[ previous ] [ next ] [ threads ]
 
 From:  "Roy Walker" <rwalker at miracomnetwork dot com>
 To:  "Vincent Fleuranceau" <vincent at bikost dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PPTP VPN - Beta 1.2b7
 Date:  Wed, 30 Mar 2005 16:35:59 -0600 
I have found the issue.  I was testing behind a m0n0wall 1.11 box, connecting to either a m0n0wall
1.2b7 or to a test pfsense box, it gives me an error.  Those same boxes work when I am behind a
1.2b7 box.

Is there a known issue with using PPTP behind a 1.11 m0n0wall?

Roy

-----Original Message-----
From: Vincent Fleuranceau [mailto:vincent at bikost dot com] 
Sent: Tuesday, March 29, 2005 4:04 PM
To: Roy Walker
Subject: Re: [m0n0wall] PPTP VPN - Beta 1.2b7

Roy Walker a écrit :
> I get an Error 619: A connection could not be established...
> 
> Did you make any changes that you didn't do in 1.X?
> 

Hi,

I don't know exactly what the 619 Error is... As long as I can remember, 
I got Error 629 with 1.2b5 and 1.2b6, but I'm not even 100% sure. My 
Win98 box logs nothing (at least I have not been able to find the logfile).

If it can help you, here is my running setup:

m0n0wall:
-> LAN = 192.168.1.254
-> WAN = A.B.C.D (useless)

PPTP:
-> Server = 192.168.10.254
-> Clients = 192.168.10.0/28

NOTE: I know I should have NOT used the fisrt /28 range within that 
subnet because the 192.168.0.0 adrress is not usable, but I only have 
one client with assigned IP, see below.

Sample PPTP user:
-> Username = test
-> Password = test
-> IP = 192.168.10.1 (assigned)


<pptpd>
   <mode>server</mode>
   <redir/>
   <localip>192.168.10.254</localip>
   <remoteip>192.168.10.0</remoteip>
   <radius>
     <server/>
     <secret/>
   </radius>
   <req128/>
   <user>
     <name>test</name>
     <ip>192.168.10.1</ip>
     <password>test</password>
   </user>
</pptpd>



Rules:

<rule>
   <type>pass</type>
   <interface>pptp</interface>
   <source>
     <network>pptp</network>
     </source>
   <destination>
     <any/>
   </destination>
   <descr>PPTP traffic</descr>
</rule>


This rule is extremly permissive: PPTP clients can reach whatever they 
want. But it's rather useful for debugging...

The clue is that this rule is defined on the PPTP interface, not the WAN 
or the LAN interface. I hope this is your mistake and now you're happy 
with PPTP ;-)


On my Windows 98 client, I use the folowing settings:

-> ROUTE ADD 192.168.1.0 255.255.255.0 192.168.10.254

(Be carefull: the gateway is the PPTP server's IP adress. As with all 
PPP, PPPoE or PPTP links the remote end of the link is considered as local.)

-> I've configured the TCP/IP parameters of the VPN connection NOT TO 
use the remote WAN interface as my default gateway. I mean I have set 
this setting to OFF whereas the default is ON (Windows + MAc OS X).

-> I use 128-bit encryption [checked on m0n0wall]

I hope you'll find the solution. Please let me know if it does work or not.

Cheers,

-- Vincent

PS: I live in France and it's rather late here. I need to sleep a bit 
;-) I'll get back to you tomorrow.