John Benjamin wrote:
> Thanks James
> You don't forward GRE, it is a protocol (47). Perhaps enabling
> "support" for Protocol 47 is what the "Forward PPTP Clients..."
> feature does?
Yes, I think that is what it does. I don't believe there is a mechanism
in the WebGUI to "forward" or allow the GRE protocol on a inbound NAT
> We'd like to stick to AD as the single authentication server on the
> LAN. Your solution looks great for an existing Radius framework.
> Maybe someday I'll get a chance to use it.
IAS uses the AD for authentication. To quote the article:
"To interface the m0n0wall VPN with Active Directory a user group must
be created and added to the RAS policy. Each user in this group must
also have "dial-in" access enabled. Then the IAS service must be
installed. Finally, a RAS policy & client must be added."
I did not disable outbound NAT in the m0n0wall configuration and it
It does not take long to setup. Last week, I set it up for a client in
about 30 minutes over RDP (client is in Wisconsin, I am in Texas).
James W. McKeand