[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Forwarding PPTP vpn clients to a W2k3 server
 Date:  Mon, 7 Nov 2005 21:30:23 -0600
John Benjamin wrote:
> Thanks James
> 
> You don't forward GRE, it is a protocol (47).   Perhaps enabling
> "support" for Protocol 47 is what the "Forward PPTP Clients..."
> feature does? 

Yes, I think that is what it does. I don't believe there is a mechanism
in the WebGUI to "forward" or allow the GRE protocol on a inbound NAT
rule.

> We'd like to stick to AD as the single authentication server on the
> LAN. Your solution looks great for an existing Radius framework. 
> Maybe someday I'll get a chance to use it.

IAS uses the AD for authentication. To quote the article:

"To interface the m0n0wall VPN with Active Directory a user group must
be created and added to the RAS policy. Each user in this group must
also have "dial-in" access enabled. Then the IAS service must be
installed. Finally, a RAS policy & client must be added."

I did not disable outbound NAT in the m0n0wall configuration and it
still works.

It does not take long to setup. Last week, I set it up for a client in
about 30 minutes over RDP (client is in Wisconsin, I am in Texas).

_________________________________
James W. McKeand