Re: [m0n0wall] PPTP with NATed clients - Anyone that got it working?

From:	sylikc <sylikc at gmail dot com>
To:	Jonas Claesson <jonas dot claesson at home dot se>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] PPTP with NATed clients - Anyone that got it working?
Date:	Wed, 6 Jul 2005 14:22:15 -0700

Jonas,

On 7/6/05, Jonas Claesson <jonas dot claesson at home dot se> wrote:
> Struggeling with the PPTP server in Monowall.
> 
> Using 1.2b9 and the PPTP server works like a charm with clients that has
> a public IP. With NATed clients it fails at authentication. Nothing in
> the logs that helps me.

Well, in a NATed environment, do you have control of your NAT box? 
Other than the outgoing connection on TCP/1723 for PPTP, your NAT must
also permit GRE (protocol 47) routing.  Either have "Enable VPN
Routing" for the simple soho routers or enable GRE for in/out traffic.

Note it's PROTOCOL 47, not tcp or udp port.  If your NAT box doesn't
pass that traffic, I've noticed symptoms that make it seem you've
connected successfully to your m0n0 PPTP server, but no traffic gets
passed, and nothing shows up in the logs.

> Can anyone that has a working monowall with NATed clients please explain
> what firmware they are using and if there are anything special needed
> for this to work.

I've gotten this to work behind a NAT of a NAT and such, some double
NATed network.  Nothing special needed except for the firewall rules
on the NAT box.

/sylikc