[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Goetz Goerisch <ggoerisch at gmx dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP Pass-Through broken [1.2b2/3]
 Date:  Sat, 15 Jan 2005 22:12:52 +0100
On 15.01.2005 09:31 +0100, Goetz Goerisch wrote:

> I have found today, that the PPTP Pass-Through in the default 
> configuration is partly broken with 1.2b1 and completely broken
> with  1.2b2/3.

If it's completely broken, how come it works for me then? (1.2b3)

> Was there something changed, that one has to add some NAT/FW rules
> to  allow PPTP Pass-Through explicit?

Can't remember making any changes that would produce this issue.
However, when using PPTP pass-through, always remember this: ipnat
does not treat PPTP's GRE tunnels specially, which means that you can
only have one concurrent connection to any given PPTP server on WAN
(and before anyone suggests it, no, last time I checked pf didn't do
this either; ipfilter 4 does, though, but it doesn't look mature
yet). I.e. it's not possible for two different clients on your LAN to
connect to the same PPTP server on WAN at the same time. This also
means that after disconnecting from a PPTP server, it takes a few
minutes for the NAT table entry to expire until you can connect to
the same PPTP server with a different client.

> I'm pleased to help to nail-down this issue. m0n0wall is such a
> wonderful  product.

Check the filter logs for signs of blocked packets that should have
been passed. Use a packet sniffer on both the LAN and WAN sides of
your m0n0wall and watch for GRE and TCP port 1723 traffic to find out
what's going wrong.

- Manuel