On Oct 16, 2005, at 6:34 PM, Chris Buechler wrote:
> On 10/14/05, Juergen Moellenhoff <jm at oic dot de> wrote:
>> I upgraded my 1.11 version of monowall to 1.2 and now I can't login
>> anymore with PPTP (Windows XP -> monowall). With version 1.11 it
>> was not
>> a problem, it worked right out of the box and I used it for a long
>> Today I upgraded to the 1.2 version (and I changed nothing in the
>> configuration, it's the 1.11 config) and now I can't login anymore
>> PPTP, all I get is a "Connnecting to <monowall>" in Windows XP and
>> that's it, after a while I get a timeout and Windows XP tries it
>> Is PPTP in the 1.2 version different from 1.11? Is there something I
>> have to enable or disable now? Or is PPTP in the version 1.2 broken?
> It seems to work fine out of the box for almost everyone, but there
> seem to be some situations where the back end rules that allow GRE and
> TCP 1723 for PPTP to work don't get added with the correct WAN IP. I
> haven't been able to replicate it, but have gotten confirmation from
> one person that this happened to them.
> Go to status.php on your m0n0wall and go down under ipfstat -nio.
> Find the rules for TCP 1723 and GRE, and see if they show your correct
> WAN IP.
> If not, manually add rules to permit TCP 1723 and GRE to your WAN IP
> in the Rules page on the WAN interface, and see if it then works.
> Please report back what you find, as we have almost no details on this
> issue at this point. Your entire status.php copied and pasted into an
> email offlist to me might prove very helpful.
+1 here too on the failure after upgrading to 1.2
My PPTP was rock solid for five months or so, then broke on upgrade.
I did not install beta builds in the interim, but waited for release.
This is on a Soekris net4801.
I see this in status.php:
@1 pass in quick proto gre from any to 70.xxx.20.242/32 keep state
@2 pass in quick proto tcp from any to 70.xxx.20.242/32 port = 1723
keep state group 200
Has there been any more reporting of this break on upgrade? I did
attempt to insert these rules on the WAN interface as well. No change.