[ previous ] [ next ] [ threads ]
 From:  Jeff Buehler <jeff at buehlertech dot com>
 To:  Chris Taylor <chris at x dash bb dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP with Windows XP on 1.21
 Date:  Thu, 09 Feb 2006 14:54:59 -0800
Hi Chris -

generic-pc.  As of tonight I will be using a modified version of that 
with fragmented packets allowed across IPSEC due to the inexplicable use 
by Microsoft of 2048 byte RPC packet size that forces fragmentation 
across any standard WAN connection to the Internet (with a maximum MTU 
of 1500).

What errors, if any, are you getting in your logs when people try to 
connect?  What errors are the users getting?


Chris Taylor wrote:

> Jeff,
> Thanks again for the reply. I had no trouble getting IPSec working 
> (m0n0-to-m0n0) - it's reliable and doesn't cause me any trouble.
> I'm only NATing 4 services and none of them involve port 47 or 1723. I 
> did try NATing 1723 to my PPTP server address - it made no difference 
> so I removed the NAT rule again. I'm using the internal m0n0 PPTP 
> server without RADIUS auth by the way.
> My LAN itself doesn't have many boxes on - two Linux servers, a Win2k 
> Pro machine and a WinXP Pro machine so it's not like there's a lot 
> that could be going wrong there.
> FWIW - what platform are you running on Jeff? Is there anyone else 
> running PPTP on generic-pc?
> Thanks,
> Chris
> Jeff Buehler wrote:
>> Hi Chris -
>> In this configuration we have three separate LANS connected via IPSEC 
>> VPN's as well as the PPTP connections from outside those.  We are 
>> using DHCP and DNS forwarding as well.  We are not using Traffic 
>> Shaping, Captive Portal, SNMP, or Syslog.
>> Your IPSEC works, but PPTP doesn't?  IPSEC is usually more a pain 
>> than PPTP to get working.
>> Hmmm.  Make certain that you aren't routing or NAT'ing the PPTP ports 
>> (GRE and TCP/IP on port 47 and port 1723 as I recall) to some other 
>> now unnecessary PPTP device (like a Windows Server) on the WAN, which 
>> might interfere with the PPTP.
>> I can't think of anything else right now - sorry!
>> Jeff
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch