[ previous ] [ next ] [ threads ]
 From:  Will Dyson <will dot dyson at gmail dot com>
 To:  Carlo Landmeter <clandmeter at gmail dot com>
 Cc:  Chris Buechler <cbuechler at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] I don't want to go back using Cisco....
 Date:  Thu, 26 May 2005 02:27:17 -0400
On 5/24/05, Carlo Landmeter <clandmeter at gmail dot com> wrote:
> I have tried using the Cisco to Cisco vpn tunnel and windows 2003 vpn
> client to connect to another m0n0wall without success.
> If anyone can help me/give advise to analyse the traffic that would be nice.
> Attached you will find my config which I discussed in my previous mail.

Config certainly looks correct for a routed subnet.

You implied but did not directly state that you have tested accessing
(from a remote network) some tcp based service on the vpn machine.

Was your vpn client on the same network when you sucessfully tested
the pptp server on the router that you were when you made the failed
tests to vpn servers in your DMZ? Some PNAT implementations have code
to allow a single GRE tunnel to traverse them. Others do not.

You could add logging pass rules  in each direction for GRE packets to
the router to verify that they are going through (before the default
pass rule).

Beyond that, I suggest you investigate the logs of your vpn client and
vpn server.

Will Dyson