On Thu, 03 Mar 2005 22:05:50 +0100, Manuel Kasper <mk at neon1 dot net> wrote:
> On 03.03.2005 15:36 -0500, Chris Buechler wrote:
> 
> > A whole lot of us are having some sort of problems with it.  It's
> > not the traffic getting dropped, I can telnet to 1723 on my m0n0
> > box, but PPTP won't successfully connect.  Full logs from mpd from
> > a single connection attempt from an XP client at the bottom of this
> > message.  Client gets error 619.
> 
> > Mar 3 15:32:01        mpd: [pt0] error writing len 42 frame to bypass:
> > Can't assign requested address
> 
> And this is the problem (I think). I've had that happen a single time
> when I was testing PPTP VPN in 1.2b5, but couldn't reproduce it
> again. I searched the MPD mailing list and Google, but to no avail.
> Could be triggered by some changes to netgraph in 5.3-RELEASE...
> Maybe someone could place a post on the MPD mailing list to ask if
> that's a known problem.
> 

1 - I'm an idiot.  :)  My problem description was totally wrong.  The
error above is caused by NAT implementations that aren't setup
properly for, or don't work with PPTP.  Sorry for the confusion.

2 - The real problem is with traffic shaper enabled, and any traffic
shaping rules inbound on WAN matching * proto, * src and * dst,
m0n0wall no longer answers on port 1723 at all.

To replicate:  Enable magic shaper with default rules, enable PPTP,
try to telnet to 1723 on WAN.  Won't work.  PPTP will work from LAN. 
Disable the rules "m_Small Pkt Download" and "m_Catch-All Download"
(only two that match previous criteria) and it will immediately work
again.

Nothing in the logs or netstat when trying to connect with any rules
matching the above criteria enabled.  tcpdump on the WAN side of
m0n0wall shows the traffic coming in, and absolutely nothing going out
in return.

Thanks to Brian Zushi (a.k.a. D-side) for helping me test and verify
this on a second system.

Hopefully that's more helpful!  

-Chris