[ previous ] [ next ] [ threads ]
 
 From:  Robert Goodyear <me at jrob dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP broken after upgrade from 1.11 to 1.2
 Date:  Wed, 26 Oct 2005 23:29:36 -0700
On Oct 16, 2005, at 6:34 PM, Chris Buechler wrote:

> On 10/14/05, Juergen Moellenhoff <jm at oic dot de> wrote:
>
>> Hi,
>>
>> I upgraded my 1.11 version of monowall to 1.2 and now I can't login
>> anymore with PPTP (Windows XP -> monowall). With version 1.11 it  
>> was not
>> a problem, it worked right out of the box and I used it for a long  
>> time.
>> Today I upgraded to the 1.2 version (and I changed nothing in the
>> configuration, it's the 1.11 config) and now I can't login anymore  
>> with
>> PPTP, all I get is a "Connnecting to <monowall>" in Windows XP and
>> that's it, after a while I get a timeout and Windows XP tries it  
>> again.
>> Is PPTP in the 1.2 version different from 1.11? Is there something I
>> have to enable or disable now? Or is PPTP in the version 1.2 broken?
>>
>>
>
> It seems to work fine out of the box for almost everyone, but there
> seem to be some situations where the back end rules that allow GRE and
> TCP 1723 for PPTP to work don't get added with the correct WAN IP.  I
> haven't been able to replicate it, but have gotten confirmation from
> one person that this happened to them.
>
> Go to status.php on your m0n0wall and go down under ipfstat -nio.
> Find the rules for TCP 1723 and GRE, and see if they show your correct
> WAN IP.
>
> If not, manually add rules to permit TCP 1723 and GRE to your WAN IP
> in the Rules page on the WAN interface, and see if it then works.
> Please report back what you find, as we have almost no details on this
> issue at this point.  Your entire status.php copied and pasted into an
> email offlist to me might prove very helpful.

+1 here too on the failure after upgrading to 1.2

My PPTP was rock solid for five months or so, then broke on upgrade.  
I did not install beta builds in the interim, but waited for release.  
This is on a Soekris net4801.

I see this in status.php:

@1 pass in quick proto gre from any to 70.xxx.20.242/32 keep state  
group 200
@2 pass in quick proto tcp from any to 70.xxx.20.242/32 port = 1723  
keep state group 200

Has there been any more reporting of this break on upgrade? I did  
attempt to insert these rules on the WAN interface as well. No change.

-Rob.