[ previous ] [ next ] [ threads ]
 
 From:  "Seth Martin" <SethM at turbinegenerator dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 1.11 to 1.2b10 PPTP Outlook issues
 Date:  Fri, 7 Oct 2005 15:50:05 -0400 
That would make sense, Microsoft sends some odd sized packets to test
its connection before authenticating with Kerberos and getting its
credentials assigned.  Might be a good thing to add to the PPTP howto on
the website, its odd however that this option was available in 1.11 and
didn't need to be checked for things to work.

-----Original Message-----
From: Cory Strobel [mailto:corys at medican dot com] 
Sent: Friday, October 07, 2005 1:05 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] 1.11 to 1.2b10 PPTP Outlook issues

I had the same issue and this worked for me.

On your firewall rules for your PPTP VPN, check off the "Allow
fragmented packets" option. I did this for both incoming and outgoing
traffic on the PPTP network and I have not had a problem since.

-Cory

-----Original Message-----
From: Seth Martin [mailto:SethM at turbinegenerator dot com] 
Sent: Friday, October 07, 2005 10:59 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] 1.11 to 1.2b10 PPTP Outlook issues

I went ahead and upgraded to 1.2b10 because we are looking at
transitioning to OpenVPN from PPTP.  Everything seemed ok when I tested
after hours but I wasn't 100% thorough I guess.  We have about 30
laptops that use PPTP to connect and get their email, after upgrading
the router to 1.2b10 from 1.11 outlook could no longer authenticate
against the exchange server.  All computers are joined to the domain.  I
think somewhere or somehow the firewall rules were blocking the packets
required for the Kerberos authentication with DNS or I'm not sure, I
didn't have time to test it and I reverted back to 1.11 because web
outlook is slow over dialup and cellular cards and I didn't want to
further impact the field.  Anyone have any idea what may cause this and
possibly how if I went back to 1.2b10 I could fix this, maybe a new
option or firewall rule will be needed.  We have a dry season coming up
this winter and I could work through this more thoroughly.

 

Thanks,

 

Seth 

 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch