[ previous ] [ next ] [ threads ]
 
 From:  Nik Clayton <nik at ngo dot org dot uk>
 To:  cbuechler at gmail dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP from OPT1 to LAN
 Date:  Tue, 20 Sep 2005 10:47:58 +0100
Chris Buechler wrote:
> On 9/16/05, Nik Clayton <nik at ngo dot org dot uk> wrote:
> 
>>>Then set a firewall rulset only allowing the opt1 subnet to
>>>access 192.168.2.1 with PPTP and no WAN access.
>>
>>Done that.  The rule looks like:
>>
>>   OPT1 interface
>>
>>   Proto  Source        Port  Destination  Port
>>   *      PPTP Clients  *     192.168.2.1  *
> 
> that's only allowing clients already connected via PPTP to talk to
> 192.168.2.1, which is why you can't ping the interface anymore. 
> Change that source to "any".

Done.

>>But to no avail.  The wireless clients are given IP addresses using DHCP
>>(that still works, verified by delete/down/up'ing their wireless
>>interfaces, making sure they got a 192.168.2.x IP address, and
>>confirming through the m0n0wall "DHCP leases" diagnostics page) but they
>>can't do anything else.  Attempts to connect to the PPTP server on
>>192.168.0.239 eventually time out, and they can't ping their subnet's
> 
> and you aren't actually trying to connect to 192.168.0.239, you want
> to connect to the PPTP server using 192.168.2.1.

And done.  And now it works.  Thank you very much for the help.

I'm a bit confused about why it's working though.  I've definitely 
configured the m0n0wall PPTP server to listen on 192.168.0.239.  I'm a 
bit confused about the traffic flow.

If I've configued my VPN client (it's the built in one on Mac OS X) to 
connect to 192.168.2.1, how does it then reach the PPTP server that's 
running on .0.239?

Any pointers gratefully received.

N