[ previous ] [ next ] [ threads ]
 
 From:  Mike Ansell <mike dot ansell at norrcom dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  VPN firewall NAT problem
 Date:  Wed, 26 Apr 2006 19:01:25 +1200
Hi all.

 

I gave up trying to use m0n0wall as a vpn redirect server.

I ended up setting it up as purely a firewall between our wireless network
and VPN server.

 

I am experiencing trouble (something NAT going on) when I try to connect 2
or more VPN  connections through the firewall.

 

We are setting this up to keep wireless clients secure from the LAN. Any
data is inside a VPN tunnel.

 

Current Setup:

 

Wireless clients 172.16.3.x

            |

            |

Lan-172.16.3.2/16

M0n0wall firewall

- I had the LAN/WAN on the other sides - Chris Buechler said to swap as the
GW should be pointing at the VPN server, makes a lot of sense.

Wan-192.168.103.2/24

GW-192.168.103.1

            |

            |

192.168.103.1/24

VPN Server (Windows 2003 running RAS, plain old PPTP)

192.168.1.10/24

GW-192.168.1.1

            |

            |

192.168.1.1/24

Internet Router

 

 

 

I have the below firewall rules. They don't interfere anyway, it still
doesn't work when a Allow ANY ANY ANY rule is at the top of both interfaces.

 

I did some testing and found that if I disconnect my VPN, do a NAT table
reset, a different machine can make the vpn connection. Then no one else can
connect until the NAT table is reset again.

 

The second user can't get past the Verifying Username and password screen.

 

 

 

I have no inbound/outbound/server/1:1 nat rules. I haven't ticked the
'Enable Advanced Outbound NAT' box, no vpn works when this is ticked.

 

 

 

It has got to be something stupid I have overlooked. I welcome all ideas.

 

 

 

Thanks everyone.

 

 

 

Mike.

 

 

 

WAN rules:

 

ALLOW GRE 

ALLOW UDP 500 

ALLOW UDP 1701 

ALLOW TCP 1723

 

 

 

LAN rules:

 

ALLOW GRE 

ALLOW UDP 500 

ALLOW UDP 1701 

ALLOW TCP 1723