[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Forwarding PPTP vpn clients to a W2k3 server
 Date:  Mon, 7 Nov 2005 17:30:37 -0600
John Benjamin wrote:
> Hello all,
> I need some clarification on the "Redirect Incoming PPTP Connections"
> feature.
>  In particular, what are the differences between setting-up "Inbound
> NAT and Firewall rules" for PPTP VPN clients (e.g., port 1723)
> compared to turning on the feature "Redirect Incoming PPTP
> connections to:" on the VPN:PPTP page and setting up firewall rules.
> I am trying to setup m0n0wall v1.2final as a DHCP server which will
> forward VPN requests to a NATd W2k3 server running Active Directory
> and RAS as the authentication server for VPN:PPTP clients.
> In the current working config, the pass-through feature is turned on,
> but we had to setup the W2k3 server to hand out IP address from a
> static pool. Is it possible to config the VPN:PPTP pass-through so
> that m0n0wall is the DHCP server and the w2k3 box is the VPN
> authentication server? 

You would also need to forward GRE (or something like that...), which is
why Inbound NAT does not work for PPTP VPNs.

I use the PPTP sever on the m0n0wall (don't forward) and use IAS
(RADIUS) on my SBS2K3 (Win2K3) server to authenticate. See this:
http://www.michael-i.com/files/projects/m0n0ad/ The m0n0wall gives out
the IP based on the subnet you specify in the PPTP config. 

Don't forget to exclude this subnet from your DHCP scope. Also, keep in
mind the default 16 user limit on the m0n0wall PPTP server. There are
images with more PPTP connections, I don't know how up-to-date they

James W. McKeand