[ previous ] [ next ] [ threads ]
 
 From:  Nik Clayton <nik at ngo dot org dot uk>
 To:  leesharp at hal dash pc dot org
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP from OPT1 to LAN
 Date:  Fri, 16 Sep 2005 09:03:36 +0100
Lee,

Thanks for the advice so far.

leesharp at hal dash pc dot org wrote:
> Please excuse the massive trimming, but I think I have the basics. From 
> this your are trying to tunnel into the subnet you are already in.  You 
> want a server address in the 192.168.0.239 with a 192.168.0.240/28 
> range.

OK, done that.  The PPTP page confirms:

    Server address: 192.168.0.239
    Remote address range: 192.168.0.240 / 28

> Then set a firewall rulset only allowing the opt1 subnet to 
> access 192.168.2.1 with PPTP and no WAN access.  

Done that.  The rule looks like:

   OPT1 interface

   Proto  Source        Port  Destination  Port
   *      PPTP Clients  *     192.168.2.1  *

 > Then a ruleset allowing PPTP WAN access.

Done that too:

   PPTP clients

   Proto  Source        Port  Destination  Port
   *      PPTP Clients  *     *            *

But to no avail.  The wireless clients are given IP addresses using DHCP 
(that still works, verified by delete/down/up'ing their wireless 
interfaces, making sure they got a 192.168.2.x IP address, and 
confirming through the m0n0wall "DHCP leases" diagnostics page) but they 
can't do anything else.  Attempts to connect to the PPTP server on 
192.168.0.239 eventually time out, and they can't ping their subnet's 
gateway, so

    ping 192.168.2.1

from one of the wireless clients eventually timesout.

Any thoughts?

N