[ previous ] [ next ] [ threads ]
 
 From:  Kevyn Jones <kevyn at vista dot eclipse dot co dot uk>
 To:  Brett <bretticus at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting up VPN
 Date:  Fri, 23 Sep 2005 19:02:36 +0100
HI Brett,

Not really sure what you are saying but my setup is as follows:

pptp client from a 158 network, I can pptp to any other server from this 
network......

my Linksys modem is bridging the m0n0wall to ISP so I have a permanent 
IP on 213.***.**.***

The only NAT rule I have is :
WAN 	TCP 	7389 	10.0.0.142 	7389 	Soulseek 


Firewall rules I have:

WAN interface 	
  	Proto 	Source 	Port 	Destination 	Port 	Description 	
[click to toggle enabled/disabled status] 
<https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=0> 	TCP 	* 	* 
10.0.0.142 	7389 	NAT Soulseek 


PPTP clients 	
  	Proto 	Source 	Port 	Destination 	Port 	Description 	
[click to toggle enabled/disabled status] 
<https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=5> 	TCP 	* 	* 
10.0.0.160 	22 (SSH) 	PPTP -> SSH HPUX 


LAN interface 	
  	Proto 	Source 	Port 	Destination 	Port 	Description 	
[click to toggle enabled/disabled status] 
<https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=6> 	* 	LAN 
net 	* 	* 	* 	Default LAN -> any 


PPTP Server setup:

Max. concurrent connections 	16
Server address 	
Enter the IP address the PPTP server should use on its side for all 
clients.
Remote address range 	/ 28
Specify the starting address for the client IP address subnet.
The PPTP server will assign 16 addresses, starting at the address 
entered above, to clients.



Do I need to add any firewall and or NAT rules to get it going?

I think these 2 lines in the log have something to do with what is wrong:

17:57:33.069653 ng0 @0:19 b 213.***.***.***,1608 -> 213.***.**.***,445 
PR tcp len 20 48 -S IN
17:57:30.075170 ng0 @0:19 b 213.***.***.***,1608 -> 213.***.**.***,445 
PR tcp len 20 48 -S IN

Yours Hopefully

Kevyn



Brett wrote:

>>I made sure that I setup a firewall rule for my new virtual PPTP interface
>>to allow traffic from my office LAN.
>>    
>>
>
>
>
>Whoops, I should point out that I was confused as far as the firewall rules.
>At this tiem I am thinking that the PPTP server is available from any
>network (not sure if that can be locked down or if if even needs to be.)
>However, the trick was to setup 'any' or the /16 network specified for the
>PPTP lan hosts from the PPTP interface to 'any' on the inside. Now it works
>like a charm.
>
>Brett
>
>
>On 9/21/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> wrote:
>  
>
>>Public:213.***.**.***
>>
>>The Built in PPTP server.
>>
>>Cheers
>>
>>Chris Buechler wrote:
>>
>>    
>>
>>>On 9/20/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> wrote:
>>>
>>>
>>>      
>>>
>>>>Hi there having real trouble getting the VPN Server to work...
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>what kind of VPN? Does your m0n0wall WAN have a public or private IP?
>>>
>>>-Chris
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>    
>>
>
>  
>
pass.gif (0.2 KB, image/gif)