[ previous ] [ next ] [ threads ]
 From:  Chris Taylor <chris at x dash bb dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP with Windows XP on 1.21
 Date:  Thu, 09 Feb 2006 23:01:05 +0000
Jeff Buehler wrote:
> Hi Chris -
> generic-pc.  As of tonight I will be using a modified version of that 
> with fragmented packets allowed across IPSEC due to the inexplicable use 
> by Microsoft of 2048 byte RPC packet size that forces fragmentation 
> across any standard WAN connection to the Internet (with a maximum MTU 
> of 1500).
> What errors, if any, are you getting in your logs when people try to 
> connect?  What errors are the users getting?

I'm getting nothing in my logs. Users get either error 800 if the VPN 
Type is Auto or 678 if it's PPTP. My Syslog server is also apparently 
dead so I'm getting nothing from that. I've no ideas on that one either 
- that was working well until it decided to stop too ;) (Not a m0n0 
issue though, undoubtedly my fault).

My attempts to connect to a remote m0n0 (the one that used to work) 
yield error 651. Nothing whatsoever has changed on that m0n0 except the 
upgrade to 1.21.

I've tried disabling the Shaper (as I saw that mentioned in an old list 
message as a potential problem) - no improvement. I'm kinda hesitant to 
go through my config just switching things off until PPTP works but if 
anyone thinks one of these services may be clashing, I'll give it a go...


Chris Taylor

> Jeff
> Chris Taylor wrote:
>> Jeff,
>> Thanks again for the reply. I had no trouble getting IPSec working 
>> (m0n0-to-m0n0) - it's reliable and doesn't cause me any trouble.
>> I'm only NATing 4 services and none of them involve port 47 or 1723. I 
>> did try NATing 1723 to my PPTP server address - it made no difference 
>> so I removed the NAT rule again. I'm using the internal m0n0 PPTP 
>> server without RADIUS auth by the way.
>> My LAN itself doesn't have many boxes on - two Linux servers, a Win2k 
>> Pro machine and a WinXP Pro machine so it's not like there's a lot 
>> that could be going wrong there.
>> FWIW - what platform are you running on Jeff? Is there anyone else 
>> running PPTP on generic-pc?
>> Thanks,
>> Chris
>> Jeff Buehler wrote:
>>> Hi Chris -
>>> In this configuration we have three separate LANS connected via IPSEC 
>>> VPN's as well as the PPTP connections from outside those.  We are 
>>> using DHCP and DNS forwarding as well.  We are not using Traffic 
>>> Shaping, Captive Portal, SNMP, or Syslog.
>>> Your IPSEC works, but PPTP doesn't?  IPSEC is usually more a pain 
>>> than PPTP to get working.
>>> Hmmm.  Make certain that you aren't routing or NAT'ing the PPTP ports 
>>> (GRE and TCP/IP on port 47 and port 1723 as I recall) to some other 
>>> now unnecessary PPTP device (like a Windows Server) on the WAN, which 
>>> might interfere with the PPTP.
>>> I can't think of anything else right now - sorry!
>>> Jeff
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch