with the release of m0n0wall pb6, there's finally (preliminary) VPN
support in m0n0wall! Yes, there's a PPTP server now that can handle 16
concurrent sessions and uses proxy ARP so you can assign IP addresses from
your LAN subnet to your PPTP clients transparently!
Setting up PPTP is straightforward:
- upgrade to pb6
- enable the PPTP server
- enter a server address (from LAN subnet; != LAN IP address)
- enter the remote client subnet (should be part of the LAN subnet)
- add PPTP users, apply changes
- add a firewall rule to permit traffic from PPTP clients
- connect! (to m0n0wall's WAN IP address)
Your PPTP client should get an IP address from the remote client subnet
and should be able to reach all hosts through m0n0wall as if it were
physically connected to the LAN port.
There's a caveat, however (there always is...): I don't know if it's just
me, but it seems like MPD (which is used for the PPTP server) has problems
with Windows XP. I can connect from XP, and the first few packets go
through OK, but then packet loss starts to increase (over an otherwise
loss-free connection) up to the point where almost no packets go through
anymore. Windows 2000 and Mac OS X clients do not experience this problem.
I wonder if anybody can confirm this behavior (and if there is a fix?).
I've tried various settings (MTU [though this should not matter with
pings], encryption [stateless/no encryption at all], multilink on/off),
but to no avail.
I did some Googling and found that others have the same problem, but the
solutions listed did not work for me. Gosh... seems like I'll have to do
some work with Ethereal to find out what's going on.
On a side note, the mysterious MPD (& DHCPD?) crashes are not solved in
pb5/pb6 - MPD still crashes on my production m0n0wall every 3-5 days. I
have installed a modified version of truss on that m0n0wall now to watch
mpd. I'll be damned if it doesn't just get a SIGKILL - the question is
just where from.