[ previous ] [ next ] [ threads ]
 
 From:  Brett <bretticus at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting up VPN
 Date:  Tue, 27 Sep 2005 00:59:48 -0600 
Well, I really didn't have anything more to say than Chris really, so I'll
reiterate a couple things and add some of the stuff I experienced with the
setup. I'll assume by what you wrote in your very first post that the MS
PPTP client appears to simply never connect to the M0n0wall in the first
place (BTW, I have Charter Internet and I have to have a linksys router
connected to the ISP as well ... tech support was "helpful"..."...okay,
unplug your cable modem for ..." USELESS! My boss pays for it though ;-). I
had a similiar problem. That's why I went fishing in my logs. It appeared
that the init/login requests got to the m0n0wall, but, perhaps, a passive
call (required I'll assume? I did briefly poor over the tech
specs<http://infodeli.3com.com/infodeli/tools/remote/general/pptp/draft-00.pdf>but
then I decided I really don't have time to know the odds and ends of
pptp at the moment, however, a tunnel HAS TO be able to be initiated from
both ends.) was being blocked on the way back. That's when I discovered
Cisco's fixup command for pptp clients. Suddenly, that login prompt came up
and I was off virtual private networking. So, maybe you can explain how you
provide connectivity for other pptp servers abroad from your Work firewall.
Also, open all ports and protocols (at least ICMP as was suggested by Chris)
up for your 10.0.0.160 <http://10.0.0.160/> host. Ensure that
10.0.0.160<http://10.0.0.160/>has no software firewall running on it
(allthough unlikely to be the reason
not to get a login prompt from the pptp client in Windows.) BTW, did you
just setup a pptp user on the m0n0wall or are you trying to use RADIUS? good
luck!

On 9/26/05, Chris Buechler <cbuechler at gmail dot com> wrote:
>
> On 9/23/05, Kevyn Jones <kevyn at vista dot eclipse dot co dot uk> wrote:
> > HI Brett,
> >
> > Not really sure what you are saying but my setup is as follows:
> >
> > pptp client from a 158 network, I can pptp to any other server from this
> network......
> >
> > my Linksys modem is bridging the m0n0wall to ISP so I have a permanent
> IP on 213.***.**.***
> >
> > The only NAT rule I have is :
> >
> > WAN TCP 7389 10.0.0.142 <http://10.0.0.142> 7389 Soulseek
> > Firewall rules I have:
> >
> >
> > WAN interface
> >
> > ProtoSourcePortDestinationPortDescription
> >
> > TCP * * 10.0.0.142 <http://10.0.0.142> 7389 NAT Soulseek
> >
> > PPTP clients
> >
> > ProtoSourcePortDestinationPortDescription
> >
> > TCP * * 10.0.0.160 <http://10.0.0.160> 22 (SSH) PPTP -> SSH HPUX
> >
> > LAN interface
> >
> > ProtoSourcePortDestinationPortDescription
> >
> > * LAN net * * * Default LAN -> any
> >
>
> Your setup all looks fine. At what point are you having problems now?
> You getting connected successfully? From there, the only thing
> you're going to be able to hit is SSH on 10.0.0.160 <http://10.0.0.160>,
> since that's all
> you're allowing on the PPTP clients firewall rule (not sure if that
> was intended or not). Probably be good to at least open up ICMP as
> well so you can test connectivity by pinging over the connection.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>