I'm trying to get m0n0wall to act as a PPTP server for my wireless
clients, and I'm not getting anywhere.
Here's the scenario.
I have a triple homed Soekris net4801 box.
sis0 => LAN, 192.168.0.x (DHCP server enabled)
sis1 => WAN, 192.168.1.x
sis2 => OPT1, 192.168.2.x (DHCP server enabled)
Yes, the WAN address really is 192.168.1.x.
Anyway, m0n0wall is doing just fine routing between LAN and WAN,
everything there is great.
I have an 802.11b bridge plugged directly in to OPT1. Wireless clients
can connect, and are handed out 192.168.2.x addresses by the DHCP server.
What I'd like to do is use PPTP to encrypt the traffic between the
wireless clients and m0n0wall, so that all the over-the-air traffic is
encrypted with something a little stronger than WEP. I also want to
make sure that unauthenticated clients can't get on to the network.
And I can't figure out, from the documentation, how to do this.
I can do it on the LAN interface -- that's easy, following these
instructions that Manuel gave out a few months back:
> PPTP VPN? Piece of cake! Enable it on m0n0wall (use some "sub-subnet"
> of your LAN subnet as the remote address range), add at least one
> user. Then open Internet Connect on your Mac, choose File -> New VPN
> connection, PPTP, server address = your m0n0wall's WAN IP address or
> DynDNS name, account name and password matching what you entered on
> the PPTP users page in the webGUI. Then click Connect and that's it.
That works, clients can connect (if I physically plug them in to the
network instead of using the wireless). So I tried to do it on OPT1, by
[*] Enable PPTP server
Server address: 192.168.2.1
Remote address range: 192.168.2.240 / 28
and creating some users with passwords. But connecting to the VPN from
the Mac running OS X over 802.11b doesn't work. There is an 'allow all'
rule for PPTP clients in the firewall configuration (interestingly,
although there's "WAN interface", "PPTP clients", and "LAN interface"
sections in the firewall page, there's no "OPT1 interface" section).
Any help gratefully received. The mailing list archives didn't yield
anything that seemed useful.