<HTML ><HEAD ><TITLE >Pitfalls</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="VPN HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Addenda" HREF="c671.html"><LINK REL="PREVIOUS" TITLE="Addenda" HREF="c671.html"><LINK REL="NEXT" TITLE="Hardware and Software Requirements" HREF="x700.html"></HEAD ><BODY CLASS="sect1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >VPN HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="c671.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 6. Addenda</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="x700.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="sect1" ><H1 CLASS="sect1" ><A NAME="pitfalls">6.1. Pitfalls</H1 ><P > Here are just a few of the snags that I've run into while using this system. I put them here so that you can hopefully avoid them. If you run into any new ones, please <A HREF="mailto:matthew@shinythings.com" TARGET="_top" > email them to me</A > so that I can keep track, and help others avoid them.</P ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="AEN677">6.1.1. read: I/O error</H2 ><P > This error is associated with mis-matched versions off pppd. If you get it, try upgrading both ends of the connection to the latest version of pppd. I've found that pppd version 2.2 has this problem, so use version 2.3.7 or 2.3.8 instead. </P ></DIV ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="AEN680">6.1.2. SIOCADDRT: Network is unreachable</H2 ><P > This error is generated by <B CLASS="command" >route</B >. I've seen it happen when the sleep time between <B CLASS="command" >ssh</B > and <B CLASS="command" >ppd</B > is not long enough. If you get this error, run <B CLASS="command" >ifconfig</B >, and you may see that there is no pppX interface. This means that <B CLASS="command" >ssh</B > was not done authenticating before <B CLASS="command" >pppd</B > was launched, and therefore <B CLASS="command" >pppd</B > did not make the connection. just increase the delay, and your problems will be solved. </P ><P > I wonder however if there might be some pppd option that will fix this problem. </P ></DIV ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="ipv4forwarding">6.1.3. IPv4 Forwarding and 2.2 kernels</H2 ><P > In the new 2.2 kernel, you must specifically enable IP forwarding in the kernel at boot up. This with the following command: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > # echo 1 > /proc/sys/net/ipv4/ip_forward </PRE ></FONT ></TD ></TR ></TABLE ><P > Without this, the kernel will not forward any packets, and hence the server will not work, nor will any of the gatewaying clients. </P ></DIV ><DIV CLASS="sect2" ><H2 CLASS="sect2" ><A NAME="AEN696">6.1.4. Routing</H2 ><P > It should go without saying, but be careful when you are routing real numbers that you don't route traffic destined for the VPN server's external address through the tunnel. It won't make it. (yes, this <EM >is</EM > from personal experience.) </P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="c671.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x700.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Addenda</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="c671.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Hardware and Software Requirements</TD ></TR ></TABLE ></DIV ></BODY ></HTML >