|
||||||||
Hello, I tried a lot of different rules, but it didn't work :-( Here are my current rules: WS = IP Webserver MW = IP of the WLAN-Interface (not the Standart-LAN-IP) LAN: Proto Source Port Dest. Port pass * LAN net * * * WAN: Proto Source Port Dest. Port Block * RFC 1918 * * * Pass TCP * * WS 80 internal Webserver Block * * * * * PPTP VPN: Proto Source Port Dest. Port Pass * PPTP Clients * * * WLAN (DMZ): Proto Source Port Dest. Port Pass TCP/UDP WLAN net * MW 1723 VPN Block * WLAN net * * * An additional Rule with GRE-Protocol doen't help. I reboot the Wall everytime I change s.th. The Problem is not, that my VPN isn't working. Only if I try to connect with Remotedesktop over an second VPN to my office, I couldn't connect. My VPN over WLAN works. My Office-VPN over VPN over WLAN works too. I don't know, what I can try anymore .... Bob -----Ursprüngliche Nachricht----- Von: Jeff Buehler [mailto:jeff at buehlertech dot com] Gesendet: Montag, 2. Januar 2006 17:23 An: m0n0wall at lists dot m0n0 dot ch Betreff: Re: AW: [m0n0wall] Problem with GRE-Protocoll (VPN over WLAN) Do you have the necessary PPTP VPN specific firewall rule? When you go to the GUI, you should see LAN, WAN and PPTP VPN rules - double check your PPTP VPN rule. Also, you may want to verify the order of your rules (if it makes any difference in your case) and finally reboot the router as a last resort - this has on occasion made the difference for me. The configuration you describe (Remote Desktop Client -> pptp vpn -> Remote Desktop server) is something I am doing as well and I have no problems with it. So I am guessing it must be a configuration issue. Jeff Sandro Kehrlein wrote: >Hi, >Thanks for the fast answer, but I didn't help... >Even allowing ALL on the Interface WLAN (*:* to *:*, all prots) doesn't help. Any ideas? >Thanks... >Bob > >-----Ursprüngliche Nachricht----- >Von: Kristian Shaw [mailto:monowall at wealdclose dot co dot uk] >Gesendet: Montag, 2. Januar 2006 15:15 >An: Sandro Kehrlein; m0n0wall at lists dot m0n0 dot ch >Betreff: Re: [m0n0wall] Problem with GRE-Protocoll (VPN over WLAN) > >Hello, > >Port 1723 is used to set-up the PPTP connect, but the actual traffic is carried over GRE (a protocol type in its own right). > >You will also need to allow GRE from the WLAN interface. > >Regards, > >Kris. > >----- Original Message ----- >From: "Sandro Kehrlein" <sandro at kehrlein dot de> >To: <m0n0wall at lists dot m0n0 dot ch> >Sent: Monday, January 02, 2006 2:09 PM >Subject: [m0n0wall] Problem with GRE-Protocoll (VPN over WLAN) > > >Hello, >first a small introduction: I use a 3rd NIC for WLAN, here I've >connected a standart AP. I deny all traffic from WLAN to *; except >TCP/UDP from * to m0n0wall:1723. So I am only allowed to login into VPN >(PPTP) from WLAN. To connect to my network or the internet, I have to >connect via VPN and that's all working very fine... >But now I often connect to my office via VPN. So on my laptop are 3 >connections: Wireless Network, VPN Tunnel to m0n0wall, VPN Tunnel into >my office. I can access to shares on my office-workstations, that's not >the problem. But if I like to connect me via Remotedesktopconnection to >my Office-Server, I'll get an error, that there are network problems. >There is following entry in the logs: Deny - Interface PPTP - Laptop >VPN IP - Office Server IP (the ISP IP, not the internal IP) - Protocol GRE. >I allow everything from PPTP-Clienst to * - each protocol. Now I >added a second rule, allowing especially GRE. It doesn't help... >Anybody out there who can help me? >Thanks a lot! >Bob > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |