 6.x, to change the LAN subnet, you go to Webconfig > Network > IP Settings, then for your LAN NIC click edit and change the LAN IP. Then go to Webconfig > Network > DHCP Server and make sure the settings here are consistent with your LAN settings. It is probably better to do this in reverse the order as, when you change your LAN NIC IP, you may lose access to your server unless you manually assign your client an IP address.

When you set up your DHCP server, its IP range must at least exclude your LAN NIC IP and ideally exclude a few more IP addresses to allow you to set up more static IP's on you LAN, for example for network printers.

As i see now after i am conecting to the PPTP server i see :

Even the Gateway wich it is 0.0.0.0 and the Subnet are wrong :


Becouse my DHCP it is :

Mask : 255.255.252.0

and the gatway 192.168.2.254


Habe any ideea how to fix ???


PPP adapter VPN Connection Consolight:

Connection-specific DNS Suffix . : srv.consolight.ro
IPv4 Address. . . . . . . . . . . : 192.168.2.50
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0

Gateway 0.0.0.0 ? Strange ? Why ? Propably thats why not working ?

RAzvan wrote:

Can you please give me more detailed . Becouse i do not know how to do that ...

Give me the right info and configuration if you can .

Nick Howitt wrote:

I don't know exactly what is wrong, but I said to change the whole LAN and not just the PPTP LAN.

Also, for PPTP, if you want internet traffic to go directly out through the local LAN rather than through the VPN, google "split tunnel pptp windows" and you will see how to do it. It is a simple check-box change, but by default with PPTP all traffic goes through the VPN.

Can you please give me more detailed . Becouse i do not know how to do that ...

Give me the right info and configuration if you can .

Nick Howitt wrote:

I don't know exactly what is wrong, but I said to change the whole LAN and not just the PPTP LAN.

Also, for PPTP, if you want internet traffic to go directly out through the local LAN rather than through the VPN, google "split tunnel pptp windows" and you will see how to do it. It is a simple check-box change, but by default with PPTP all traffic goes through the VPN.

I don't know exactly what is wrong, but I said to change the whole LAN and not just the PPTP LAN.

Also, for PPTP, if you want internet traffic to go directly out through the local LAN rather than through the VPN, google "split tunnel pptp windows" and you will see how to do it. It is a simple check-box change, but by default with PPTP all traffic goes through the VPN.

Listen :

The DHCP local ip it is from 192.168.0.1 to 192.168.1.254


The PPTP VPN i did changed as you told me : 192.168.200.1 to 192.168.200.49

And my gateway is 192.168.2.254 so have nothing to do wit the DHCP or the other ip's PPTP it is outside of that range ip's and still does not work ... I can not acces websites ...

Something it is stuck wit the PPTP VPN , the PPTP VPN it is the problem .


And why some pages work and only of couple of pages does not load ?

Nick Howitt wrote:

Once you connect the VPN you get a VPN IP in the range 192.168.2.x. Unfortunately this is in the range on the local LAN as well so does the client know to send the packets on the VPN or to the local LAN. Similarly return packets are a mess. I have normally used PPTP IP's in the same range as my LAN but outside the scope of the DHCP server (as it is configured by default). I have seen it configured your way as well, but with the clash of IP's at both ends of the tunnel I am not sure of the effects.

Once you connect the VPN you get a VPN IP in the range 192.168.2.x. Unfortunately this is in the range on the local LAN as well so does the client know to send the packets on the VPN or to the local LAN. Similarly return packets are a mess. I have normally used PPTP IP's in the same range as my LAN but outside the scope of the DHCP server (as it is configured by default). I have seen it configured your way as well, but with the clash of IP's at both ends of the tunnel I am not sure of the effects.

THe problem it is something have to do wit PPTP VPN , since does not work after i conect to vpn ... Isn't that corect ?


Why when i am not conected it is working well and after i connect to VPN it does not working ...

RAzvan wrote:

DO you think will work ?

Becouse as i see will not work ...

Even if i change the DHCP and the PPTP will still not work :


I mean if i will conec tto vpn and try to acces any website will not load ... same bug ...

It's not something from ip . I can even change the pptp vpn but will not work .

It is really a bug of clearos something that filter or block ... https some couple of pages somehow ...

Nick Howitt wrote:

Ideally you need to change the LAN subnet of ClearOS to something else e.g. 192.168.200.1/23. you can use any subnets in the 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 ranges.

For your DHCP server I'd also leave a few IP's spare to be able to allocate as static IP's rather than use the whole range for DHCP.

DO you think will work ?

Becouse as i see will not work ...

Even if i change the DHCP and the PPTP will still not work :


I mean if i will conec tto vpn and try to acces any website will not load ... same bug ...

It's not something from ip . I can even change the pptp vpn but will not work .

It is really a bug of clearos something that filter or block ... https some couple of pages somehow ...

Nick Howitt wrote:

Ideally you need to change the LAN subnet of ClearOS to something else e.g. 192.168.200.1/23. you can use any subnets in the 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 ranges.

For your DHCP server I'd also leave a few IP's spare to be able to allocate as static IP's rather than use the whole range for DHCP.

Ideally you need to change the LAN subnet of ClearOS to something else e.g. 192.168.200.1/23. you can use any subnets in the 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 ranges.

For your DHCP server I'd also leave a few IP's spare to be able to allocate as static IP's rather than use the whole range for DHCP.

And what shoud i do then ?

What it was needed to be done ?

Nick Howitt wrote:

Your local and remote subnets overlap which is a very bad idea when using VPN's. If you want to use VPN's into ClearOS you really want to avoid 192.168.0.0/24 and 192.168.1.0/24 on your ClearOS LAN as they are too commonly used as the default on other LANs.

Your local and remote subnets overlap which is a very bad idea when using VPN's. If you want to use VPN's into ClearOS you really want to avoid 192.168.0.0/24 and 192.168.1.0/24 on your ClearOS LAN as they are too commonly used as the default on other LANs.

192.168.0.1 - 192.168.1.254 it is the clear os lan DHCP .

And my pc station have ip :

Connection-specific DNS Suffix . : srv.consolight.ro
Link-local IPv6 Address . . . . . : fe80::30da:83e1:a3c4:9623%19
IPv4 Address. . . . . . . . . . . : 192.168.1.77
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.2.254

Nick Howitt wrote:

I know those but you have not clarified here or in your other post. Is 192.168.0.1 to 192.168.1.254 the ClearOS LAN? If it is, what is the LAN or IP address of your client when not connected to the VPN?

I know those but you have not clarified here or in your other post. Is 192.168.0.1 to 192.168.1.254 the ClearOS LAN? If it is, what is the LAN or IP address of your client when not connected to the VPN?

VPN - PPTP

local DHCP it is from ip : 192.168.0.1 to 192.168.1.254
Gateway 192.168.2.254
DNS 1 : 213.154.124.1
DNS 2 : 193.231.252.1



PPTP VPN :
Local IP Range 192.168.2.1-49
Remote IP Range 192.168.2.50-99
DNS Server 213.154.124.1

Nick Howitt wrote:

What sort of VPN? What are your local and remote LAN subnets?

What sort of VPN? What are your local and remote LAN subnets?