[ previous ] [ next ] [ threads ]
 
 From:  Brett <bretticus at gmail dot com>
 To:  Kevyn Jones <kevyn at vista dot eclipse dot co dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting up VPN
 Date:  Mon, 26 Sep 2005 10:48:08 -0600
Hi Kevin,

Sorry, I haven't looked at this for a few days. I'll try to respond
tonight if I can help. I'm certainly no expert here, I just happened
to make it work. So I thought we could compare notes. I'll help in
whatever way I can though.

Brett



On 9/23/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> wrote:
>
> I have changed my mind about the 2 lines in the log, I believe port 445 is
> being probed to get into my system from elsewhere.....
>
> http://www.linklogger.com/TCP445.htm
>
> Kevyn Jones wrote:
>
> HI Brett,
>
> Not really sure what you are saying but my setup is as follows:
>
> pptp client from a 158 network, I can pptp to any other server from this
> network......
>
> my Linksys modem is bridging the m0n0wall to ISP so I have a permanent IP
> on 213.***.**.***
>
> The only NAT rule I have is :
>   WAN  TCP  7389  10.0.0.142 <http://10.0.0.142>  7389  Soulseek
> Firewall rules I have:
>
>   WAN interface
>    Proto Source Port Destination Port Description
>    <https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=0>  TCP  *  *
> 10.0.0.142 <http://10.0.0.142>  7389  NAT Soulseek
>   PPTP clients
>    Proto Source Port Destination Port Description
>    <https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=5>  TCP  *  *
> 10.0.0.160 <http://10.0.0.160>  22 (SSH)  PPTP -> SSH HPUX
>   LAN interface
>    Proto Source Port Destination Port Description
>    <https://10.0.0.1:3442/firewall_rules.php?act=toggle&id=6>  *  LAN net * * * Default LAN -> any
> PPTP Server setup:
>
>   Max. concurrent connections 16  Server address
> Enter the IP address the PPTP server should use on its side for all
> clients.  Remote address range / 28
> Specify the starting address for the client IP address subnet.
> The PPTP server will assign 16 addresses, starting at the address entered
> above, to clients.
>
> Do I need to add any firewall and or NAT rules to get it going?
>
> I think these 2 lines in the log have something to do with what is wrong:
>
> 17:57:33.069653 ng0 @0:19 b 213.***.***.***,1608 -> 213.***.**.***,445 PR
> tcp len 20 48 -S IN
> 17:57:30.075170 ng0 @0:19 b 213.***.***.***,1608 -> 213.***.**.***,445 PR
> tcp len 20 48 -S IN
>
> Yours Hopefully
>
> Kevyn
>
>
>
> Brett wrote:
>
>  I made sure that I setup a firewall rule for my new virtual PPTP interface
> to allow traffic from my office LAN.
>
>
> Whoops, I should point out that I was confused as far as the firewall rules.
> At this tiem I am thinking that the PPTP server is available from any
> network (not sure if that can be locked down or if if even needs to be.)
> However, the trick was to setup 'any' or the /16 network specified for the
> PPTP lan hosts from the PPTP interface to 'any' on the inside. Now it works
> like a charm.
>
> Brett
>
>
> On 9/21/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> <kevyn at vista dot eclipse dot co dot uk> wrote:
>
>  Public:213.***.**.***
>
> The Built in PPTP server.
>
> Cheers
>
> Chris Buechler wrote:
>
>      On 9/20/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> <kevyn at vista dot eclipse dot co dot uk> wrote:
>
>
>        Hi there having real trouble getting the VPN Server to work...
>
>
>
>          what kind of VPN? Does your m0n0wall WAN have a public or private IP?
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>
>
>        ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>