[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  Mitchel Kagawa <mitchel at unstupid dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP client and server on same subnet...
 Date:  Wed, 27 Oct 2004 23:40:47 -0700
Mitchel,

> I recently set up a  monowall firewall at my office and am trying to get
> the PPTP vpn server working.  The problem I'm running into is that my
> office subnet is set to the very popular 192.168.1.x.  This ofcourse is
> the default setting that linksys, and may other, routers are set to.  So
> when I log into the VPN from my home network (via my linksys router and
> it's 192.168.1.x subnet) it doesn't work, of course. Changing my home
> network to something like 192.168.0.x solved the problem for myself, but
> we have many people who travel and log in via networks that they have no
> control over.  So next you are going to tell me to change my office
> network to something obscure like 192.168.87.x right?  Well that is
> easier said than done because our office network consists of  at least
> 10 servers, 6 printers, 4 access points, 2 dhcp servers, 1 wireless
> bridge and a partridge in a pear tree.  Reconfiguring our network would
> be difficult, especially reconfiguring  each computer to recognize the
> new static ip of the printers.  So my questions ars... Is there any
> other way  to get this vpn to work?  Will the new software with OpenVPN
> solve this?  Do I have to reconfigure my subnet?

Well, this is an interesting thing I ran into also in locations that I
travel to.  I use a 10.A.B.x/24 subnet as LAN for my m0n0.  I often
end up in places that use 10.x.x.x/8, the full class A.  I figured out
a type of hack job in terms of how to get around the fact that the
full class A encapsulates just my subnet.

I haven't particularly confirmed that this works in other
environments, but I've gotten it working on my mobile computer at
least.  I run WinXP.  Now, I take the DHCP assigned address on the
remote network, copy down all the details, and then change it to
static with exactly the same details.  GW, DNS, IP, everything but the
subnet mask.  I shift the subnet mask in such a way that it doesn't
overlap with the internal LAN of the m0n0 I try to connect to.

Now, after doing this, you'll probably run into the situation where
your subnet is different than your gateway's.  I've always wondered
how this could still work, but it does.  With most applications this
is OK... Windows somehow finds the gateway.  I'm aware win98 also
displays this property.  It also shows when you set the gateway to the
IP of the machine you're on.  If someone could explain why it works to
me... I'm listening...

Anyhow, that's how I get it to work.  When I'm done with the PPTP I
flip it back to DHCP.  It's quite a pain you could say, but at least
it patches up the problem ;)


> Also one other question... when I log into the vpn from home and do an
> 'ipconfig -all' it lists the ip address of  the firewall/pptp server as
> one of the DNS servers.  Where on the monowall can I edit the DNS
> settings and push some custom entries like 'fileserver --> 192.168.1.253'.

Think of PPTP as a "dial-up" connection.  All the traffic that will be
sent will be sent thru the dialup connection.  Everything except for
traffic destined for the local LAN (in respects to the client).  If
you have DHCP giving you m0n0's address, you have DNS forwarder on. 
Otherwise it gives you whatever the DNS settings set in the General
screen.

Hope that helps :D


/sylikc