[ previous ] [ next ] [ threads ]
 
 From:  Claude Hecker <hecker at ifina dot de>
 To:  Mauricio Culibrk <Mauricio dot Culibrk at infohit dot si>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP clients - blocked traffic - bug/misconfiguration?
 Date:  Sun, 5 Feb 2006 11:19:58 +0100 (CET)
Hi Mauricio,

sounds like the same error wich occure by our setup...
But we are able to ping, or wahtever ist enabled to the pptp client from
inside the lan.
We are using a 1.2b3 version. Here is the error at the other side of an
esablished ipsec
tunnel.

So, what kind of version do you use?

BTW: really clarified has nobody my error!
http://m0n0.ch/wall/list/showmsg.php?id=239/89 (PPTP question)

regards
Claude


Am Sa 04.02.2006 14:48 schrieb Mauricio Culibrk
<Mauricio dot Culibrk at infohit dot si>:

>
>Hi!
>
>Lately I spent a lot of time playing with m0n0 and PPTP connections and
>I think there is a "misconfiguration" or a flaw in the original setup
>of PPTP client access in m0n0wall.
>
>Correct me if I'm wrong...
>
>If you set the PPTP server on m0n0wall to serve your clients with a set
>of LAN ip addresses (yes, to have the client look as they are really on
>LAN segment), m0n0wall will create/activate ngX interfaces and add
>additional (proxy)arp entries to "serve" the cliens. That's all Ok and
>working as supposed.
>When the clients generate some trafic, it is going through FW rules to
>the LAN (or other destination) and responses get back as expected.
>Basically, from the CLIENT side it's working OK, as expected.
>
>The problem is, the clients are NOT ACCESSIBLE FROM the LAN or other
>"internal" networks...
>For example, when some client is connected, it gets the IP
>192.168.1.100, pptp server has 192.168.1.2, m0n0 lan 192.168.1.1.
>Now I can ping (or whatever is enabled in FW rules) TO some internal
>hosts and all is working as expected, for example, if I ping
>192.168.1.10 (which is a server) from the client it is all ok.
>If now, I ping the client (192.168.1.100) from the same host
>(192.168.1.10) the m0n0 firewall is dropping ANY packets that are
>GENERATED from "inside" towards pptp clients....
>
>I tried with all possible rules in FW on all interfaces (lan, wan,
>pptp) without success...
>
>Afer some debugging and researching I found such a setup is not
>supported with the current "hardwired" set of fw rules and there is no
>way to "fix" this by entering some "user rules" via GUI...
>
>Any comment on this would be appreciated.
>
>Thanks,
>Mauricio
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>