[ previous ] [ next ] [ threads ]
 
 From:  "Bernhard Werner" <b dot werner at reidl dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  PPTP remote radius problem
 Date:  Mon, 26 Sep 2005 12:08:23 +0200
Hi,

We are actually using three WRAP m0n0 installations for site-to-site connections over ADSL. Recently
we were trying to set up a PPTP server on each site while using only one centralized radius server.

Currently we are using

192.168.100.0/24 Main Site
192.168.101.0/24 Remote Site 1
192.168.255.0/24 Remote Site 2

as site subnets while, the .100. network has a static WAN ip address and terminates the IPSEC
connection from the remote sites. The problem we discover now is that we cannot use the radius
server in the 192.168.100.0 network for authentication, because it seems that the remote monowalls
try to connect to it using their WAN interface.

Doing a traceroute at each site using a 192.168.100.0 destination address shows that the monowall is
trying to access these IPs over its WAN interface. On the other hand all the IPSEC connections are
working perfectly and the connection is working like a charm between the sites. 

Output from the .101. monowall...
traceroute to 192.168.100.253 (192.168.100.253), 18 hops max, 44 byte packets
 1  6.189.broadband3.iol.cz (85.70.189.6)  93.406 ms  314.178 ms  482.837 ms
 2  73.189.broadband3.iol.cz (85.70.189.73)  121.565 ms  23.256 ms  16.089 ms
 3  * * *
...

Pinging the IP with having the LAN interface selected works on the other hand. Maybe this is a known
or unknown issue or I have some major configuration error.


Best regards,


Bernhard