Re: [m0n0wall] PPTP VPN not working when behind a NAT router

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] PPTP VPN not working when behind a NAT router
Date:	Fri, 12 May 2006 01:19:42 -0400

On 5/12/06, walterpc at mchsi dot com <walterpc at mchsi dot com> wrote:
> I have been having problems setting up a PPTP VPN connection to my box at home.
> I get to the point where it is verifying username and password and then after
> sitting for a while it times out with an error 619.
>

619 means the NAT device the client is behind is breaking GRE.

> 1 - Is there something that I can change that will allow my box to accept VPN
> connections from clients that are NATed or will I have to have a routed or
> public IP everytime I connect to it?  I can work with either PPTP or IPSec

You're better off with PPTP than IPsec in this situation.  There's
less of a chance that the given NAT device is going to screw up GRE
and hence break PPTP than there is the chance that the NAT device is
going to implement some sort of IPsec fixup to work around the problem
that m0n0wall doesn't support NAT-T (hence, unless the NAT device has
a IPsec proxy/fixup of some sort, it won't work).

> 2 - Any ideas as to when OpenVPN will be put back into the m0n0wall
> system.

Nobody is currently working on it, AFAIK.  Somebody got the show
stopper issues that caused its removal from m0n0wall fixed in pfsense,
so it's certainly not impossible to fix it.

-Chris